Forum Discussion
SenseNDR.exe consistently using 10-20% of CPU
We've deployed MDE to a subset of our workstation, and found that SenseNDR.exe consistently uses 10-20% of CPU even on idle machines. Does anyone know what role SenseNDR plays within MDE and why it needs all this CPU? We aren't gong to be able to deploy MDE across the rest of our enterprise with this big a CPU hit.
I dug around for a while, and it seems that SenseNDR is involved in device discovery, though if it serves other functions I can't say. Is it possible to fully disable Device Discovery since we have no use for it?
- jbmartin6Iron ContributorWe were able to reduce it somewhat by globally disabling device discovery.
- SamsonAzureCopper Contributor
In the task manger Identified Sense NDR module process (Windows Defender Advanced threat Protection - Sence NDR Module) was taking high CPU -->Did right click on task and went to affinity unchecked all the CPU selected and only allocated 1 CPU that resolved the high CPU utilization isue
- jbmartin6Iron ContributorThat would work until the next reboot, and doesn't scale at all across thousands of users. Is there a way to enforce affinity across reboots via GPO?
- SevenTowers140Copper Contributor
jbmartin6 did you find a solution?
- jbmartin6Iron ContributorNot totally. We did reduce it quite a bit by turning off device discovery, but otherwise I think it has to be accepted as part of the tool. Judging from SenseNDR's command line, this is where MS incorporated Zeeke IDS functionality, so a lot of the traffic inspection and tagging relies on this process, such as detecting named pipes and LDAP queries.
- SevenTowers140Copper ContributorThanks!