cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Linux Defender Update using allot of memory up to exhaustion ?

roger_jr
Copper Contributor

‎Mar 21 2022 10:50 AM

‎Mar 21 2022 10:50 AM

Linux Defender Update using allot of memory up to exhaustion ?

Has anyone notice that latest Linux Defender update been using allot of memory and causing high cpu.

 

Thanks Roger.

3,476 Views
1 Like
5 Replies
Reply
5 Replies
aldema1000

‎Mar 22 2022 07:47 AM - edited ‎Mar 22 2022 07:49 AM

‎Mar 22 2022 07:47 AM - edited ‎Mar 22 2022 07:49 AM

Re: Linux Defender Update using allot of memory up to exhaustion ?

We're facing the same issue. Mainly memory issues. Servers are allocating more and more RAM and will not free it, causing oom to kill business app processes. Case has been already opened in the past because we saw RAM allocation was slightly increasing over time (for example within 3 month from 800MB to 3GB) and did not free RAM - however after installing the last upgrade it increased much faster (within days). On one server (ldap) we faced an increasment of factor 10 from 1600MB to 16GB within a few days. 
CPU issues mainly caused by audisp_plugin process seemed to be resolved by adding auditd exclusions for specific processes that have been identified as top initiators via XMDEClientAnalyzer log collector.

0 Likes
Reply
roger_jr

‎Mar 22 2022 08:30 AM

‎Mar 22 2022 08:30 AM

Re: Linux Defender Update using allot of memory up to exhaustion ?

@aldema1000 

 

Thanks for sharing. We opened a ticket with support, but we needed to restart all our Linux Agents.

 

I did find this link on Reddit and someone from Azure Support stated they open a defect. But I'm waiting for confirmation from Support. https://www.reddit.com/r/DefenderATP/comments/thb0pq/memory_consumption_in_mdatp_service_for_linux/

 

0 Likes
Reply
aldema1000

‎Mar 22 2022 09:20 AM - edited ‎Mar 22 2022 11:50 PM

‎Mar 22 2022 09:20 AM - edited ‎Mar 22 2022 11:50 PM

Re: Linux Defender Update using allot of memory up to exhaustion ?

@roger_jr 

We've also restarted the defender services but the issue came back immediately (increased and 3 days later oom killed again processes). Is it stable now at your side?

0 Likes
Reply
roger_jr

‎Mar 22 2022 10:03 AM

‎Mar 22 2022 10:03 AM

Re: Linux Defender Update using allot of memory up to exhaustion ?

@aldema1000 

 

Our Linux Team reverted to a older version: "

"I reverted the agent on one server from 101.58.80-1 back to 101.56.62-1 yesterday and we have not seen the memory issue on that server since.  It appears to be an issue specific to 101.58.80-1."

 

Still waiting for a Microsoft Support Engineer to engage for our case.

0 Likes
Reply
roger_jr

‎Mar 31 2022 07:58 AM

‎Mar 31 2022 07:58 AM

Re: Linux Defender Update using allot of memory up to exhaustion ?

M - TAC recommended upgrading to 101.62.74 to resolve the memory/cpu issue. Basically the high cpu was a result of the memory swap caused by the memory exhaustion/leak. Our Linux Team updated to prod ver 101.62.74 and has been running in production for about a week without any memory exhaustion/leaks,

**Note to Microsoft - It would be helpful to add details into the release notes for what bugs were fixed and noted effects. This is pretty common industry practice to include the details for bug and performance fixes.**


Thanks Roger.
0 Likes
Reply