Mar 21 2022 10:50 AM
Has anyone notice that latest Linux Defender update been using allot of memory and causing high cpu.
Thanks Roger.
Mar 22 2022 07:47 AM - edited Mar 22 2022 07:49 AM
We're facing the same issue. Mainly memory issues. Servers are allocating more and more RAM and will not free it, causing oom to kill business app processes. Case has been already opened in the past because we saw RAM allocation was slightly increasing over time (for example within 3 month from 800MB to 3GB) and did not free RAM - however after installing the last upgrade it increased much faster (within days). On one server (ldap) we faced an increasment of factor 10 from 1600MB to 16GB within a few days.
CPU issues mainly caused by audisp_plugin process seemed to be resolved by adding auditd exclusions for specific processes that have been identified as top initiators via XMDEClientAnalyzer log collector.
Mar 22 2022 08:30 AM
Thanks for sharing. We opened a ticket with support, but we needed to restart all our Linux Agents.
I did find this link on Reddit and someone from Azure Support stated they open a defect. But I'm waiting for confirmation from Support. https://www.reddit.com/r/DefenderATP/comments/thb0pq/memory_consumption_in_mdatp_service_for_linux/
Mar 22 2022 09:20 AM - edited Mar 22 2022 11:50 PM
We've also restarted the defender services but the issue came back immediately (increased and 3 days later oom killed again processes). Is it stable now at your side?
Mar 22 2022 10:03 AM
Our Linux Team reverted to a older version: "
"I reverted the agent on one server from 101.58.80-1 back to 101.56.62-1 yesterday and we have not seen the memory issue on that server since. It appears to be an issue specific to 101.58.80-1."
Still waiting for a Microsoft Support Engineer to engage for our case.
Mar 31 2022 07:58 AM