cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Linux Increased memory usage on mdatp 101.75.43

shorif2000
Copper Contributor

‎Aug 04 2022 08:09 AM - edited ‎Aug 05 2022 03:04 AM

‎Aug 04 2022 08:09 AM - edited ‎Aug 05 2022 03:04 AM

Linux Increased memory usage on mdatp 101.75.43

I am testing on Oracle Linux 7.9 tried with kernels. It is a default install

 

 

 

3.10.0-1160.53.1.el7.x86_64

5.4.17-2136.302.7.2.2.el7uek.x86_64

 

 

 

 

It seems like memory usage is starting to increase each day. started off with 300MB 2nd day is on 1200MB

 

diagnostics for both servers attached.

 

my installation steps

 

 

 

Set up MDE Oracle Linux 7.9

sudo yum install yum-utils
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/7.2/prod.repo
sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc
sudo yum install mdatp -y
yum repolist
Loaded plugins: langpacks, ulninfo
repo id                                                                 repo name                                                                                                                     status
ol7_UEKR6/x86_64                                                        Latest Unbreakable Enterprise Kernel Release 6 for Oracle Linux 7Server (x86_64)                                                 750
ol7_addons/x86_64                                                       Oracle Linux 7Server Add ons (x86_64)                                                                                            696
ol7_latest/x86_64                                                       Oracle Linux 7Server Latest (x86_64)                                                                                          24,669
packages-microsoft-com-prod                                             packages-microsoft-com-prod                                                                                                       61
repolist: 26,176

sudo yum --enablerepo=packages-microsoft-com-prod install mdatp


#Download zip file to server from https://security.microsoft.com/preferences2/onboarding?tid=11c2cbe4-dca5-47be-a51c-a44777c87cf8


# https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide

# extract and run file using python 
unzip WindowsDefenderATPOnboardingPackage.zip
sudo python MicrosoftDefenderATPOnboardingLinuxServer.py

#verify health
mdatp health --field healthy
true


mdatp health --field org_id
"e4b1bd4a-b6c9-4043-b658-3f34164d269e"



# detection test
bash
mkdir Downloads
curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt


sudo mdatp edr early-preview enable
sudo mdatp config cloud-diagnostic --value enabled
sudo mdatp config behavior-monitoring --value enabled
sudo mdatp config network-protection enforcement-level --value audit
sudo mdatp threat policy set --type potentially_unwanted_application --action audit
sudo service mdatp restart

 

 

 

 

On 3rd day  memory seems to have returned to normal, however I don't see any crash reports or service restarts in the logs

04_08_2022_08_00_02_output.zip
04_08_2022_08_00_02_output.zip
1,386 Views
0 Likes
0 Replies
Reply
0 Replies