MsSenseS.exe high CPU usage

New Contributor

Good Afternoon - We have a few servers in Azure that have extremely high CPU usage due to the "MsSenseS.exe" process. Is there anything that can be done to alleviate this? Seems like this process is related to Defender or some sort of Microsoft sensor.

 

I have opened a ticket with Microsoft Support which has not been that helpful.

7 Replies

@jham01

This process is part of Microsoft Defender Advanced Threat Protection service.

In case of high CPU Utilization, you can alleviate this by setting up a maximum CPU limit for the process.

Open Task Manager

1. Go to the Details tab
2. Right-click on the process name MsSense.exe and select Set affinity
3. Choose the CPU limit that you allow the process to use

I get an error access denied
Might need to use local admin privileges
no still doesnt work with local admin on Windows server
Why is this not a much bigger thing? We have rolled out Defender ATP with our Microsoft 365 E5 license stack and pushed this to 70+ autopilot machines as a POC for the rest of the business. All eventually started to onboard etc but it's killing the CPU with 20-30% use on the MSSense.exe (Defender ATP not the AV engine) all day every day.... what the hell is it doing? Looking at resource manager to see disk usage/files etc, it eventually shows nothing being accessed but still running at 25%.... it causes our Dell machines to overheat and the fans to go continuously..... Everywhere mentions the MsMPeng.exe but the MSSense.exe is the problem...Right Click task manager and set affinity doesn't work even if you  have full permissions because you can't interfere with the Defender ATP services, it defeats the purpose of Defender ATP....
Completely agree. This issue is HUGE.
I have no idea why MS havent properly addressed this and provides information to admins to curb the resources that this service devestates a VM to the extent with.

Ofcourse a simple fix like limiting CPU limit/allocation could help, but if you've ever actually tried to do this (and not just typing it in a response on a forum post etc) then you'd know, this cannot be done as you get an error - access denied.

@SuperNotDuperI know you guys are trying to get if working properly, but I have been working on getting ATP off-boarded for month, including MS support cases etc. for the same reason and because we use Mcafee ENS. It simply uses a lot of resources all the time. I managed to get it off-boarded but now it has installed the extension again even that its not enabled in Azure. It's like a virus, hard to get rid of! And I don't think you can tamper with the priority as it has protection against that.