SenseNDR.exe consistently using 10-20% of CPU

Contributor

We've deployed MDE to a subset of our workstation, and found that SenseNDR.exe consistently uses 10-20% of CPU even on idle machines. Does anyone know what role SenseNDR plays within MDE and why it needs all this CPU? We aren't gong to be able to deploy MDE across the rest of our enterprise with this big a CPU hit. 

I dug around for a while, and it seems that SenseNDR is involved in device discovery, though if it serves other functions I can't say. Is it possible to fully disable Device Discovery since we have no use for it? 

3 Replies
We were able to reduce it somewhat by globally disabling device discovery.

@jbmartin6 

In the task manger Identified Sense NDR module process (Windows Defender Advanced threat Protection - Sence NDR Module) was taking high CPU -->Did right click on task and went to affinity unchecked all the CPU selected and only allocated 1 CPU that resolved the high CPU utilization isue 

That would work until the next reboot, and doesn't scale at all across thousands of users. Is there a way to enforce affinity across reboots via GPO?