cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SenseNDR.exe consistently using 10-20% of CPU

jbmartin6
Iron Contributor

‎Nov 16 2022 05:19 AM

‎Nov 16 2022 05:19 AM

SenseNDR.exe consistently using 10-20% of CPU

We've deployed MDE to a subset of our workstation, and found that SenseNDR.exe consistently uses 10-20% of CPU even on idle machines. Does anyone know what role SenseNDR plays within MDE and why it needs all this CPU? We aren't gong to be able to deploy MDE across the rest of our enterprise with this big a CPU hit. 

I dug around for a while, and it seems that SenseNDR is involved in device discovery, though if it serves other functions I can't say. Is it possible to fully disable Device Discovery since we have no use for it? 

24.8K Views
0 Likes
6 Replies
Reply
6 Replies
jbmartin6

‎Nov 22 2022 05:45 AM

‎Nov 22 2022 05:45 AM

Re: SenseNDR.exe consistently using 10-20% of CPU

We were able to reduce it somewhat by globally disabling device discovery.
0 Likes
Reply
SamsonAzure

‎Feb 07 2023 01:46 AM

‎Feb 07 2023 01:46 AM

Re: SenseNDR.exe consistently using 10-20% of CPU

@jbmartin6 

In the task manger Identified Sense NDR module process (Windows Defender Advanced threat Protection - Sence NDR Module) was taking high CPU -->Did right click on task and went to affinity unchecked all the CPU selected and only allocated 1 CPU that resolved the high CPU utilization isue 

0 Likes
Reply
jbmartin6

‎Feb 07 2023 06:15 AM

‎Feb 07 2023 06:15 AM

Re: SenseNDR.exe consistently using 10-20% of CPU

That would work until the next reboot, and doesn't scale at all across thousands of users. Is there a way to enforce affinity across reboots via GPO?
0 Likes
Reply
SevenTowers140

‎Mar 23 2023 07:09 AM

‎Mar 23 2023 07:09 AM

Re: SenseNDR.exe consistently using 10-20% of CPU

@jbmartin6 did you find a solution?

0 Likes
Reply
jbmartin6

‎Mar 23 2023 07:12 AM

‎Mar 23 2023 07:12 AM

Re: SenseNDR.exe consistently using 10-20% of CPU

Not totally. We did reduce it quite a bit by turning off device discovery, but otherwise I think it has to be accepted as part of the tool. Judging from SenseNDR's command line, this is where MS incorporated Zeeke IDS functionality, so a lot of the traffic inspection and tagging relies on this process, such as detecting named pipes and LDAP queries.
0 Likes
Reply
SevenTowers140

‎Mar 23 2023 07:46 AM

‎Mar 23 2023 07:46 AM

Re: SenseNDR.exe consistently using 10-20% of CPU

Thanks!
0 Likes
Reply