@Carolina Zamisnicu : Just want to follow up on this issue can you help me with the Operating system details ( what kind of OS are you using this mdatp plugin and version as well ).
CPU load on virtual machines due to ATP
Hi,
I have a curiosity regarding one of the metrics I've came across. Recently, I noticed that my CPU load on my virtual machines is going pretty crazy and after some research I noticed that this is due to the mdatp_audisp_plugin, which is the ATP (currently Microsoft Defender). This service is not enabled for the entire subscription, I have the Microsoft Defender enabled only on several Log Analytics Workspaces (which includes servers resources-virtual machines only), which I divided to have a better visibility over the Defender service as I didn't want all the resources to be protected by this service.
First question is why is the load so big on my virtual machines? I understand that this is due to the plugin, what does the plugin has to do with the CPU load more exactly?
The second question is how can I optimize this load? For example, is there a possibility to minimize this load by implementing some policies at the Microsoft Defender level to segregate even more the service? Let's say I only want to use the Defender service from one Log Analytics Workspace for several folders only, let's say I do not want to use the service for one specific folder where my data is stored.
Can you help with a piece of advice?
Thank you!
-
Givary-MSFT 28,321 Reputation points Microsoft Employee
2022-01-03T07:44:16.253+00:00
1 additional answer
Sort by: Most helpful
-
Carolina Zamisnicu 316 Reputation points
2022-01-04T11:18:02.51+00:00 Hello,
For OS: CENTOS
Version: 8Thanks