This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 67%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
Hi,
I have a curiosity regarding one of the metrics I've came across. Recently, I noticed that my CPU load on my virtual machines is going pretty crazy and after some research I noticed that this is due to the mdatp_audisp_plugin, which is the ATP (currently Microsoft Defender). This service is not enabled for the entire subscription, I have the Microsoft Defender enabled only on several Log Analytics Workspaces (which includes servers resources-virtual machines only), which I divided to have a better visibility over the Defender service as I didn't want all the resources to be protected by this service.
First question is why is the load so big on my virtual machines? I understand that this is due to the plugin, what does the plugin has to do with the CPU load more exactly?
The second question is how can I optimize this load? For example, is there a possibility to minimize this load by implementing some policies at the Microsoft Defender level to segregate even more the service? Let's say I only want to use the Defender service from one Log Analytics Workspace for several folders only, let's say I do not want to use the service for one specific folder where my data is stored.
Can you help with a piece of advice?
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Carolina Zamisnicu : Just want to follow up on this issue can you help me with the Operating system details ( what kind of OS are you using this mdatp plugin and version as well ).
Hello,
For OS: CENTOS
Version: 8
Thanks
Thank you for sharing OS details, i have reviewed the issue at my end, this needs more troubleshooting by collecting logs from the VM having the issue. I would suggest to open a ticket with the support team who can assist you on the same.
If you don't have a support contract, i can assist you to open one time free support ticket regarding this issue.