Performance Issues With Microsoft Defender ATP On RHEL
Issue
Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.
- Performance issues have been observed on RHEL servers after installing Microsoft Defender ATP. These issues include:
- degraded application performance, notably with other third-party applications (PeopleSoft, Informatica, Splunk, etc.)
- lengthy delays when SSH'ing into the RHEL server.
- Under Microsoft's direction, exclusion rules of operating system-specific and application-specific files, folders, and processes were added. That has helped, but not eliminated the problem.
- One has followed Microsoft's guidance on configuration and troubleshooting.
Environment
- Red Hat Enterprise Linux (RHEL) 6
- Red Hat Enterprise Linux (RHEL) 7
- Red Hat Enterprise Linux (RHEL) 8
- Red Hat Enterprise Linux (RHEL) 9
- Microsoft Defender Advanced Threat Protection (ATP)
- Microsoft Defender Endpoint Detection and Response (EDR)
- Microsoft Defender For Endpoint
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.