deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update with sample

Browse Source
This commit is contained in:
schmurky 2020-11-27 15:31:10 +08:00
parent 16609d5e2c
commit 9bff12a18b
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
View File

@ -113,11 +113,29 @@ The following steps can be used to troubleshoot and mitigate these issues:
The output of the above command displays all the processes and their associated scan activity. The output of the above command displays all the processes and their associated scan activity.
To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md). To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
> [!NOTE] The output is list of the top contributors to the performance issues. The 1st column is the process identifier (PID), the 2nd column is te process name, and the last column is the number of scanned files, sorted by impact.
> The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
For example, the output of the command will be something like the below:
```Output
mavel@mavel-mac:/Users/mavel > python ~/repo/mdatp-xplat/linux/diagnostic/high_cpu_parser.py <~Downloads/output.json | head -n 10
27432 None 76703
73467 actool     1249
73914 xcodebuild 1081
73873 bash 1050
27475 None 836
1    launchd    407
73468 ibtool     344
549  telemetryd_v1   325
4764 None 228
125  CrashPlanService 164
```
 
>[!NOTE]
> The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
5. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection. 5. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.