deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update mac-support-perf.md

Browse Source 
to fix suggestions
This commit is contained in:
Lovina Saldanha 2021-02-18 16:39:02 +05:30
parent 02fdbe74f9
commit c9e3eeb1fb
1 changed files with 37 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
View File

@ -57,52 +57,62 @@ The following steps can be used to troubleshoot and mitigate these issues:
2. Open Finder and navigate to **Applications** > **Utilities**. Open **Activity Monitor** and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. 2. Open Finder and navigate to **Applications** > **Utilities**. Open **Activity Monitor** and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
3. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Defender for Endpoint for Mac. 1. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Defender for Endpoint for Mac.
> [!NOTE] > [!NOTE]
> This feature is available in version 100.90.70 or newer. > This feature is available in version 100.90.70 or newer.
This feature is enabled by default on the **Dogfood** and **InsiderFast** channels. If you're using a different update channel, this feature can be enabled from the command line: This feature is enabled by default on the **Dogfood** and **InsiderFast** channels. If you're using a different update channel, this feature can be enabled from the command line:
```bash
mdatp config real-time-protection-statistics --value enabled
```
This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command:
```bash
mdatp health --field real_time_protection_enabled
```
Verify that the **real_time_protection_enabled** entry is true. Otherwise, run the following command to enable it:
```bash
mdatp config real-time-protection --value enabled
```
```output ```bash
Configuration property updated mdatp config real-time-protection-statistics --value enabled
``` ```
To collect current statistics, run:
```bash This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command:
```bash
mdatp health --field real_time_protection_enabled
```
Verify that the **real_time_protection_enabled** entry is true. Otherwise, run the following command to enable it:
```bash
mdatp config real-time-protection --value enabled mdatp config real-time-protection --value enabled
``` ```
```output
Configuration property updated
```
To collect current statistics, run:
```bash
mdatp config real-time-protection --value enabled
```
> [!NOTE] > [!NOTE]
> Using **--output json** (note the double dash) ensures that the output format is ready for parsing. > Using **--output json** (note the double dash) ensures that the output format is ready for parsing.
The output of this command will show all processes and their associated scan activity. The output of this command will show all processes and their associated scan activity.
4. On your Mac system, download the sample Python parser high_cpu_parser.py using the command: 1. On your Mac system, download the sample Python parser high_cpu_parser.py using the command:
The output of this command should be similar to the following: The output of this command should be similar to the following:
Next, type the following commands: Next, type the following commands:
```bash ```bash
chmod +x high_cpu_parser.py chmod +x high_cpu_parser.py
``` ```
```bash
```bash
cat real_time_protection.json | python high_cpu_parser.py > real_time_protection.log cat real_time_protection.json | python high_cpu_parser.py > real_time_protection.log
``` ```
The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is te process name, and the last column is the number of scanned files, sorted by impact. The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is te process name, and the last column is the number of scanned files, sorted by impact.
For example, the output of the command will be something like the below: For example, the output of the command will be something like the below:
```output ```output
... > python ~/repo/mdatp-xplat/linux/diagnostic/high_cpu_parser.py <~Downloads/output.json | head -n 10 ... > python ~/repo/mdatp-xplat/linux/diagnostic/high_cpu_parser.py <~Downloads/output.json | head -n 10
27432 None 76703 27432 None 76703
73467 actool 1249 73467 actool 1249
@ -114,13 +124,13 @@ The following steps can be used to troubleshoot and mitigate these issues:
549 telemetryd_v1 325 549 telemetryd_v1 325
4764 None 228 4764 None 228
125 CrashPlanService 164 125 CrashPlanService 164
``` ```
To improve the performance of Defender for Endpoint for Mac, locate the one with the highest number under the Total files scanned row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md). To improve the performance of Defender for Endpoint for Mac, locate the one with the highest number under the Total files scanned row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
> [!NOTE] > [!NOTE]
> The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
5. Configure Microsoft Defender for Endpoint for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection. 1. Configure Microsoft Defender for Endpoint for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
See [Configure and validate exclusions for Microsoft Defender for Endpoint for Mac](mac-exclusions.md) for details. See [Configure and validate exclusions for Microsoft Defender for Endpoint for Mac](mac-exclusions.md) for details.