deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix linter warnings

Browse Source
This commit is contained in:
MatiG
2021-01-04 19:31:35 +02:00
parent 19aa1f6eb9
commit ca98df17c4
1 changed files with 26 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
View File

@ -23,7 +23,6 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
@ -43,19 +42,20 @@ The following steps can be used to troubleshoot and mitigate these issues:
```bash
mdatp config real-time-protection --value disabled
```
```Output
Configuration property updated
```
If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Defender for Endpoint for Linux](linux-preferences.md).
2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Defender for Endpoint for Linux.
2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Defender for Endpoint for Linux.
> [!NOTE]
> This feature is available in version 100.90.70 or newer.
This feature is enabled by default on the `Dogfood` and `InsiderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
```bash
mdatp config real-time-protection-statistics --value enabled
```
@ -71,6 +71,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
```bash
mdatp config real-time-protection --value enabled
```
```Output
Configuration property updated
```
@ -80,16 +81,18 @@ The following steps can be used to troubleshoot and mitigate these issues:
```bash
mdatp diagnostic real-time-protection-statistics --output json > real_time_protection.json
```
> [!NOTE]
> Using ```--output json``` (note the double dash) ensures that the output format is ready for parsing.
The output of this command will show all processes and their associated scan activity.
The output of this command will show all processes and their associated scan activity.
3. On your Linux system, download the sample Python parser **high_cpu_parser.py** using the command:
3. On your Linux system, download the sample Python parser **high_cpu_parser.py** using the command:
```bash
wget -c https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/diagnostic/high_cpu_parser.py
```
The output of this command should be similar to the following:
```Output
@ -102,39 +105,40 @@ The following steps can be used to troubleshoot and mitigate these issues:
100%[===========================================>] 1,020 --.-K/s in 0s
```
4. Next, type the following commands:
```bash
chmod +x high_cpu_parser.py
```
```bash
cat real_time_protection.json | python high_cpu_parser.py > real_time_protection.log
```
The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is te process name, and the last column is the number of scanned files, sorted by impact.
For example, the output of the command will be something like the below:
```Output
... > python ~/repo/mdatp-xplat/linux/diagnostic/high_cpu_parser.py <~Downloads/output.json | head -n 10
27432 None 76703
73467 actool     1249
73914 xcodebuild 1081
73873 bash 1050
27475 None 836
1    launchd    407
73468 ibtool     344
549  telemetryd_v1   325
4764 None 228
125  CrashPlanService 164
27432 None 76703
73467 actool     1249
73914 xcodebuild 1081
73873 bash 1050
27475 None 836
1    launchd    407
73468 ibtool     344
549  telemetryd_v1   325
4764 None 228
125  CrashPlanService 164
```
 
To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
>[!NOTE]
> The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
5. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md).
For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md).