You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/linux-support-perf.md
+9-4Lines changed: 9 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,6 +36,11 @@ Depending on the applications that you are running and your device characteristi
36
36
> [!WARNING]
37
37
> Before starting, **please make sure that other security products are not currently running on the device**. Multiple security products may conflict and impact the host performance.
38
38
39
+
There are 3 distinct ways to troubleshoot noisy processes and directories using exclusions provided by the Diagnostic tools from Microsoft Defender for Endpoint on Linux:
40
+
1. Using Real-time Protection Statistics
41
+
2. Using Hot Event Sources
42
+
3. Using eBPF Statistics
43
+
39
44
## Troubleshoot performance issues using Real-time Protection Statistics
40
45
41
46
**Applies to:**
@@ -146,9 +151,9 @@ The following steps can be used to troubleshoot and mitigate these issues:
146
151
## Troubleshoot performance issues using Hot Event Sources
147
152
148
153
**Applies to:**
149
-
- Performance issues in global files and executables.
154
+
- Performance issues in files and executables which are consuming most CPU cycles.
150
155
151
-
Hot event sources is a feature that will specifically show the events which have highest count (highest frequency of occurrence) for generating file events.
156
+
Hot event sources is a feature that allows customers to identify which process or directory is responsible for high resource consumption. To investigate which process/executable is generating the most noise, follow the steps below.
152
157
153
158
> [!NOTE]
154
159
> These commmands require you to have root permissions. Ensure that sudo can be used.
@@ -273,9 +278,9 @@ To improve the performance of Defender for Endpoint on Linux, locate the path wi
273
278
## Troubleshoot performance issues using eBPF Statistics
274
279
275
280
**Applies to:**
276
-
- All file/ process events, including for syscall based performance issues.
281
+
- All file/ process events, including system call based performance issues.
277
282
278
-
eBPF (extended Berkeley Packet Filter) statistics command gives insights into the top event/process that's generating the most file events, along with their syscall ids.
283
+
eBPF (extended Berkeley Packet Filter) statistics command gives insights into the top event/process that's generating the most file events, along with their syscall ids. When system calls are being made from the system, there is a high amount of workload geenrated on your system. eBPF statistcs can be used to identify such issues.
279
284
280
285
To collect current statistics using eBPF statistics, run:
0 commit comments