Microsoft Defender has Constant High CPU Load


The fan's been spinning for hours. The Microsoft Defender is a gift that keeps on giving:

Microsoft Defender constantly high CPU

The interweb suggested asking mdatp what's up, but that didn't really help either:

# mdatp diagnostic real-time-protection-statistics --output json |
    python high_cpu_parser.py

A bit of

# strace -p <pid> -f

gave me a hunch, though:

FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=500000000}) = -1 ETIMEDOUT (Connection timed out)

This is a known pattern for multiple directory scans running. This made me curious if I had multiple wdavdaemon processes running. And lo and behold, I had.

It turns out,

# paru -Syu

had upgraded Microsoft Defender, but a restart:

# systemctl daemon-reload
# systemctl restart mdatp

didn't shut down the old process cleanly.

A systemctl stop mdatp and a good old kill -9 <pid> saved the day. Now, mdatp runs again and my CPU fan is quiet. Good grief.

$ top -p $(pidof wdavdaemon | tr ' ' ',')

alt img text


Licensed under CC BY Creative Commons License ~ ✉ torstein.k.johansen @ gmail ~ 🐘 @skybert@hachyderm.io ~ 🐦 @torsteinkrause