Problem
Recently, my Ubuntu 22.04 VMs are getting unresponsive. From Azure portal, I observe that something quickly eats up all memory on the VM. I'm also difficult to SSH into the VM.
After work 996, I finally pinpointed the problem. It is caused by a process named "wdavdaemon", which is Microsoft Dender for Linux.
This machine is B1s size and has only 1G memory, MDE is taking 416MB and this number is climbing every minute.
Solution
Restart VM
First, you need to restart the affected VM. Because the VM is already in an unresponsive state, it will take around 10 minutes to restart. Or you can stop the VM and resize it to have a larger memory. After starting the VM, you will have a few minutes to continue the fix before MDE starts to eat up all memory.
Uninstall MDE
First, uninstall it on Azure portal. Go to extensions blade and remove MDE.Linux.
In the meantime, SSH into your VM and run
sudo apt-get purge mdatp -yAfter this, your VM should be able to restore to a normal memory consumption state quickly
Prevent MDE from automatically installed again
If you see "Microsoft Defender for Cloud" message like this when creating VM. It means your subscription has Microsoft Defender enabled. You need to turn off its automatic install of MDE.
Go to Microsoft Defender for Cloud and select the affected subscription.
Go to "Servers", "settings"
Turn off "Endpoint protection"
Comments