Microsoft Defender Considered Malware
We have seen software crashing because files that were expected to be there were suddenly moved to "quarantine" by mdatp. On another occasion a job that moves thousands of small files to another directory took hours instead of seconds to complete. The mdatp daemon was running at 100% CPU and scanning all files for "threats". The "solution" IT Operations implemented was that they added the affected directories to some ignore-list in the mdatp configuration.
Yesterday, a shell script that uses sort just crashed because it was missing /tmp/sortFhe4A. It turned out that MDATP moved the file while the sort process was running. The file contained alphanumeric identifiers. Some combination of bytes in on of sort's tempfiles apparently resembled the signature of some stupid vbscript malware. In all cases it was false alarm. Duh..
Lessons learned: Microsoft Defender renders Linux machines unusable. Instead of protecting against threats this piece of junk is outright malware.