How can we help you today? How can we help you today?

Redgate Monitor Long running Query - Microsoft Defender

Microsoft Defender for SQL is is issuing a perpetual query showing in Redgate Monitor as a long running query across all SQL Server in Redgate Monitor.  The Query is: (@source nvarchar(256))SELECT type, data FROM sys.fn_MSxe_read_event_stream (@source, 0).

I believe this is new functionality being pushed out by Microsoft for those using Defender. The issue is that all SQL Server now show blue because of this Long running Query.  So this is causing unexpected results as the Redgate Monitor SQL Server will likely never show Green staus again unless this can be ingnored.  

Has anyone encountered this issue?  I'm hoping to be able to filter or ignore this query as I can not turn of MS Defender.  

 

 

Jim Evans
0

Comments

4 comments

Sort by
  • Jim Evans

    This is part of Microsoft Defender - Advanced Threat Protection which can be extended to on-premise SQL Servers. I was able to filter this out in Redgate SQL Monitor by going to Setting, go to Alert settings, and add a filter in “Exclude Queries that contain sql commands or objects matching the following regular expressions.”  There I entered the object sys.fn_MSxe_read_event_stream.  This did the trick.

    Jim Evans
    1
  • bekean

    From what I can tell, this is related to new background telemetry or auditing behavior from Microsoft Defender, and unfortunately, it appears to run indefinitely, skewing Redgate Monitor’s reporting. All of our monitored SQL Servers now show a "blue" subway surfers status due to this query being flagged, which prevents us from seeing a clean "green" status even when everything else is healthy.

    bekean
    0
  • Backie

    We’re facing the same issue where Microsoft Defender for SQL runs a constant query that shows up as a long-running process in Redgate Monitor. It’s affecting the server health status display and seems tied to recent Defender updates. Hoping Redgate provides a way to ignore such system-level queries. Also taking a break from troubleshooting with some Free Fire APK sessions lately — helps clear the mind!

    Backie
    0
  • Backie

    Kami juga mengalami hal yang sama — query dari Microsoft Defender terus muncul sebagai long-running query di Redgate Monitor, dan itu membuat semua server tampil biru terus-menerus. Sangat mengganggu, apalagi tidak bisa menonaktifkan Defender begitu saja. Semoga Redgate segera memberikan opsi untuk menyaring query tertentu dari monitoring. Sambil cari solusi, sesekali refreshing main Fix Remini Errors biar pikiran nggak terlalu mumet. Kalau ada yang nemu workaround, share ya!

    Backie
    0

Add comment

Please sign in to leave a comment.