Windows Defender employs the Antimalware Service Executable or MsMpEng (MsMpEng.exe) process to carry out its functions. Nevertheless, several Windows users have reported instances where the Antimalware Service Executable (MsMpEng) exhibits high CPU usage.
Discover ways to rectify the high CPU usage caused by Windows Defender’s Antimalware Service (MsMpEng.exe) and restore your computer’s optimal performance.
What is Antimalware Service Executable?
Table of Contents
Antimalware service executable (MsMpEng) is a Windows Security process that executes real-time protection against malware. Also known as msmpeng.exe, the antimalware service executable Windows process runs in the background, so it can scan files and programs from time to time. When an antimalware service executable detects a virus or other malicious attacks, it deletes them or quarantines them.
Why does Antimalware Service Executable use High CPU
Antimalware service executable (MsMpEng) is a Windows Security process that executes real-time protection against malware. Also known as msmpeng.exe, the antimalware service executable Windows process runs in the background, so it can scan files and programs from time to time. When an antimalware service executable detects a virus or other malicious attacks, it deletes them or quarantines them.
Why does Antimalware Service Executable use High CPU
The MsMpEng.exe runs the Windows Antimalware Service Executable to enable Windows Defender to monitor your PC for potential threats continuously. When it runs, the Antimalware Service Executable also ensures that Windows Defender provides real-time protection against viruses, malware, and cyberattacks. It’s closely tied to Windows Defender’s real-time protection feature against malware and cyberattacks.
However, many user reports on Microsoft support forums have shown that sometimes the MsMpEng.exe can also cause disproportionately high CPU and Memory usage. Some users also reported experiencing MsMpEng.exe high disk usage.
The main reason that antimalware service executable uses too much CPU is that it runs constantly in the background to provide:
- Protection in Realtime: While running in the background, it actively scans programs and files and carries out the appropriate actions whenever it detects anything malicious. The Windows Defender real-time feature constantly scans files and connections, etc. in real-time. This feature may drain your PC resources. This is especially common on low-end computers.
- Full Scan: Windows Defender conducts a full scan of all files, either scheduled when the computer wakes up or when connected to a network. High CPU usage can cause your system to experience frequent hanging, lagging, and delayed access/response.
In addition, the antimalware service executable uses too much CPU because it scans its own folder – C:\Program Files\Windows Defender.
However, other possible causes of the Antimalware Service Executable (MsMpEng) using high CPU also include:
- Low hardware resources;
- Windows components/software conflicts;
- Malware or virus infection;
- Misconfigured or corrupt Windows system files;
- Outdated Windows Defender definitions;
- The self-scanning function of Windows Defender directory
So, stopping antimalware service executable from scanning its own folder is one of the ways you can make it use less CPU.
How to Fix High CPU Usage By MsMpEng.exe in Windows 10
Use the following solutions to fix high CPU usage by the Antimalware Service Executable. Our methods were written using the latest Windows 10 update.
Fix #1: Scan your Computer for Malware
We recommend running a security scan to ensure that your system is not currently infected by malware. Some malicious scripts and applications may be able to cause Windows Defender memory usage to go up. If you notice high CPU and disk usage, you may also be the victim of a cyberattack.
We’ll use the accessible and built-in Windows Defender to conduct a system scan. However, a more focused third-party antivirus software may work better. Use the following steps to scan your PC for malware using Windows Defender:
- Open the search bar in your taskbar by clicking on the magnifying glass icon. You can also bring it up with the Windows + S keyboard shortcut.
- Type in Windows Security and launch it from the search results.
- Select the Full scan option. This will check every single file on your drives to ensure no threats can be hidden. Take note that this scan may last over 1-2 hours, depending on how many files you have on your system.
- Click on the Scan now button to begin the scan. If a threat is detected, Windows 10 will automatically quarantine or remove it entirely. You can review the scan results afterwards to see what infected files were removed.
- Switch to the Virus & Threat Protection tab using the home screen or the menu in the left-side pane. Click on the Scan Options link.
Fix #2: Change Windows Defender Scheduling settings
A number of Windows users who report high CPU usage by MsMpEng.exe say it occurs during a full system scan. To sort these issues out, you can reschedule the scan to occur when you’re not using your PC:
- Open Windows search and type Task Scheduler.
- On the Task Scheduler screen, navigate to the left pane and double-click Task Scheduler Library.
- Expand the folders as you navigate the following path:
Library/Microsoft/Windows/Windows Defender.
- In the Windows Defender folder, locate Windows Defender Scheduled Scan in the middle pane and double click on it.
- On the new Window, go to the Conditions tab, and then click OK and uncheck all options. This will clear the scheduled scans on your PC.
- Now, reschedule the Windows Defender scans.
- Again double click the Windows Defender Scheduled Scan.
- Got to the Triggers tab and then click New.
- Next, create a new scan schedule – either weekly scans or monthly scans depending on what suits your needs and enable you to balance protection and system efficiency.
- Now, choose the Day of the scan and click OK. Make sure the scan is enabled.
- Repeat the same process for the other three services: Windows Defender Cleanup, Windows Defender Cache Maintenance, and Windows Defender Verification.
This process will re-schedule your PC’s Windows Defender to function as per your preference. Restart your PC and see if the Antimalware Service Executable is still using high CPU.
FIX #3: Add Antimalware Service Executable to the Windows Defender’s exclusion list
When scanning your PC, Windows Defender checks all the files – including itself – which is a common cause of system lag. You exclude Windows defender from scanning itself by simply adding it to the exclusion list.
- Open Task Manager by pressing Ctrl + Shift + Esc (or right-click the Taskbar and select Task Manager).
- In the list of items, locate Antimalware Service Executable > right-click on it and select Open File Location.
- Copy the full path of Antimalware Service Executable on the address bar.
- Now, open the Windows Start menu and type “windows defender” then click the top result to launch Windows Defender Security Center.
- Next, click on Virus & threat protection > then on Virus & threat protection settings, click Manage settings.
- Now, scroll down to “Exclusions,” then click Add or remove exclusions.
- Click Add an exclusion, select Folder option, then paste the Antimalware Service Executable (MsMpEng.exe) path you copied from the address bar.
- Now, click Open.
This process will exclude the Antimalware Service Executable folder from the scan. This method doesn’t remove the Antimalware Service Executable, but rather fixes a known issue with the scans Windows Defender conducts while in real-time protection mode.
Fix #4: Disable Windows Defender Service
If the high CPU usage by MsMpEng problem persists, you may need to disable the Antimalware Service Executable in Windows 10. Note that disabling the Windows Defender may leave you vulnerable to many cyber-attacks if you don’t have a third-party antivirus program installed.
Once you’re ready, learn how to turn off Antimalware Service Executable entirely using the step-by-step instructions below.
To disable Windows Defender (through the registry editor):
- Press Wins Key + R to open Run Dialog Box.
- Type Regedit and click OK to open the Registry Editor.
- Check the left navigation pane, and double click the folders to navigate to the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender. - Locate a registry entry named DisableAntiSpyware > then double click it and set its value data to 1.
- If there is no registry entry named DisableAntiSpyware, go back to the main Registry Editor pane and right-click on it > select New > DWORD (32 bit) Value.
-
- Now, name the new registry entry DisableAntiSpyware > double click it and set its value data to 1.
Once again, let us remind you that it’s risky to operate your device without having an antivirus application installed. You may become vulnerable to malware, hackers, and other types of cyberattacks. We highly recommend using Malwarebytes if you need a free and lightweight solution. We also offer Malwarebytes Premium for the best market price.
Fix #5: Roll Back Windows Defender Definition Updates
On rare occasions, Windows Defender may acquire a bad definition update that causes certain Windows 10 files to be detected as viruses. This can easily overload your system if a large amount of false positives arise at once. Here’s how to remove a bad definition update for Windows Defender.
- Open the search bar in your taskbar by clicking on the magnifying glass icon. You can also bring it up with the Windows + S keyboard shortcut.
- Type Command Prompt in the search box. When you see it in the results, right-click on it and choose Run as Administrator.
- When prompted by the User Account Control (UAC), click Yes to allow the app to launch with administrative permissions.
If you need help, check out our How to make a local user an administrator in Windows 10 guide. - Once the Command Prompt window is open, type in the following command and press Enter to execute it: “%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe” -RemoveDefinitions -All
- After the first command finishes running, input the following one and execute it with the Enter key: “%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe” -SignatureUpdate
- You can now check if the Antimalware Service Executable (MsMpEng.exe) high CPU usage has decreased.
Wrapping Up
Windows Defender is an important tool because it comes free with your Windows operating system. However, it can put a drain on your system’s CPU. If you carefully follow the steps we’ve described in this article, you’ll take control of the Antimalware Service Executable on your PC and keep your computer running at full speed.
Did you find this article informative and helpful? Please send this master guide to everyone you work with to enhance your team’s productivity further. Please return to our website for deals on Microsoft Office software and more helpful guides and articles related to Microsoft’s most popular productivity suite.
One more thing
Would you like to receive promotions, deals, and discounts to get our products for the best price? Don’t forget to subscribe to our newsletter by entering your email address below! Receive the latest technology news in your inbox and be the first to read our tips to become more productive.