How to Fix High CPU Usage By Antimalware Service Executable (MsMpEng)

Antimalware Service Executable is the name of the process MsMpEng (MsMpEng.exe) used by the Windows Defender program. The service associated with this program is the Windows Defender Service. The two most common reason for it to be consuming high CPU usage is the real-time feature which is constantly scanning files, connections and other related applications in real-time, which is what it is supposed to be doing (Protect In Real Time).

The second is the Full Scan feature which may be scanning all files, when the computer either wakes up from sleep or when it is connected to a network, or if it is scheduled to run daily. The bit to understand here is that when it is doing a complete scan, your system will experience frequent lagging, hanging and delayed access/response from your input/interactions with the system, because the CPU is Hijacked by Defender. Don’t be afraid or lose patience here, instead let it run and scan, wait a few minutes and if there are lots of files, etc, then it may even take a few hours, so let it runs and finish what it is doing for the sake of your protection, once it has completed, it will release the CPU and the USAGE will drop down to its normal.

However, Full SCAN should only be done once in a while and not every day, what I’ve seen with most users is that they have scheduled the scan feature to run when the computer wakes up from sleep, or when it’s connected to the network, or if the scan is scheduled to run daily. You can also try to turn the Windows Defender off to check if it fixes the high CPU usage.

This issue may also apply to people using Windows 7 and hence on Microsoft Security Essentials. The methods are very similar if not the same.

Repair Corrupt Defender Files

Download and run Restoro to scan and repair corrupt/missing files from here, if files are found to be corrupt and missing repair them and then see if the CPU usage is still high, if YES then move to Method 2.

1. Reschedule Windows Defender Properly

  1. Click the Start Menu on the left side, and type Administrative Tools. Click on it to open it.Antimalware Service Executable-1
  2. From the Administrative Tools, explorer Window, choose Task Scheduler. Double click on it to open it.Antimalware Service Executable-2
  3. From the left pane of Task Scheduler browse to the following path:
  4. Library/Microsoft/Windows/Windows defender
  5. Once you’re in the Windows Defender Folder, locate the Name called “Windows Defender Scheduled Scan”, click on it once to highlight it and then choose Properties.Antimalware Service Executable-3
  6. Under the “General” tab, uncheck the “Run with Highest Privileges” option.
  7. From the Properties Windows, Click on the Conditions Tab and Un-check the options under Idle, Power and Network and Click OK. Don’t Worry, we will schedule it properly in the steps to come.Antimalware Service Executable-4
  8. Once this is done, we will then reschedule it. Click the Properties from the right pane again, and this time choose the Triggers tab, and Click New. Here, choose the Weekly option or Monthly, as per your preference, and then choose the Day, Click OK and make sure it is enabled.2015-11-28_094849
  9. This will re-schedule the Defender to work as per your preference. Now, if the scan was previously running, wait for it to finish, you’ll see the results after the scan has finished, but when the scan does run as per your defined schedule, you will still get the High CPU Usage. Repeat the same for the three other schedules.
  10. Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification
  11. Turn the conditions off, set the trigger to run once a week.

2. Turning off Windows Defender

Disabling Windows Defender can help fix this issue as this was the only way that worked for a lot of users. When using this method, remember to install another antivirus as that will less likely consume less CPU time than Windows Defender. We will be using the Local Group Policy Editor for this, and this works on only Windows Enterprise and Pro Editions of Windows 10 and more advanced versions of earlier OS’s. If you can’t use the Local Group Policy Editor, then use the Registry Tweak below.

2.1 Using the Local Group Policy Editor

  1. Press the Windows Key + R, type in gpedit.msc in the Run dialog box and click OK to open the Local Group Policy Editor.
  2. In the Local Group Policy Editor, navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender.
  3. At this Group Policy path, look for the setting named Turn off Windows Defender and double click it. Select the Enabled option to disable Windows Defender. Click Apply followed by OK.
  4. Windows Defender should be disabled instantly. If if doesn’t, restart the computer and check to see if it’s disabled.

2.2 Using the Registry

  1. Press the Windows Key + R, type in regedit in the Run dialog box and click OK to open the Windows Registry.
  2. In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  3. If you see a registry entry named DisableAntiSpyware, double click to edit it and change its value to 1.

If you don’t find the entry there, double-click on [this] registry file and apply it to your registry.

3. Adding Antimalware Service Executable to Windows Defender Exclusion List

Adding MsMpEng.exe to an exclusion list considerably reduces the CPU consumption.

  1. Press Ctrl + ALT + Del on your keyboard and open the Windows Task Manager. In the list of processes, look for the Antimalware Service Executable process.
    Opening Task Manager
  2. Right-click on it and select “Open File Location” to see the full path of the executable. You will see the file MsMpEng highlighted. Click on the address bar and copy the location of this file path.
  3. Hold the Windows Key and Press I, Choose Update and Security, Then Choose Windows Defender from the left pane, scroll down and choose > Add an exclusion “under exclusion” > Exclude a .exe, .com or .scr process or File Type, and paste the path to MsMpEng.exe
    Clicking on the “Update and Security” option
  4. Come back to your Task Manager and this process will be consuming just a little fraction of your processor. Paste the full path to the folder you copied and then add \MsMpEng.exe to it. Click OK to save changes.

4. Scan For Malware

There is a likelihood that malware has infected the MsMpEng.exe process. Try scanning with an anti-malware application like Malwarebytes and AdwCleaner to scan for and delete any malware which could be present on your PC.

5. Removing Bad Updates

Sometimes, Windows Defender acquires bad definition updates and that causes it to identify certain Windows’ files as viruses. Therefore, in this step, we will be removing these updates using Command Prompt. In order to do that:

  1. Press “Windows” + “R” keys simultaneously to open the run prompt.
  2. Type in “cmd” and press “Shift” + “Ctrl” + “Enter” simultaneously to provide administrative privileges to the command prompt.
    Typing cmd in the Run Prompt and pressing Shift + Alt + Enter to open an elevated Command Prompt
  3. Click on “yes” in the prompt.
  4. Type in the following command and pressEnter
    "%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -RemoveDefinitions -All

    Note: Keep the commas in the command

  5. After that, type in the following command and pressEnter
    "%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -SignatureUpdate
  6. Wait for the process to be completed and check to see if the issue persists.

6. Disabling Process Mitigations

This will stop the Exploit Protection Service which can drastically help you reduce CPU Usage. Exploit Protection can cause a Loop where Windows Defender is trying to disable the activity of a folder/program but when it’s not successful it tries to do it again and again which ends up in High CPU Usage. Follow the steps below:-

  1. Hold the Windows Key and Press X. Choose Command Prompt (Admin) or PowerShell (Admin).
  2. Type the following commands one by one to Disable Exploit Protection:-

    powershell “ForEach($v in (Get-Command -Name \”Set-ProcessMitigation\”).Parameters[\”Disable\”].Attributes.ValidValues){Set-ProcessMitigation -System -Disable $v.ToString().Replace(\” \”, \”\”).Replace(\”`n\”, \”\”) -ErrorAction SilentlyContinue}”

    Disabling Exploit Protection

Ignore any warnings and simply let the process continue. Once it’s done restart your computer and check to see if the issue is resolved.

7. Using an alternative anti-virus

You can try to use an alternative anti-virus engine such as “Malwarebytes” or any other less aggressive anti-virus. Using another antivirus will basically disable the Windows Defender and use its own services/process to defend your computer and your computer will be used much anymore. So you will stay protected and your problem will be resolved as well.

FAQs about Antimalware Service Executable

Can i end antimalware service executable?

You cannot end this process as long as you use Windows built-in antivirus/defender engine. However, if you turn off the real-time feature or switch to a third-party antivirus software then you wont see this process in your task manager.

Why is my antimalware service running high?

It is running high because it scans the PC Activity in real-time.

How do I fix antimalware service executable high CPU usage?

We have listed several methods in this article to help you stop antimalware service executable from consuming excessive CPU resources. Please follow the steps (above).

Kamil Anwar
Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.

Expert Tip

How to Fix High CPU Usage By Antimalware Service Executable (MsMpEng)

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested