Antimalware Service Executable is the name of the process MsMpEng (MsMpEng.exe) used by the Windows Defender program. The service associated with this program is the Windows Defender Service. The two most common reason for it to be consuming high cpu usage are the real-time feature which is constantly scanning files, connections and other related applications in real time, which is what it is supposed to be doing (Protect In Real Time).
The second is the Full Scan feature which may be scanning all files, when the computer either wakes up from sleep or when it is connected to a network, or if it is scheduled to run daily. The bit to understand here, is that when it is doing a complete scan, your system will experience frequent lagging, hanging and delayed access/response from your input/interactions with the system, because the CPU is Hijacked by Defender. Don’t be afraid or lose patience here, instead let it run and scan, wait a few minutes and if there are lots of files etc, then it may even take a few hours, so let it run and finish what it is doing for the sake of your protection, once it has completed, it will release the CPU and the USAGE will drop down to its normal.
However, Full SCAN should only be done once in awhile and not everyday, what I’ve seen with most users is that they have scheduled the scan feature to run when the computer wakes up from sleep, or when it’s connected to network, or if scan is scheduled to run daily.
This issue may also apply to people using Windows 7 and hence on Microsoft Security Essentials. The methods are very similar if not the same.
So to fix this issue, follow the methods below.
Method 1: Repair Corrupt Defender Files
Download and run Reimage Plus to scan and repair corrupt/missing files from here, if files are found to be corrupt and missing repair them and then see if the CPU usage is still high, if YES then move to Method 2.
Method 2: Reschedule Windows Defender Properly
- Click the Start Menu on the left side, and type Administrative Tools. Click on it to open it.
- From the Administrative Tools, explorer Window, choose Task Scheduler. Double click on it to open it.
- From the left pane of Task Scheduler browse to the following path:
- Library/Microsoft/Windows/Windows defender
- Once you’re in the Windows Defender Folder, locate the Name called “Windows Defender Scheduled Scan”, click on it once to highlight it and then choose Properties.
- From the Properties Windows, Click on the Conditions Tab and Un-check the options under Idle, Power and Network and Click OK. Don’t Worry, we will schedule it properly in the steps to come.
- Once this is done, we will then reschedule it. Click the Properties from the right pane again, and this time choose the Triggers tab, and Click New. Here, choose the Weekly option or Monthly, as per your preference, and then choose the Day, Click OK and make sure it is enabled.
- This will re-schedule the Defender to work as per your preference. Now, if the scan was previously running, wait for it to finish, you’ll see the results after the scan has finished, but when the scan does run as per your defined schedule, you will still get the High CPU Usage. Repeat the same for the three other schedules.
- Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification
- Turn the conditions off, set the trigger to run once a week.
Method 3: Turning off Windows Defender
Disabling Windows Defender can help fix this issue as this was the only way that worked for a lot of users. When using this method, remember to install another antivirus as that will less likely consume less CPU time than Windows Defender. We will be using the Local Group Policy Editor for this, and this works on only Windows Enterprise and Pro Editions of Windows 10 and more advanced versions of earlier OS’s. If you can’t use the Local Group Policy Editor, then use the Registry Tweak below.
Using the Local Group Policy Editor
- Press the Windows Key + R, type in gpedit.msc in the Run dialog box and click OK to open the Local Group Policy Editor.
- In the Local Group Policy Editor, navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender.
- At this Group Policy path, look for the setting named Turn off Windows Defender and double click it. Select the Enabled option to disable Windows Defender. Click Apply followed by OK.
- Windows Defender should be disabled instantly. If if doesn’t, restart the computer and check to see if it’s disabled.
Using the Registry
- Press the Windows Key + R, type in regedit in the Run dialog box and click OK to open the Windows Registry.
- In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
- If you see a registry entry named DisableAntiSpyware, double click to edit it and change its value to 1.
If you don’t find the entry there, double-click on [this] registry file and apply it to your registry.
Method 4: Adding Antimalware Service Executable to Windows Defender Exclusion List
Adding MsMpEng.exe to an exclusion list considerably reduces the CPU consumption.
- Press Ctrl + Shift + Esc on your keyboard to open the Windows Task Manager. In the list of processes, look for the Antimalware Service Executable process.
- Right-click on it and select “Open File Location” to see the full path of the executable. You will see the file MsMpEng highlighted. Click on the address bar and copy the location of this file path.
- Hold the Windows Key and Press I, Choose Update and Security, Then Choose Windows Defender from the left pane, scroll down and choose > Add an exclusion “under exclusion” > Exclude a .exe, .com or .scr process or File Type, and paste the path to MsMpEng.exe
- Come back to your Task Manager and this process will be consuming just a little fraction of your processor. Paste the full path to the folder you copied and then add \MsMpEng.exe to it. Click OK to save changes.
Method 5: Scan For Malware
There is a likelihood a malware has infected the MsMpEng.exe process. Try scanning with an anti-malware application like MalwareBytes and AdwCleaner to scan for and delete any malware which could be present on your PC.
Method 6: Removing Bad Updates
Sometimes, Windows Defender acquires bad definition updates and that causes it to identify certain Windows’ files as viruses. Therefore, in this step, we will be removing these updates using Command Prompt. In order to do that:
- Press “Windows” + “R” keys simultaneously to open the run prompt.
- Type in “cmd” and press “Shift” + “Ctrl” + “Enter” simultaneously to provide administrative privileges to the command prompt.
- Click on “yes” in the prompt.
- Type in the following command and press “Enter”
"%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -RemoveDefinitions -All
Note: Keep the commas in the command
- After that, type in the following command and press “Enter”
"%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -SignatureUpdate
- Wait for the process to be completed and check to see if the issue persists.