“Antimalware Service Executable” high CPU usage: Guide to repair

antimalware service executable
Written by Wilbur Woodham

The Antimalware Service Executable process is of crucial importance in the Windows Defender Service that goes integrated with Windows 10. Nevertheless, it’s additionally known for consuming excessive CPU processing power, and can even essentially slow down your PC’s performance, resulting in your inability to enjoy its use anymore.

In case you’re a Windows Defender customer and have seen high CPU usage for quite a long duration of time, you’ll be glad to find out that the problem can easily be fixed.

In this tutorial, we’ve reviewed a few easy-to-follow recommendations you can refer to in order to avoid Antimalware Service Executable from eating your system’s resources and maintain your machine operating in a smooth manner.

What does the msmpeng.exe Antimalware Service Executable stand for?

Do you run Windows Defender to defend your PC? If the answer to this question is “Yes”, then launch the Windows Task Manager (Ctrl + Shift + Esc or Start Menu > Task Manager), scroll via the range of background processes and you will locate a process named Antimalware Service Executable and its appropriate file msmpeng.exe.

This process lets Windows Defender permanently track your PC for possible threats and render real-time defense against threats and cyberattacks. On the other hand, it can also be the reason for extremely high CPU1 usage.

Another Windows Defender component that may cause the slowdown of your system is its Full Scan, which implements a full inspection of all files on your PC. Full Scan is grounded basically on the CPU and is not shy to apply whatever resources your system has got; as a consequence, you may face lag, delays, freezing and other system troubles when it is active.

windows defender - full scan

Even though it is quite natural for antivirus applications to consume system resources while running a scan, Windows Defender is far more hungry than the rest. It is known to use excessive CPU for longer duration of time and implement scans right when you’re waking up the PC to quickly write an email or load a webpage.

Even though this can be scary, it’s crucial that you don’t deactivate Windows Defender without initially installing another IT security program – by the way, it may be the only defense that protects your system from the online criminals! Let the application perform its direct function, delete any threats and then implement these recommendations to prevent the problem from taking place again:

Solution #1: Modify Windows Defender’s scheduling options

For the majority of customers, the high memory consumption caused by Antimalware Service Executable normally occurs when Windows Defender is performing a full scan. We can fix this by scheduling the scans to happen at a time when you don’t feel there’s anything draining on your CPU.

windows start menu - task scheduler

  1. Go to the Start menuspecify “task scheduler” and click the top result to run the utility.
  2. In the navigation section on the left, double click Task Scheduler Library. Proceed to expand these folders and go to the following location: Library/Microsoft/Windows/Windows Defender.
  3. Once you are in the Windows Defender folder, double click Windows Defender Scheduled Scan, placed in the middle pane.
  4. Click the Conditions tabuncheck all parameters and click OK. This will remove your scheduled scans.
    Antimalware Service Executable - windows defender scheduled scan
  5. To defend your PC, it is crucial to schedule certain new scans, but we can implement this in a way that will minimize the reflection on your system’s functionality. To make it possible, double click Windows Defender Scheduled Scanchose the Triggers tab and click New.
  6. Generate a new scan schedule that complies with your expectations, choosing features that make the balance between defense and system performance. As a piece of advice, we suggest (at least) weekly scans at a time when you’ll be unlikely to see the higher CPU usage.
  7. Repeat the procedure for the three other services (Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification) located in the Library/Microsoft/Windows/Windows Defender folder.

Solution #2: Place Antimalware Service Executable to Windows Defender’s exclusion list

In times of its scans, Windows Defender inspects every single file on your PC – including itself. This can sometimes result in certain unusual interactions and is a common reason for system lag. To prevent this from taking place, you can just instruct Windows Defender to skip itself while implementing a system scan.

windows defender security center - exclusions

  1. Use the Ctrl + Shift + Esc hotkey to start Windows Task Manager.
  2. In the list of processes, look for Antimalware Service ExecutableRight click on the process and choose Open File Location.
  3. In the address field, you’ll face the complete path of Antimalware Service Executable. Click on the address bar and copy the full path.
  4. Go to the Start menuspecify “windows defender” and click the upper result to start the Windows Defender Security Center.
  5. Select Virus & threat protection, then on Virus & threat protection preferences.
    windows add exclusions
  6. Scroll down until “Exclusions” and choose Add or remove exclusions. In the next window, choose to Add an exclusion, choose Folder and paste the path to Antimalware Service Executable (MsMpEng.exe) in the address field. Then, click Open and the folder will now be removed from the scan.

Solution #3: Deactivate Windows Defender

In case the issue still happens after implementing the first two solutions, you could be tempted to refer to deactivating Windows Defender completely. Bear in mind that doing so leaves your system exposed to a wide section of cyberattacks, therefore, it’s crucial that you install a working anti-malware software on your PC before deactivating Windows Defender.

antimalware service executable - disable windows defender

  1. Apply the Windows Key hotkey to start the Run Dialog Box.
  2. In the Run Dialog Box, specify regedit and choose OK to launch the Registry Editor.
  3. In the navigation area on the left, double click the folders to proceed to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  4. In case you locate a registry entry called DisableAntiSpyware, double click it and define its value data to 1.

Consider reading: Microsoft Defender Offline. Guide to secure the PC.

4b. In case you do not find a registry entry called DisableAntiSpyware, right click in the main Registry Editor area and choose New > DWORD (32 bit) Value.

4c. Nominate this new registry entry DisableAntiSpyware. Double click it and define its value data to 1.

Solution #4: Search for malware threats

It’s quite likely that certain more dangerous item results in Windows Defender to disrupt your PC’s speed. Implement a complete system scan with the help of a reliable and lightweight anti-malware tool such as GridinSoft Anti-Malware to inspect your PC for any malware that may be preventing your PC to operate safely and trouble-free.

Windows Defender stands for a valuable utility, particularly because it goes free with your OS, but it can definitely put a drain on your computer’s CPU. By fulfilling the recommendations reviewed in this tutorial, you’ll be capable of taking control of Antimalware Service Executable and maintaining your PC functionality at full speed.

Pay attention to this guide: Temporarily Disable Avast, Symantec, ESET, McAfee, Avira, Bitdefender For Windows 10

Feel free to express your experience by sharing your thoughts in the comments section below. Good luck!

Wilbur Woodham
Wilbur Woodham
IT Security Expert

It is better to prevent, than repair and repent!

When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Anti-Malware
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | Gridinsoft
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

References

  1. Central processing unit: https://en.wikipedia.org/wiki/Central_processing_unit
"Antimalware Service Executable" high CPU usage: Guide to repair
Article
"Antimalware Service Executable" high CPU usage: Guide to repair
Description
What does the msmpeng.exe Antimalware Service Executable stand for? In this tutorial, we’ve reviewed a few easy-to-follow recommendations you can refer to.
Author
Copyright
HowToFix.Guide
 

Japanese Spanish Chinese (Traditional)

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.