Desktop Window Manager (DWM.EXE). High CPU Or Memory Issue

What is Desktop Window Manager process?
Desktop Windows manager, dwm.exe
Written by Wilbur Woodham

Desktop Window Manager (dwm.exe) is a system process running in Windows, one of a large number of ones that are used in this operating system. It is a deeply integrated process because it has a very important role. However, there were several cases when malicious programs mimicked that process to be ignored by the user who tried to detect the malware presence by checking the running processes in Task Manager.

In this post, you will see how to distinguish the original process from the malicious one, as well as information about the dwm.exe purpose.

Desktop Window Manager process purpose

Dwm.exe process is an integrated system process that launches together with the operating system and stops only after the session ends. That process is responsible for the correct rendering of the effects you can see while using Windows. Smooth animations, transparent frames of each window, and 3D object visualization – all these things are used every day and by every user. Besides the graphical effects, Desktop Window Manager also takes care of correct support of high-resolution monitors – 2K/4K ones.

dwm.exe responsibility

The rendering mechanism of separate elements that are under the dwm.exe responsibility is also interesting. Program windows can overlay each other, and it is harder to draw the correct effects of transparency. After all windows are established, the Desktop Window Manager collects the pictures of all windows and then processes them to get a single picture of the desktop, i.e. the picture that the user will see on his monitor.

Can I disable dwm.exe?

No way. This process belongs to the system, so it is protected from any kind of external interruptions. And there is no need to do it – on modern versions of Windows 10, you will likely spectate a very low consumption for this process. If you see that Desktop Windows Manager takes more than 5% of your CPU/RAM resources, and you have ensured that there are no viruses onboard, try to perform troubleshooting.

dwm.exe consumption

Normal consumption of Desktop Window Manager process

The problems which may lead to high resource consumption of this process are usually related to the GPU that is used in the system. Update the drivers of all graphic processing units – Intel HD Graphics, AMD Radeon or Nvidia. If the problem is not solved, it is likely related not to the software, but to hardware. Unfortunately, you may need to repair or buy a new graphic card/processor.

The times when Windows processes may be disabled to increase the system performance have passed long ago. When Windows XP was the last actual OS version, computers were quite weak, and their upgrade was quite expensive, disabling several services could make your PC faster without any significant problems. Nowadays, such tricks can make things even worse.

How can I detect that Desktop Windows Manager is a virus?

The easiest way to understand if the process you see is a malicious one is to check its source. System processes, that are launching independently from the startup and user’s processes, are listed in a separate thread, named “Windows processes”. If Desktop Window Manager, Windows Shell Experience Host or Service Host process are launched as a user’s tasks, they are likely fake and launched by malware.

Another way to check if the process is launched by a malicious program is to open its file location. Find the Desktop Windows Manager process in Task Manager, and click it with a right mouse button. Choose the “Open file location” option, and you will see the folder where the .exe file is located. If the dwm.exe source file is located in C:/Windows/System32, everything is ok, but any other location of the source file means that you have malware on your computer. To check your PC for viruses, I can offer you to use GridinSoft Anti-Malware.1.

dwm.exe file location

Removing the viruses with GridinSoft Anti-Malware

  • Download and install the GridinSoft Anti-Malware. After the installation, you will be offered to perform the standard scan. Apply this action.
  • GridinSoft Anti-Malware during the scan process

  • Standard scan lasts up to six minutes and checks the system files together with the files of the programs you have installed on your computer.
  • GridinSoft Anti-Malware scan results

  • When the scan is complete, press “Apply” to wipe out the malicious items that are present on your PC.
  • Malware removing with GridinSoft Anti-Malware

    Frequently Asked Questions

    Can I just delete the process from the root directory?

    No. In case if the process belongs to the legitimate system element, you will not be able to edit the root directory of the system, where it is stored, without granting yourself permission for this action. And its deletion will surely lead to a system crash without a possibility of loading the system back, because the crucial component is absent.

    Is it possible to decrease the hardware consumption of this process?

    That process consumes literally nothing, so you will likely see no occasions when there is a need to make it less greedy with resources. However, if you see that it takes more than 20-30% of your CPU and the same amount of RAM, it is likely a virus. Perform the guide I wrote above.

    How can I know this process is malicious without checking its root directory?

    As it was mentioned in the previous question, the CPU/RAM consumption of the original process is very low. So, the dwm.exe that uses a lot of hardware capacity is definitely a virus. Another way to understand that this process belongs to a malicious program is its location inside of the Task Manager. System processes are listed in the corresponding thread, so the Windows Shell Experience Host application among the user’s background processes is a sign of malware presence.

    User Review
    0 (0 votes)
    Comments Rating 0 (0 reviews)


    1. Reasons why I can recommend you to use GridinSoft Anti-Malware
    Desktop Window Manager (DWM). Why do dwm.exe using CPU?
    Desktop Window Manager (DWM). Why do dwm.exe using CPU?
    Desktop Window Manager is an internal system process that is required for correct rendering of the effects that appear while using the OS interface. Some hardware problems can lead to high CPU/GPU usage. Read, how to deal with such issues, as well as check if that process is a malware-related counterfeit.

    About the author

    Wilbur Woodham

    I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

    Leave a Reply