MsMpEng.exe high CPU usage on computer

Msmpeng.exe process (Antimalware Service Executable) – what is the task for this process?
msmpeng.exe, Antimalware service executable
Written by Wilbur Woodham

Msmpeng.exe process, or Antimalware Service Executable is one of the dozens of processes that run in the background in Windows. This one, as in can be figured out from its name, belongs to the Microsoft Defender. However, there were several instances when trojan viruses had used the name of this process to disguise themselves as a system process. In this article, you will see the detailed description of msmpeng.exe process functions, as well as the guide of detecting if this process is a counterfeit and belongs to a virus.

Msmpeng.exe process description

As it was mentioned, msmpeng.exe is a process of Microsoft Defender1 – the embedded security tool, which is present in every Windows 8.1/10. This process substituted the smartscreen.exe – previous variant of the antivirus software task. They have a minimal difference between each other, and smartscreen.exe can still be found and opened.

The system needs the msmpeng.exe process to be opened constantly to allow the embedded security tool to work correctly. While your PC has no processes running/files opening, the Antimalware Service Executable (or msmpeng.exe) process consumes quite a low amount of memory (~250-300 MB) and nearly no CPU power. But at the moment, when you try to open the file, its consumption may rise significantly – up to 1-1.2GB RAM and the corresponding amount of CPU. Such behavior is typical for the majority of anti-malware software, regardless of their developers – Microsoft, Kaspersky, Symantec or so.

Can I improve my PC performance by stopping the msmpeng.exe?

Antimalware Service Executable processes may consume a significant amount of hardware capacity while performing the scan of running applications or files. Such behavior may cause a performance decline, especially if your PC is quite weak. Nonetheless, you are not able to stop this process completely without implementing the changes to Group Policies.

Press Win+R and type “gpedit.msc”. Open the Computer Configuration branch, then follow the Administrative Templates, and then scroll down to the Windows Components folder. Inside it, find the Microsoft Defender Antivirus subdirectory. In this folder, you need to change the “Allow antimalware service to startup with normal priority” setting to Disabled value (double click it to open the settings window).

The times when Windows processes may be disabled to increase the system performance have passed long ago. When Windows XP was the last actual OS version, computers were quite weak, and their upgrade was quite expensive. Disabling several services could really make your PC faster without any significant problems. Nowadays, such tricks can make things even worse.

Can the msmpeng.exe process be malicious?

All legitimate system processes are listed in the Windows Processes category in Task Manager. If you see a duplicate of the process from Windows processes in the list of background processes, it may be malware. To check out the program the process belongs to, click it with a right mouse button, and choose the “Open file location” option.

msmpeng.exe folder

If this file is stored somewhere in the ProgramData/Microsoft/Windows Defender folder, it is 100% legit. Don’t be scared with a massive number of processes in the background – the majority of them are needed to decrease the time of programs opening.

However, if this process is located among the user’s processes and “Open file location” leads to the unknown directory, it is recommended to check your PC with antimalware software. My choice for this case is GridinSoft Anti-Malware.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install the GridinSoft Anti-Malware. After the installation, you will be offered to perform the standard scan. Apply this action.
  • GridinSoft Anti-Malware during the scan process

  • Standard scan lasts up to six minutes and checks the system files together with the files of the programs you have installed on your computer.
  • GridinSoft Anti-Malware scan results

  • When the scan is complete, press “Apply” to wipe out the malicious items that are present on your PC.
  • Malware removing with GridinSoft Anti-Malware

    User Review
    0 (0 votes)
    Comments Rating 0 (0 reviews)


    1. Detailed Microsoft Defender review.
    Msmpeng.exe process (Antimalware Service Executable) - what is the task for this process?
    Msmpeng.exe process (Antimalware Service Executable) - what is the task for this process?
    Msmpeng.exe process is a task that belongs to Microsoft Defender. Read the post to get the guide of its disabling, and also the PC scanning if the msmpeng.exe is a malicious process.

    About the author

    Wilbur Woodham

    I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

    Leave a Reply