Msmpeng.exe process (Antimalware Service Executable) – what is the task for this process?

Msmpeng.exe process (Antimalware Service Executable) – what is the task for this process?
msmpeng.exe, Antimalware service executable
Written by Wilbur Woodham

Msmpeng.exe process, or Antimalware Service Executable is one of dozens of processes that run in the background in Windows. This one, as in can be figured out from its name, belongs to the Microsoft Defender. However, there were several instances when the name of this process had been used by trojan viruses to disguise themselves as a system process. In this article, you will see the detailed description of msmpeng.exe process functions, as well as the guide of detecting if this process is a counterfeit and belongs to a virus.

Msmpeng.exe process description

As it was mentioned, msmpeng.exe is a process of Microsoft Defender1 – the embedded security tool, which is present in every Windows 8.1/10. This process substituted the smartscreen.exe – previous variant of the antivirus software task. They have a minimal difference between each other, and smartscreen.exe can still be found and opened.

The system needs the msmpeng.exe process to be opened constantly to allow the embedded security tool to work correctly. While your PC has no processes running/files opening, the Antimalware Service Executable (or msmpeng.exe) process consumes quite a low amount of memory (~250-300 MB), and nearly no CPU power. But at the moment when you try to open the file, its consumption may rise significantly – up to 1-1.2GB RAM, and corresponding amount of CPU. Such behaviour is typical for the majority of anti-malware software, regardless of their developers – Microsoft, Kaspersky, Symanter or so.

Can I improve my PC performance by stopping the msmpeng.exe?

Antimalware Service Executable processes may consume the significant amount of hardware capacity while performing the scan of running applications or files. Such a behaviour may cause a performance decline, especially if your PC is quite weak. Nonetheless, you are not able to stop this process completely without implementing the changes to Group Policies.

Press Win+R and type “gpedit.msc”. Open the Computer Configuration branch, then follow to the Administrative Templates, and then scroll down to Windows Components folder. Inside it, find Microsoft Defender Antivirus subdirectory. In this folder, you need to change the “Allow antimalware service to startup with normal priority” setting to Disabled value (double click it to open the settings window).

The times when Windows processes may be disabled to increase the system performance have passed long ago. When Windows XP was the last actual OS version, computers were quite weak, and their upgrade was quite expensive, disabling several services could really make your PC faster without any significant problems. Nowadays, such tricks can make things even worse.

Can the msmpeng.exe process be malicious?

All legitimate system processes are listed in the Windows Processes category in Task Manager. If you see a duplicate of the process from Windows processes in the list of background processes, it may be a malware. To check out the program the process belongs to, click it with a right mouse button, and choose the “Open file location” option.

msmpeng.exe folder

If this file is stored somewhere in the ProgramData/Microsoft/Windows Defender folder, it is 100% legit. Don’t be scared with a massive number of processes in the background – the majority of them are needed to decrease the time of programs opening.

However, if this process is located among the users processes and “Open file location” leads to the unknown directory, it is recommended to check your PC with antimalware software. My choice for this case is GridinSoft Anti-Malware.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install the GridinSoft Anti-Malware. After the installation, you will be offered to perform the standard scan. Apply this action.
  • GridinSoft Anti-Malware during the scan process

  • Standard scan lasts up to six minutes and checks the system files together with the files of the programs you have installed on your computer.
  • GridinSoft Anti-Malware scan results

  • When the scan is complete, press “Apply” to wipe out the malicious items that are present on your PC.
  • Malware removing with GridinSoft Anti-Malware

    Sending
    User Review
    0 (0 votes)
    Comments Rating 0 (0 reviews)

    References

    1. Detailed Microsoft Defender review.
    Msmpeng.exe process (Antimalware Service Executable) - what is the task for this process?
    Article
    Msmpeng.exe process (Antimalware Service Executable) - what is the task for this process?
    Description
    Msmpeng.exe process is a task that belongs to Microsoft Defender. Read the post to get the guide of its disabling, and also the PC scanning if the msmpeng.exe is a malicious process.
    Author
    Copyright
    HowToFix.Guide
     

    About the author

    Wilbur Woodham

    I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

    Leave a Reply

    Sending

    This site uses Akismet to reduce spam. Learn how your comment data is processed.