Msmpeng.exe process, or Antimalware Service Executable is one of the dozens of processes that run in the background in Windows. This one, as in can be figured out from its name, belongs to the Microsoft Defender. However, there were several instances when trojan viruses had used the name of this process to disguise themselves as a system process. In this article, you will see the detailed description of msmpeng.exe process functions, as well as the guide of detecting if this process is a counterfeit and belongs to a virus.
Msmpeng.exe process description
As it was mentioned, msmpeng.exe is a process of Microsoft Defender1 – the embedded security tool, which is present in every Windows 8.1/10. This process substituted the smartscreen.exe – previous variant of the antivirus software task. They have a minimal difference between each other, and smartscreen.exe can still be found and opened.
The system needs the msmpeng.exe process to be opened constantly to allow the embedded security tool to work correctly. While your PC has no processes running/files opening, the Antimalware Service Executable (or msmpeng.exe) process consumes quite a low amount of memory (~250-300 MB) and nearly no CPU power. But at the moment, when you try to open the file, its consumption may rise significantly – up to 1-1.2GB RAM and the corresponding amount of CPU. Such behavior is typical for the majority of anti-malware software, regardless of their developers – Microsoft, Kaspersky, Symantec or so.
Can I improve my PC performance by stopping the msmpeng.exe?
Antimalware Service Executable processes may consume a significant amount of hardware capacity while performing the scan of running applications or files. Such behavior may cause a performance decline, especially if your PC is quite weak. Nonetheless, you are not able to stop this process completely without implementing the changes to Group Policies.
Press Win+R and type “gpedit.msc”. Open the Computer Configuration branch, then follow the Administrative Templates, and then scroll down to the Windows Components folder. Inside it, find the Microsoft Defender Antivirus subdirectory. In this folder, you need to change the “Allow antimalware service to startup with normal priority” setting to Disabled value (double click it to open the settings window).
The times when Windows processes may be disabled to increase the system performance have passed long ago. When Windows XP was the last actual OS version, computers were quite weak, and their upgrade was quite expensive. Disabling several services could really make your PC faster without any significant problems. Nowadays, such tricks can make things even worse.
Can the msmpeng.exe process be malicious?
All legitimate system processes are listed in the Windows Processes category in Task Manager. If you see a duplicate of the process from Windows processes in the list of background processes, it may be malware. To check out the program the process belongs to, click it with a right mouse button, and choose the “Open file location” option.
If this file is stored somewhere in the ProgramData/Microsoft/Windows Defender folder, it is 100% legit. Don’t be scared with a massive number of processes in the background – the majority of them are needed to decrease the time of programs opening.
However, if this process is located among the user’s processes and “Open file location” leads to the unknown directory, it is recommended to check your PC with antimalware software. My choice for this case is GridinSoft Anti-Malware.
Removing the viruses with GridinSoft Anti-Malware
User Review( votes)
- Detailed Microsoft Defender review.