How to fix ‘Antimalware Service Executable’ high CPU usage

antimalware-service-executable-preview

The Antimalware Service Executable process plays an important role in the Microsoft Windows Defender Service that comes bundled with Windows 10 (and, despite the similarities in name, is completely unrelated to Emsisoft Anti-Malware!). However, it’s also infamous for consuming far more than its fair share of CPU processing power, and can even single handedly reduce your computer’s speed to a glacial crawl.

If you’re a Windows Defender user and have noticed high CPU usage for abnormally long periods of time, you’ll be pleased to know that you can easily manage this issue.

In this article, we’ve put together a few simple steps you can follow to prevent Antimalware Service Executable from hogging your system’s resources and keep your machine running smoothly.

What is Antimalware Service Executable (msmpeng.exe)?

Do you use Windows Defender to protect your computer? If so, open up the Windows Task Manager (Ctrl + Shift + Esc or Start Menu > Task Manager), scroll through the list of background processes and you will find a process called Antimalware Service Executable and its corresponding file msmpeng.exe.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

This process allows Windows Defender to continuously monitor your computer for potential threats and provide real-time protection against malware and cyberattacks. At the same time, however, it can also be the cause of disproportionately high CPU usage.

Another Windows Defender feature that may be responsible for slowing down your system is its Full Scan, which performs a comprehensive check of all files on your computer. Full Scan relies heavily on the CPU and is not afraid to use whatever resources your system has available; as a result, you may experience lag, delays, hanging and other system disruptions when it is scanning.

While it is normal for antivirus programs to consume system resources when running a scan, Windows Defender is far greedier than most. It is known to use excessive CPU for longer periods of time and carry out scans right when you’re waking up the computer to quickly send an email or check a website.

Although this can be frustrating, it’s important that you don’t remove or disable Windows Defender without first installing another IT security solution – after all, it may be the only thing that stands between your computer and the bad guys! Let the program do its job, resolve any threats and then follow these steps to prevent the anti-malware executable issue from happening again:

Fix #1: Change Windows Defender’s scheduling options

For most people, Antimalware Service Executable high memory problems typically happens when Windows Defender is running a full scan. We can remedy this by scheduling the scans to take place at a time when you’re less likely to feel the drain on your CPU.

windows-task-scheduler

Optimize the full scan schedule.

  1. Open the Start menu, type “task scheduler” and click the top result to launch the program.
  2. In the navigation pane on the left, double click Task Scheduler Library. Continue to expand these folders and navigate to the following destination: Library/Microsoft/Windows/Windows Defender.
  3. When you have opened the Windows Defender folder, double click Windows Defender Scheduled Scan, located in the middle pane.
  4. Click the Conditions tab, uncheck all options and click OK. This will clear your scheduled scans.
  5. To protect your computer, it is important to schedule some new scans, but we can do this in a way that will reduce the impact on your system’s performance. To do so, double click Windows Defender Scheduled Scan, select the Triggers tab and click New.
  6. Create a new scan schedule that suits your needs, selecting options that strike the balance between protection and system efficiency. As a guideline, we recommend (at minimum) weekly scans at a time when you’ll be unlikely to notice the increased CPU usage.
  7. Repeat the process for the three remaining services (Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification) found in the Library/Microsoft/Windows/Windows Defender folder.

Fix #2: Disable Windows Defender

If the problem persists after applying the first two fixes, you might be tempted to resort to disabling Windows Defender altogether. Keep in mind that doing so leaves you vulnerable to a range of cyberattacks, so it’s critical that you add an effective anti-malware product on your computer before removing Windows Defender.

disable-windows-defender-regedit

Disable Windows Defender altogether using the Registry Editor.

  1. Press Windows Key + R to open the Run Dialog Box.
  2. In the Run Dialog Box, type regedit and click OK to open the Registry Editor.
  3. In the navigation pane on the left, double click the folders to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  4. If you find a registry entry named DisableAntiSpyware, double click it and set its value data to 1.

4b. If you do not see a registry entry named DisableAntiSpyware, right click in the main Registry Editor pane and select New > DWORD (32 bit) Value.

4c. Name this new registry entry DisableAntiSpyware. Double click it and set its value data to 1.

Fix #3: Check for malware infections

It’s possible that something more malevolent is causing Windows Defender to disrupt your computer’s performance. Run a full system scan using a reputable and lightweight anti-malware solution such as Emsisoft Anti-Malware (we have a 30-day free trial available) to check your computer for any virus or malware that may be affecting your computer’s ability to run smoothly and safely.

Windows Defender is a valuable tool, particularly since it comes free with your operating system, but it can certainly put a drain on your system’s CPU. By following the steps described in this article, you’ll be able to take control of Antimalware Service Executable’s threat protection and help keep your computer running at full speed.

Have an awesome (malware-free) day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next