How to fix ‘Antimalware Service Executable’ high CPU usage

How to fix ‘Antimalware Service Executable’ high CPU usage

antimalware-service-executable-banner

The Antimalware Service Executable process plays an important role in the Windows Defender Service that comes bundled with Windows 10 (and, despite the similarities in name, is completely unrelated to Emsisoft Anti-Malware!). However, it’s also infamous for consuming far more than its fair share of CPU processing power, and can even single handedly reduce your computer’s speed to a glacial crawl.

If you’re a Windows Defender user and have noticed high CPU usage for abnormally long periods of time, you’ll be pleased to know that the issue can easily be resolved.

In this article, we’ve put together a few simple steps you can follow to prevent Antimalware Service Executable from hogging your system’s resources and keep your machine running smoothly.

What is the msmpeng.exe Antimalware Service Executable?

Do you use Windows Defender to protect your computer? If so, open up the Windows Task Manager (Ctrl + Shift + Esc or Start Menu > Task Manager), scroll through the list of background processes and you will find a process called Antimalware Service Executable and its corresponding file msmpeng.exe.

This process allows Windows Defender to continuously monitor your computer for potential threats and provide real-time protection against malware and cyberattacks. At the same time, however, it can also be the cause of disproportionately high CPU usage.

Another Windows Defender feature that may be responsible for slowing down your system is its Full Scan, which performs a comprehensive check of all files on your computer. Full Scan relies heavily on the CPU and is not afraid to use whatever resources your system has available; as a result, you may experience lag, delays, hanging and other system disruptions when it is running.

While it is normal for antivirus programs to consume system resources when running a scan, Windows Defender is far greedier than most. It is known to use excessive CPU for longer periods of time and carry out scans right when you’re waking up the computer to quickly send an email or check a website.

Although this can be frustrating, it’s important that you don’t disable Windows Defender without first installing another IT security solution – after all, it may be the only thing that stands between your computer and the bad guys! Let the program do its job, resolve any threats and then follow these steps to prevent the issue from happening again:

Fix #1: Change Windows Defender’s scheduling options

For most people, the high memory usage caused by Antimalware Service Executable typically happens when Windows Defender is running a full scan. We can remedy this by scheduling the scans to take place at a time when you’re less likely to feel the drain on your CPU.

windows-task-scheduler

Optimize the full scan schedule.

  1. Open the Start menu, type “task scheduler” and click the top result to launch the program.
  2. In the navigation pane on the left, double click Task Scheduler Library. Continue to expand these folders and navigate to the following destination: Library/Microsoft/Windows/Windows Defender.
  3. When you have opened the Windows Defender folder, double click Windows Defender Scheduled Scan, located in the middle pane.
  4. Click the Conditions tab, uncheck all options and click OK. This will clear your scheduled scans.
  5. To protect your computer, it is important to schedule some new scans, but we can do this in a way that will reduce the impact on your system’s performance. To do so, double click Windows Defender Scheduled Scan, select the Triggers tab and click New.
  6. Create a new scan schedule that suits your needs, selecting options that strike the balance between protection and system efficiency. As a guideline, we recommend (at minimum) weekly scans at a time when you’ll be unlikely to notice the increased CPU usage.
  7. Repeat the process for the three remaining services (Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification) found in the Library/Microsoft/Windows/Windows Defender folder.

Fix #2: Add Antimalware Service Executable to Windows Defender’s exclusion list

During its scans, Windows Defender checks every single file on your computer – including itself. This can occasionally result in some interesting interactions and is a common source of system lag. To prevent this from happening, you can simply instruct Windows Defender to skip itself when performing a system scan.

windows-defender-exclusions

  1. Press Ctrl + Shift + Esc to open Windows Task Manager.
  2. In the list of processes, search for Antimalware Service Executable. Right click on the process and select Open File Location.
  3. In the address bar, you’ll see the full path of Antimalware Service Executable. Click on the address bar and copy the full path.
  4. Open the Start menu, type “windows defender” and click the top result to launch the Windows Defender Security Center.
  5. Click on Virus & threat protection, then on Virus & threat protection settings.
  6. Scroll down until “Exclusions” and click Add or remove exclusions. In the next screen, click on Add an extension, select File and paste the path to Antimalware Service Executable (MsMpEng.exe) in the address bar. Finally click Open and the file will now be excluded from the scan.

Fix #3: Disable Windows Defender

If the problem persists after applying the first two fixes, you might be tempted to resort to disabling Windows Defender altogether. Keep in mind that doing so leaves you vulnerable to a range of cyberattacks, so it’s critical that you install an effective anti-malware product on your computer before removing Windows Defender.

disable-windows-defender-regedit

Disable Windows Defender altogether using the Registry Editor.

  1. Press Windows Key + R to open the Run Dialog Box.
  2. In the Run Dialog Box, type regedit and click OK to open the Registry Editor.
  3. In the navigation pane on the left, double click the folders to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  4. If you find a registry entry named DisableAntiSpyware, double click it and set its value data to 1.

4b. If you do not see a registry entry named DisableAntiSpyware, right click in the main Registry Editor pane and select New > DWORD (32 bit) Value.

4c. Name this new registry entry DisableAntiSpyware. Double click it and set its value data to 1.

Fix #4: Check for malware infections

It’s possible that something more malevolent is causing Windows Defender to disrupt your computer’s performance. Run a full system scan using a reputable and lightweight anti-malware solution such as Emsisoft Anti-Malware (we have a 30-day free trial available) to check your computer for any malware that may be affecting your computer’s ability to run smoothly and safely.

Windows Defender is a valuable tool, particularly since it comes free with your operating system, but it can certainly put a drain on your system’s CPU. By following the steps described in this article, you’ll be able to take control of Antimalware Service Executable and keep your computer running at full speed.

Have an awesome (malware-free) day!

  • Iskander Mitt

    Hi.Why EmsiSoft, Avast, Avira, McAfee do not work correctly in the Windows 10 environment. Windows defender works well?

    • As far as i know, all the mentioned products work very well on Windows10.
      Windows Defender works generally well too, the issue explained on our article is widely known and may happen on some system, so we provided several fixes to help users.
      Thank you for your interest :)

  • Piotr

    If you have AV just disable defender. No need to waste your resources. It is worse than any good paid av.

    • He-Who-Must-Not-Be-Named

      I don’t think it is worse, it is rather “just as”

  • Tempus

    Hi
    Really nice and well written article, but sorry Emsisoft I don’t understand why you’re writing an article, about how to help out issues for a competitor’s product. It’s definitely a nice gesture without doubt, but aren’t you shooting yourself in the foot ?

    • Hi Tempus. Firstly, thanks for the compliment. Glad you like the article. The reason we wrote this article is because we noticed that many people are having this issue with Windows Defender, and we want to help them out. If we managed to help them run their system more smoothly while being protected: great. If they decided they want to try out our light-weight antivirus solution to be even better protected from malware: even better :)

      • Madison Burke

        Thanks for writing this article. I think solving an issue for us, in spite of it being an issue caused by your competitor, builds trust. It sounds like you guys know what you’re doing, and want to help us as much as you want to get your own product recognized. I decided to download Emsisoft Anti-malware because this article felt trustworthy.

  • Kyle Bang

    Hello. Once I installed the Fall Creators update, this issue of high(avg 30% in my case) service executable use started happening. I’ve gone into task scheduler, but the last run time shows this morning hours ago for all Defender activities https://i.imgur.com/ifh50fl.png but I just noticed the antimalware service executable hogging a few minutes ago. Should I go through and still change the schedules, or am I having a different problem? I haven’t used third party antivirus in years.

    • Hello @nataku411:disqus,.
      It is just Windows Defender doing some auto-maintenance, so from what i see, no issues on your side. Windows just used to consume a lot of resources when it is active. Even open a folder full of installer make the CPU usage rises.

      so before thinking about changing the schedule:
      – Does the hog last long?
      – Is it during your working time or just when you the boot and log-in?
      – does it hampers you to work properly (like you feel annoying slowdowns?).

      • Kyle Bang

        It will hog for 5-10 minutes, and seems to occur at random times, often during work/play. I can immediately notice when it happens, scrolling pages becomes stuttery, games will lose frames, and overall I feel the slow down. 7700K/1080 ti

        • So changing schedules won’t do much better, if it was at boot time only, it may solve the issue.
          One possible explanation is that you may have something suspicious on your system.
          Would you install Emsisoft Anti-malware (it has free trial of 30 days) and do a scan with it?

          • Kyle Bang

            I gave it a try, a few false positives but nothing suspect.

          • How is computer performance with it? better than with Windows Defender i guess?

            What are the false positives?

          • Kyle Bang

            Performance was more or less the same as Defender, though I haven’t used it more than the scan mentioned. The false positives are all instances of an .exe I used a while back to patch a game, often flagged as trojans.

            The problem seems to have been brought on by the recent Fall Creators Update

          • @nataku411:disqus

            Ok, i see.
            Normally while using Emsisoft, you shouldn’t have the high CPU hogging anymore, right?

  • Drew Wishon

    I have done ALL this stuff, and it still does it and hogs 85% of my CPU. It resets the schedule and I have no way to turn it off or anything. Every time I tamper with setting they just reset in the end and its all for nothing. I have everything unchecked, I even once had the times set to time were im not even on and it still wont listen to that, it decides to reset its self and ONLY go active when im doing something with the CPU like trying to update graphics drivers or download games, then it kicks in and makes everything take three times longer.

    • @drewwishon:disqus i advise you to try Emsisoft Anti-Malware then you should have a more responsive machine.