How to fix ‘Antimalware Service Executable’ high CPU usage

How to fix ‘Antimalware Service Executable’ high CPU usage

antimalware-service-executable-banner

The Antimalware Service Executable process plays an important role in the Windows Defender Service that comes bundled with Windows 10 (and, despite the similarities in name, is completely unrelated to Emsisoft Anti-Malware!). However, it’s also infamous for consuming far more than its fair share of CPU processing power, and can even single handedly reduce your computer’s speed to a glacial crawl.

If you’re a Windows Defender user and have noticed high CPU usage for abnormally long periods of time, you’ll be pleased to know that the issue can easily be resolved.

In this article, we’ve put together a few simple steps you can follow to prevent Antimalware Service Executable from hogging your system’s resources and keep your machine running smoothly.

What is the msmpeng.exe Antimalware Service Executable?

Do you use Windows Defender to protect your computer? If so, open up the Windows Task Manager (Ctrl + Shift + Esc or Start Menu > Task Manager), scroll through the list of background processes and you will find a process called Antimalware Service Executable and its corresponding file msmpeng.exe.

This process allows Windows Defender to continuously monitor your computer for potential threats and provide real-time protection against malware and cyberattacks. At the same time, however, it can also be the cause of disproportionately high CPU usage.

Another Windows Defender feature that may be responsible for slowing down your system is its Full Scan, which performs a comprehensive check of all files on your computer. Full Scan relies heavily on the CPU and is not afraid to use whatever resources your system has available; as a result, you may experience lag, delays, hanging and other system disruptions when it is running.

While it is normal for antivirus programs to consume system resources when running a scan, Windows Defender is far greedier than most. It is known to use excessive CPU for longer periods of time and carry out scans right when you’re waking up the computer to quickly send an email or check a website.

Although this can be frustrating, it’s important that you don’t disable Windows Defender without first installing another IT security solution – after all, it may be the only thing that stands between your computer and the bad guys! Let the program do its job, resolve any threats and then follow these steps to prevent the issue from happening again:

Fix #1: Change Windows Defender’s scheduling options

For most people, the high memory usage caused by Antimalware Service Executable typically happens when Windows Defender is running a full scan. We can remedy this by scheduling the scans to take place at a time when you’re less likely to feel the drain on your CPU.

windows-task-scheduler

Optimize the full scan schedule.

  1. Open the Start menu, type “task scheduler” and click the top result to launch the program.
  2. In the navigation pane on the left, double click Task Scheduler Library. Continue to expand these folders and navigate to the following destination: Library/Microsoft/Windows/Windows Defender.
  3. When you have opened the Windows Defender folder, double click Windows Defender Scheduled Scan, located in the middle pane.
  4. Click the Conditions tab, uncheck all options and click OK. This will clear your scheduled scans.
  5. To protect your computer, it is important to schedule some new scans, but we can do this in a way that will reduce the impact on your system’s performance. To do so, double click Windows Defender Scheduled Scan, select the Triggers tab and click New.
  6. Create a new scan schedule that suits your needs, selecting options that strike the balance between protection and system efficiency. As a guideline, we recommend (at minimum) weekly scans at a time when you’ll be unlikely to notice the increased CPU usage.
  7. Repeat the process for the three remaining services (Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification) found in the Library/Microsoft/Windows/Windows Defender folder.

Fix #2: Add Antimalware Service Executable to Windows Defender’s exclusion list

During its scans, Windows Defender checks every single file on your computer – including itself. This can occasionally result in some interesting interactions and is a common source of system lag. To prevent this from happening, you can simply instruct Windows Defender to skip itself when performing a system scan.

windows-defender-exclusions

  1. Press Ctrl + Shift + Esc to open Windows Task Manager.
  2. In the list of processes, search for Antimalware Service Executable. Right click on the process and select Open File Location.
  3. In the address bar, you’ll see the full path of Antimalware Service Executable. Click on the address bar and copy the full path.
  4. Open the Start menu, type “windows defender” and click the top result to launch the Windows Defender Security Center.
  5. Click on Virus & threat protection, then on Virus & threat protection settings.
  6. Scroll down until “Exclusions” and click Add or remove exclusions. In the next screen, click on Add an extension, select File and paste the path to Antimalware Service Executable (MsMpEng.exe) in the address bar. Finally click Open and the file will now be excluded from the scan.

Fix #3: Disable Windows Defender

If the problem persists after applying the first two fixes, you might be tempted to resort to disabling Windows Defender altogether. Keep in mind that doing so leaves you vulnerable to a range of cyberattacks, so it’s critical that you install an effective anti-malware product on your computer before removing Windows Defender.

disable-windows-defender-regedit

Disable Windows Defender altogether using the Registry Editor.

  1. Press Windows Key + R to open the Run Dialog Box.
  2. In the Run Dialog Box, type regedit and click OK to open the Registry Editor.
  3. In the navigation pane on the left, double click the folders to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  4. If you find a registry entry named DisableAntiSpyware, double click it and set its value data to 1.

4b. If you do not see a registry entry named DisableAntiSpyware, right click in the main Registry Editor pane and select New > DWORD (32 bit) Value.

4c. Name this new registry entry DisableAntiSpyware. Double click it and set its value data to 1.

Fix #4: Check for malware infections

It’s possible that something more malevolent is causing Windows Defender to disrupt your computer’s performance. Run a full system scan using a reputable and lightweight anti-malware solution such as Emsisoft Anti-Malware (we have a 30-day free trial available) to check your computer for any malware that may be affecting your computer’s ability to run smoothly and safely.

Windows Defender is a valuable tool, particularly since it comes free with your operating system, but it can certainly put a drain on your system’s CPU. By following the steps described in this article, you’ll be able to take control of Antimalware Service Executable and keep your computer running at full speed.

Have an awesome (malware-free) day!

  • Iskander Mitt

    Hi.Why EmsiSoft, Avast, Avira, McAfee do not work correctly in the Windows 10 environment. Windows defender works well?

    • As far as i know, all the mentioned products work very well on Windows10.
      Windows Defender works generally well too, the issue explained on our article is widely known and may happen on some system, so we provided several fixes to help users.
      Thank you for your interest :)

      • Los2000

        I’ve found Avast (especially) and McAfee use up entirely too much resources. don’t know about the others.

    • Snezhana Serebrennikov

      Delete McAfee. It’s proven to slow down your computer. Actually, delete all of those. For basic internet use, all you need is malwarebytes (it’s free) and windows defender.

      • John Williams

        Malwarebytes free version doesn’t run in the background but can find problems that have already occurred. Defender and malwarebytes is all anyone needs for security on windows 10. The paid version of malwarebytes is only 39.95 a year. ESET nod 32 is another good AV at 39 a year.. Webroot, avast, norton, macafee, they are all garbage. I am a remote support tech and I always talk my clients into removing these as they cause more problems with performance then they help.

  • Piotr

    If you have AV just disable defender. No need to waste your resources. It is worse than any good paid av.

    • He-Who-Must-Not-Be-Named

      I don’t think it is worse, it is rather “just as”

    • Los2000

      Any suggestions on which is the better paid av? I tend to prefer Trend and Kaspersky, but I’m always looking for a better option.

      • Piotr

        Kaspersky and Trend are good. I use Emsisoft (bitdefender engine).

    • John Williams

      You are so wrong about that. ESET, Emisoft or Kaspersky are about the only three paid windows 10 AV’s that are any good. The rest are garbage. I work on 8 to 12 pc’s a day and I will usually just install defender on windows 8 or 10 or microsoft security essentials on windows 7 if the client want’s a free AV.. The rest slow your computer to a crawl… Defender may slow down some pc’s but in my experience it’s mainly Dell that experience this.

  • Tempus

    Hi
    Really nice and well written article, but sorry Emsisoft I don’t understand why you’re writing an article, about how to help out issues for a competitor’s product. It’s definitely a nice gesture without doubt, but aren’t you shooting yourself in the foot ?

    • Hi Tempus. Firstly, thanks for the compliment. Glad you like the article. The reason we wrote this article is because we noticed that many people are having this issue with Windows Defender, and we want to help them out. If we managed to help them run their system more smoothly while being protected: great. If they decided they want to try out our light-weight antivirus solution to be even better protected from malware: even better :)

      • Madison Burke

        Thanks for writing this article. I think solving an issue for us, in spite of it being an issue caused by your competitor, builds trust. It sounds like you guys know what you’re doing, and want to help us as much as you want to get your own product recognized. I decided to download Emsisoft Anti-malware because this article felt trustworthy.

  • Kyle Bang

    Hello. Once I installed the Fall Creators update, this issue of high(avg 30% in my case) service executable use started happening. I’ve gone into task scheduler, but the last run time shows this morning hours ago for all Defender activities https://i.imgur.com/ifh50fl.png but I just noticed the antimalware service executable hogging a few minutes ago. Should I go through and still change the schedules, or am I having a different problem? I haven’t used third party antivirus in years.

    • Hello @nataku411:disqus,.
      It is just Windows Defender doing some auto-maintenance, so from what i see, no issues on your side. Windows just used to consume a lot of resources when it is active. Even open a folder full of installer make the CPU usage rises.

      so before thinking about changing the schedule:
      – Does the hog last long?
      – Is it during your working time or just when you the boot and log-in?
      – does it hampers you to work properly (like you feel annoying slowdowns?).

      • Kyle Bang

        It will hog for 5-10 minutes, and seems to occur at random times, often during work/play. I can immediately notice when it happens, scrolling pages becomes stuttery, games will lose frames, and overall I feel the slow down. 7700K/1080 ti

        • So changing schedules won’t do much better, if it was at boot time only, it may solve the issue.
          One possible explanation is that you may have something suspicious on your system.
          Would you install Emsisoft Anti-malware (it has free trial of 30 days) and do a scan with it?

          • Kyle Bang

            I gave it a try, a few false positives but nothing suspect.

          • How is computer performance with it? better than with Windows Defender i guess?

            What are the false positives?

          • Kyle Bang

            Performance was more or less the same as Defender, though I haven’t used it more than the scan mentioned. The false positives are all instances of an .exe I used a while back to patch a game, often flagged as trojans.

            The problem seems to have been brought on by the recent Fall Creators Update

          • @nataku411:disqus

            Ok, i see.
            Normally while using Emsisoft, you shouldn’t have the high CPU hogging anymore, right?

  • Drew Wishon

    I have done ALL this stuff, and it still does it and hogs 85% of my CPU. It resets the schedule and I have no way to turn it off or anything. Every time I tamper with setting they just reset in the end and its all for nothing. I have everything unchecked, I even once had the times set to time were im not even on and it still wont listen to that, it decides to reset its self and ONLY go active when im doing something with the CPU like trying to update graphics drivers or download games, then it kicks in and makes everything take three times longer.

    • @drewwishon:disqus i advise you to try Emsisoft Anti-Malware then you should have a more responsive machine.

  • coolfeb shehnaz

    i followed through the process but it doesnt accept to disable the antispyware by changing the value to .error message appears that it can not edit.

    • were you on admin account?

      • birdwatcher

        How do you get on with an admin account? I believe my system came with Windows 10 Home version and I have to log In with a password but was never offered an admin account. I don’t use a Microsoft account.

        • Admin account is the one by default, so you seems to be on admin account.

  • birdwatcher

    Hi Glad to finally find out what’s been slowing my system down to a crawl, but when I try to follow your instructions above all the options are grayed out and can’t be changed, and when I try to go to Windows Defender Security Center to do the exclusion, I get a blue screen with a shield on it and nothing else. Help!

    • T-Berry

      Windows Defender typically has 4 different scheduled scans:
      -Windows Defender Cache Maintenance
      -Windows Defender Cleanup
      -Windows Defender Scheduled Scan
      -Windows Defender Verification.

      When you get to the Windows Defender tab in Task Scheduler (following the above instructions), If the conditions fields are grayed out, you have to edit each schedule individually. Right click on the task in the top portion of the page [where it says Condition: Ready] and click Properties. There you can change the parameters of the tabs for each type of schedule.

      Before following any of the advice in this article, I would allow Defender to complete whatever activity it is performing. I’ve found that running a full scan when I don’t need my computer is the best way to get it to smooth out. If people are interrupting the scans because it’s hogging resources, of course it will attempt to resume until it has completed.

      Run a full scan, go to breakfast/lunch/dinner/or movie, THEN change the settings so that it skips already scanned folders that would normally take a long time (like where you have video files). I did this after upgrading to Win 10 and have never had Defender slow down my system. None of the default tasks is set to begin if idle. On the Conditions tab, put a check in the box for “Start the task only if idle for:” The default is 10 minutes, but you can set for 1, 5, 10, 15, or 30 minutes or 1 hour.

      Recheck your settings after doing a big Windows Update, because many times the big updates will change some things back to their defaults.

  • Daniel Pavitt

    I see big increase in Windows defender usage while I’m playing Overwatch, do you think there could be some kind of link there and a specific fix for that? Thanks – Dan

  • Chad ‘adam’ Green

    The thing is when you already have a slow computer like a intel pentium duial core processor with 2GB of DDR2 667MHZ Ram a 250GB 5400RPM HDD, That completely falls to its knees when you do even the most basic browsing on google, dont even ask about the complete freeze when you try opening pages at oncve, well anyway, yeh, when things take up 1.8GB of your 1.9GB of slow ddr2 ram, and you cant do anything else because of the slow old HDD, then a file which bullys your system is constantly running, then its nice to be able to disable memory and space hogging files such as windows defender, i’d rather just use a small but affective anti-virus instead.Its when people say Windows defender is good, which maybe true for your new 3rd 4th 5th or newer gen i5’s or i7’s with a 1TB HDD, and 8GB or more of speedy 2333MHZ DDR3 ram in your laptop. And the difference is vast, as the bad laptop i mention is my dads, and my laptop has a 3rd gen i5 in, with a cache 16GB M.2 SSD in it with 12GB of fast ram 1TB hdd at 7200RPM. And it is fine and so much quicker, milliseconds to do things compared to 25 seconds to just load an app or something small. The HDD goes to 100% the cpu is cranked up to 98% the ram is 1.8 of 1.9GB, it literally falls to its knees.So rant over, and that was me pointing out when people say windows defender is fine, and i say, YES for laptops desktops nthat can handle it!!!!

  • ellococareloco

    it does not work on windows 10