How to fix ‘Antimalware Service Executable’ high CPU usage

How to fix ‘Antimalware Service Executable’ high CPU usage

antimalware-service-executable-banner

The Antimalware Service Executable process plays an important role in the Windows Defender Service that comes bundled with Windows 10 (and, despite the similarities in name, is completely unrelated to Emsisoft Anti-Malware!). However, it’s also infamous for consuming far more than its fair share of CPU processing power, and can even single handedly reduce your computer’s speed to a glacial crawl.

If you’re a Windows Defender user and have noticed high CPU usage for abnormally long periods of time, you’ll be pleased to know that the issue can easily be resolved.

In this article, we’ve put together a few simple steps you can follow to prevent Antimalware Service Executable from hogging your system’s resources and keep your machine running smoothly.

What is the msmpeng.exe Antimalware Service Executable?

Do you use Windows Defender to protect your computer? If so, open up the Windows Task Manager (Ctrl + Shift + Esc or Start Menu > Task Manager), scroll through the list of background processes and you will find a process called Antimalware Service Executable and its corresponding file msmpeng.exe.

This process allows Windows Defender to continuously monitor your computer for potential threats and provide real-time protection against malware and cyberattacks. At the same time, however, it can also be the cause of disproportionately high CPU usage.

Another Windows Defender feature that may be responsible for slowing down your system is its Full Scan, which performs a comprehensive check of all files on your computer. Full Scan relies heavily on the CPU and is not afraid to use whatever resources your system has available; as a result, you may experience lag, delays, hanging and other system disruptions when it is running.

While it is normal for antivirus programs to consume system resources when running a scan, Windows Defender is far greedier than most. It is known to use excessive CPU for longer periods of time and carry out scans right when you’re waking up the computer to quickly send an email or check a website.

Although this can be frustrating, it’s important that you don’t disable Windows Defender without first installing another IT security solution – after all, it may be the only thing that stands between your computer and the bad guys! Let the program do its job, resolve any threats and then follow these steps to prevent the issue from happening again:

Fix #1: Change Windows Defender’s scheduling options

For most people, the high memory usage caused by Antimalware Service Executable typically happens when Windows Defender is running a full scan. We can remedy this by scheduling the scans to take place at a time when you’re less likely to feel the drain on your CPU.

windows-task-scheduler

Optimize the full scan schedule.

  1. Open the Start menu, type “task scheduler” and click the top result to launch the program.
  2. In the navigation pane on the left, double click Task Scheduler Library. Continue to expand these folders and navigate to the following destination: Library/Microsoft/Windows/Windows Defender.
  3. When you have opened the Windows Defender folder, double click Windows Defender Scheduled Scan, located in the middle pane.
  4. Click the Conditions tab, uncheck all options and click OK. This will clear your scheduled scans.
  5. To protect your computer, it is important to schedule some new scans, but we can do this in a way that will reduce the impact on your system’s performance. To do so, double click Windows Defender Scheduled Scan, select the Triggers tab and click New.
  6. Create a new scan schedule that suits your needs, selecting options that strike the balance between protection and system efficiency. As a guideline, we recommend (at minimum) weekly scans at a time when you’ll be unlikely to notice the increased CPU usage.
  7. Repeat the process for the three remaining services (Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification) found in the Library/Microsoft/Windows/Windows Defender folder.

Fix #2: Add Antimalware Service Executable to Windows Defender’s exclusion list

During its scans, Windows Defender checks every single file on your computer – including itself. This can occasionally result in some interesting interactions and is a common source of system lag. To prevent this from happening, you can simply instruct Windows Defender to skip itself when performing a system scan.

windows-defender-exclusions

  1. Press Ctrl + Shift + Esc to open Windows Task Manager.
  2. In the list of processes, search for Antimalware Service Executable. Right click on the process and select Open File Location.
  3. In the address bar, you’ll see the full path of Antimalware Service Executable. Click on the address bar and copy the full path.
  4. Open the Start menu, type “windows defender” and click the top result to launch the Windows Defender Security Center.
  5. Click on Virus & threat protection, then on Virus & threat protection settings.
  6. Scroll down until “Exclusions” and click Add or remove exclusions. In the next screen, click on Add an extension, select File and paste the path to Antimalware Service Executable (MsMpEng.exe) in the address bar. Finally click Open and the file will now be excluded from the scan.

Fix #3: Disable Windows Defender

If the problem persists after applying the first two fixes, you might be tempted to resort to disabling Windows Defender altogether. Keep in mind that doing so leaves you vulnerable to a range of cyberattacks, so it’s critical that you install an effective anti-malware product on your computer before removing Windows Defender.

disable-windows-defender-regedit

Disable Windows Defender altogether using the Registry Editor.

  1. Press Windows Key + R to open the Run Dialog Box.
  2. In the Run Dialog Box, type regedit and click OK to open the Registry Editor.
  3. In the navigation pane on the left, double click the folders to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  4. If you find a registry entry named DisableAntiSpyware, double click it and set its value data to 1.

4b. If you do not see a registry entry named DisableAntiSpyware, right click in the main Registry Editor pane and select New > DWORD (32 bit) Value.

4c. Name this new registry entry DisableAntiSpyware. Double click it and set its value data to 1.

Fix #4: Check for malware infections

It’s possible that something more malevolent is causing Windows Defender to disrupt your computer’s performance. Run a full system scan using a reputable and lightweight anti-malware solution such as Emsisoft Anti-Malware (we have a 30-day free trial available) to check your computer for any malware that may be affecting your computer’s ability to run smoothly and safely.

Windows Defender is a valuable tool, particularly since it comes free with your operating system, but it can certainly put a drain on your system’s CPU. By following the steps described in this article, you’ll be able to take control of Antimalware Service Executable and keep your computer running at full speed.

Have an awesome (malware-free) day!

  • Iskander Mitt

    Hi.Why EmsiSoft, Avast, Avira, McAfee do not work correctly in the Windows 10 environment. Windows defender works well?

    • As far as i know, all the mentioned products work very well on Windows10.
      Windows Defender works generally well too, the issue explained on our article is widely known and may happen on some system, so we provided several fixes to help users.
      Thank you for your interest :)

  • Piotr

    If you have AV just disable defender. No need to waste your resources. It is worse than any good paid av.

  • Tempus

    Hi
    Really nice and well written article, but sorry Emsisoft I don’t understand why you’re writing an article, about how to help out issues for a competitor’s product. It’s definitely a nice gesture without doubt, but aren’t you shooting yourself in the foot ?

    • Hi Tempus. Firstly, thanks for the compliment. Glad you like the article. The reason we wrote this article is because we noticed that many people are having this issue with Windows Defender, and we want to help them out. If we managed to help them run their system more smoothly while being protected: great. If they decided they want to try out our light-weight antivirus solution to be even better protected from malware: even better :)