How to Fix the High CPU Usage of “Antimalware Service Executable”

How to Fix the High CPU Usage of “Antimalware Service Executable”

/ Shayne Sherman

Microsoft Defender Antivirus, previously known as Windows Defender, is included with Windows 10. Microsoft Defender’s background process is called “Antimalware Service Executable.” Known as MsMpEng.exe, it is a component of Microsoft’s Windows operating system.

Most of the time, Antimalware Service Executable in Windows Defender is a reliable tool that provides an extra coat of protection for your PC. Unfortunately, there will be moments when your Windows Defender will have high CPU usage causing your system to run slow. In this article, we take a look at solutions on how to fix this anomaly.

About Antimalware Service Executable

Microsoft Defender, previously known as Windows Defender, is included with Windows 10 and replaces Microsoft Security Essentials with Windows 7 for free. This assures that all users of Windows 10, regardless of whether they have chosen to install one, will always have antivirus software installed and running on their computer. Windows 10 will automatically disable it and replace it with Microsoft Defender if you have an out-of-date antivirus program installed. Microsoft Defender is also included with Windows 11.

Microsoft Defender’s background service, the Antimalware Service Executable process, is always running in the background. It is responsible for scanning files for malware upon access, running background system scans for malicious software, updating antivirus definitions, installing antivirus definition updates, and executing any other tasks required of a security tool like Defender.

image 23

The process is called Antimalware Service Executable in the Windows Task Manager’s Processes tab, but its file name is MsMpEng.exe, which you can see in the Details tab in the Windows Task Manager.

image 22

The Windows Security program bundled with Windows 10 and Windows 11 allows you to configure Microsoft Defender, run scans, and view scan history. This program was previously known as “Windows Defender Security Center.”

Use the “Windows Security” shortcut by clicking the Start menu and searching for it. You can alternatively click on the Windows button > Settings > Update & Security > Windows Security > Open Windows Security by right-clicking the shield symbol in the notification area on your taskbar and selecting “View Security Dashboard.”

image 24

Why Does Antimalware Service Executable Cause High CPU Usage?

It’s likely that the Antimalware Service Executable is doing a system scan for malware if it’s using a lot of CPU or disk resources. This built-in utility, like other antivirus programs, scans your computer’s files in the background regularly. Unfortunately, Windows Defender scheduled scan also causes High CPU Usage and makes your system slow.

It also checks files as you view them and installs patches with information on new threats regularly. It could also be a sign that Microsoft Defender is installing an update or that you recently opened a large file that requires additional processing time.

Microsoft Defender analyzes your computer in the background only while it is idle and not in use. Even if you’re not using your computer, it may utilize CPU resources to execute updates or scan files when you access them. The background scans, on the other hand, should not run while you are using your computer.

This is typical behavior for any antivirus tool, as they all require specific system resources to examine your computer and keep you secure.

Should You Disable Antimalware Service Executable

We do not recommend deactivating or disabling Windows Defender if you have no alternative antivirus app installed. You won’t be able to turn it off permanently. You can disable “Real-Time Protection” by opening the Windows Security application from the Start menu, selecting “Virus & Threat Protection,” then clicking “Manage Settings” under the Virus & Threat Protection setting. But Microsoft Defender will reactivate itself after a short time if it does not find alternative antivirus programs installed.

Defender scans are a system maintenance operation that you can’t turn off, despite some incorrect advice you’ll find online. It won’t help if you disable its duties in Task Scheduler. It will only be permanently disabled if you replace it with another antivirus product.

If you have another antivirus product installed on your computer, Microsoft Defender will turn itself off and leave you alone. If you go to Windows Security > Virus & Threat Protection and have another antivirus application installed and operational, you’ll receive a notice that says, “You’re using other antivirus providers.”. This indicates that Windows Defender is turned off. Although the process may be running in the background, it should not be consuming too much CPU power or disk resources while Windows Defender attempts to run a scan on your computer.

There is, however, a way to utilize both your preferred antivirus product and Microsoft Defender. Expand “Microsoft Defender Antivirus settings” and enable “Periodic scanning” on the same screen. Suppose you’re already using an antivirus product. In that case, Defender will continue to do regular background scans, giving you a second opinion and maybe catching items that your primary antivirus program might not have noticed.

If you want to block Microsoft Defender to avoid the antimalware service executable high CPU usage even if you have alternative antivirus software installed, go here and ensure the Periodic scanning option is turned off. If it doesn’t concern you, you can enable Periodic scanning as it adds another degree of security and protection. This feature, however, is disabled by default.

Should You Worry About Antimalware Service Executable Process Being a Threat?

The Antimalware Service Executable has not been imitated by any viruses that we have come across so far. Because Microsoft Defender is an antivirus, any malware that tries to do this should be stopped in its tracks. It’s typical for Microsoft Defender to be operating as long as you’re using Windows 10 and have Microsoft Defender turned on.

If you’re seriously worried, you can always scan using a different antivirus tool to ensure your PC is not infected with malware.

Here are some steps that you can perform to fix high CPU usage of the Antimalware Service Executable.

Method 1: Add Antimalware Service Executable to Windows Defender’s Whitelist

Windows Defender checks every file on your computer, including itself, throughout its scans. This can lead to some fascinating interactions on rare occasions and is a typical cause of system latency. You may simply instruct Windows Defender to ignore itself while doing a system scan to avoid this from happening by adding Antimalware Service Executable to the Windows Defender’s exclusion list.

1. Open Windows Defender by clicking on the Windows button and type in “Windows Security” and press “enter”.

image 28
  1. Under the “Virus & Threat Protection Settings” click on the “Manage Settings”.
image 29
  1. Click on “Add or Remove Exclusions” under Exclusions
image 30
  1. Click on “Add an exclusion” and select “Folder”. Choose the Windows Defender folder with the Antimalware Service Executable MsMpEng.exe. In most cases, it is found under this path: C:\ProgramData\Microsoft\Windows Defender\Platform.

Once you have completed these steps, the above-mentioned folder with the Antimalware Service Executable MsMpEng.exe will now be excluded from any scans performed by Windows Defender. Open your Task Manager to see if you were able to fix High CPU Usage of antimalware sevice executable process.

Method 2 – Temporarily Disable Windows Defender

You can turn off Microsoft Defender temporarily if you don’t want to use it. The antimalware service executable will no longer run as a result of this. Microsoft Defender will not be uninstalled, but instead, it will be disabled. It may remain disabled after restarting the computer for some users, but it usually turns back on.

1. Open Windows Defender by clicking on the Windows button and type in “Windows Security” and press “enter”.

image 31
  1. Click on “Virus & Threat Protection” on the Windows Security homepage.
image 32
  1. Under Virus & Threat Protection Settings, click “Manage Settings” and disable the following options:

• Real-time Protection

• Cloud-delivered Protection

• Automatic Sample Submission

• Tamper Protection

image 33

The situation is temporary, as previously stated. The Group Policy Editor can be used to permanently disable it, but this feature isn’t built into Windows 10 Home. Even the Group Policy option is absent in some recent versions of Windows 10 Pro so it is better and easier to disable Windows Defender through the application itself. This should fix the antimalware service executable high CPU usage if not, then move on to the next method.

Method 3 – Disable Windows Defender Through the Registry Editor

If the problem continues after attempting the first two methods, you may be tempted to turn off Windows Defender in the Registry Editor as a last option. Before you remove Windows Defender, you should install an excellent anti-malware program on your computer because doing so exposes you to various cyberattacks.

1. Press “Windows” and “R” keys together to bring up the run command line. Type in “regedit” and click “OK” or press enter on your keyboard to open the Registry Editor.

image 34
  1. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  2. If you can see the registry entry with the name “DisableAntiSpyware” in the main registry editor pane, right-click on it, click “Modify”, change the Value Data to “1” and click on “OK
  1. If you do not see the “DisableAntiSpyware” registry entry, right-click on the empty space in the Registry Editor and click on “New”, click “DWORD (32-bit) Value” and name it to “DisableAntiSpyware”.
image 35
  1. Once the entry has been created, right-click on it and change the Value Data to “1” following the same steps listed above. Restart your computer to and open the Task Manager to see if the antimalware service executable high CPU usage issue has already been fixed.

Method 4: Modify the Scheduling Options of Windows Defender

Since the real-time protection function is the leading cause of the issue, changing Windows Defender’s schedule is a perfect remedy. Fix the Antimalware Service Executable High CPU usage issue by following the steps for modifying the real time protection sttings.

1. Hold down both the “Windows” and “R” keys together to bring up the run dialog box. Type in “taskschd.msc” and click “OK” or press enter on your keyboard to open the Windows Task Scheduler.

image 37
  1. On the left pane, double click on “Task Scheduler Library”, click “Microsoft”, “Windows” and then select “Windows Defender
  1. In the middle pane, double click “Windows Defender Scheduled Scan”.
image 38
  1. On the next window, uncheck “Run with highest privileges
image 39
  1. Next, click on the “Conditions” tab and uncheck all the options under the tab and click “OK
image 40

After modifying Windows Defender’s schedule, your error should now be repaired if you followed the steps above. If the above method fails to fix the antimalware service executable high usage, try the next one below.

Method 5: Check for new Windows Update

Antimalware Service Executable can experience high CPU usage due to the use of out-of-date Windows drivers and files. Use Windows Update to see if there are any available updates to keep your system current.

  1. Press “Windows” on your keyboard and press “R” to bring up the run dialog box and type in “control update” and press enter.
image 41
  1. Click on “Check for Updates” in the Windows Update window. If there are no updates available then you should get a message saying “You’re Up to Date
image 42
  1. If the Windows Update Tool finds a new update, let it install it and wait for it to complete. You may be required to restart your computer in order for it to install.
image 43
  1. Restart your computer and open Windows Task Manager to see if the antimalware service executable high usage is still present.

Wrap Up

Although Windows Defender is a valuable utility, especially since it comes pre-installed with Windows 10, the aAlthough Windows Defender is a valuable utility, especially since it comes pre-installed with Windows 10, the application does consume a significant amount of your computer’s processing power. By following the methods that we provided in this article, you will be able to regain control of Antimalware Service Executable and maintain maximum performance on your computer.

Shayne Sherman
Meet the author

Shayne is an expert at all things Microsoft Windows and computer security. As a Windows user of over 30 years, he has been featured on Business Insider, Yahoo, Tech Republic, Hacker Noon, Techopedia, and many other publications. He also enjoys spending time with his family, including his English bulldog, Fergie as well as entertaining at his home theater.