How to Fix the High CPU Usage of “Antimalware Service Executable”

How to Fix the High CPU Usage of “Antimalware Service Executable”

/ Shayne Sherman
  • Microsoft Defender Antivirus, previously known as Windows Defender, is included with Windows 10 and Windows 11.
  • Microsoft Defender’s background process is called “Antimalware Service Executable.” Known as MsMpEng.exe, it is a component of the Windows operating system.
  • Windows Defender analyzes your computer in the background while idle and not in use. It may utilize CPU resources to execute updates or scan files when you access them.
  • We recommend downloading the Restoro Repair Tool to repair High CPU Usage issues.

Automatically Repair High CPU Usage Errors

Recommended: To easily install drivers automatically, use the tool below.

Download Now
Restoro System Repair

Microsoft Defender Antivirus, previously known as Windows Defender, is included with Windows 10. Microsoft Defender’s background process is called “Antimalware Service Executable.” Known as MsMpEng.exe, it is a component of Microsoft’s Windows operating system.

Most of the time, Antimalware Service Executable in Windows Defender is a reliable tool that provides extra protection for your PC. Unfortunately, there will be moments when your Windows Defender will have high CPU usage, causing your system to run slowly. In this article, we take a look at solutions on how to fix this anomaly.

About Antimalware Service Executable

Microsoft Defender, previously known as Windows Defender, is included with Windows 10 and replaces Microsoft Security Essentials with Windows 7 for free. Microsoft Defender assures that all users of Windows 10, regardless of whether they have chosen to install one, will always have antivirus software installed and running on their computer.

Windows 10 will automatically disable and replace it with Microsoft Defender if you have an out-of-date antivirus program installed. Microsoft Defender is also included with Windows 11. Not on Windows 11 yet? Check out our post on how to move from Windows 10 to Windows 11.

Microsoft Defender’s background service, the Antimalware Service Executable process, always runs in the background. It is responsible for scanning files for malware upon access, running background system scans for malicious software, updating antivirus definitions, installing antivirus definition updates, and executing any other tasks required of a security tool like Defender.

image 23

The process is called Antimalware Service Executable in the Windows Task Manager’s Processes tab, but its file name is MsMpEng.exe, which you can see in the Details tab in the Windows Task Manager.

image 22

The Windows Security program bundled with Windows 10 and 11 allows you to configure Microsoft Defender, run scans, and view scan history. This program was previously known as the “Windows Defender Security Center.”

Use the “Windows Security” shortcut by clicking the Start menu and searching for it. You can alternatively click on the Windows button > Settings > Update & Security > Windows Security > Open Windows Security by right-clicking the shield symbol in the notification area on your taskbar and selecting “View Security Dashboard.”

image 24

Why Does Antimalware Service Executable Cause High CPU Usage?

The Antimalware Service Executable is likely doing a system scan for malware if it’s using a lot of CPU or disk resources. Like other antivirus programs, this built-in utility regularly scans your computer’s files in the background. Unfortunately, Windows Defender scheduled scan also causes High CPU Usage and makes your system slow.

It also regularly checks files as you view them and installs patches with information on new threats. It could also be a sign that Microsoft Defender is installing an update or that you recently opened a large file that requires additional processing time.

Microsoft Defender analyzes your computer in the background while idle and not in use. Even if you’re not using your computer, it may utilize CPU resources to execute updates or scan files when you access them. The background scans, on the other hand, should not run while you are using your computer.

This is typical behavior for any antivirus tool, as they all require specific system resources to examine your computer and keep you secure.

Windows Automatic Repair Tool

Windows 10
System Information
  • Your machine is currently running Windows 10
  • Restoro is compatible with your operating system.

Recommended: To repair Windows Errors, use this software package; Restoro System Repair. This repair tool has been proven to identify and fix these errors and other Windows problems with very high efficiency.

Download Now
Restoro System Repair
Norton Digicert
  • 100% safe as confirmed by Norton.
  • Only your system and hardware are evaluated.

Should You Disable Antimalware Service Executable

We do not recommend deactivating or disabling Windows Defender if you have no alternative antivirus app installed and you won’t be able to turn it off permanently.

You can disable “Real-Time Protection” by opening the Windows Security application from the Start menu, selecting “Virus & Threat Protection,” and then clicking “Manage Settings” under the Virus & Threat Protection setting. But Microsoft Defender will reactivate itself shortly if it does not find alternative antivirus programs installed.

Defender scans are a system maintenance operation that you can’t turn off, despite some incorrect advice you’ll find online. It won’t help if you disable its duties in Task Scheduler, and it will only be permanently disabled if you replace it with another antivirus product.

If you have another antivirus product installed on your computer, Microsoft Defender will turn itself off and leave you alone. If you go to Windows Security > Virus & Threat Protection and have another antivirus application installed and operational, you’ll receive a notice that says, “You’re using other antivirus providers.”

This indicates that Windows Defender is turned off. Although the process may be running in the background, it should not consume too much CPU power or disk resources while Windows Defender attempts to run a scan on your computer.

However, you can utilize your preferred antivirus product and Microsoft Defender. Expand “Microsoft Defender Antivirus settings” and enable “Periodic scanning” on the same screen. Suppose you’re already using an antivirus product. In that case, Defender will continue to do regular background scans, giving you a second opinion and maybe catching items that your primary antivirus program might not have noticed.

If you want to block Microsoft Defender to avoid the antimalware service executable high CPU usage even if you have alternative antivirus software installed, go here and ensure the Periodic scanning option is turned off. If it doesn’t concern you, you can enable Periodic scanning, as it adds another degree of security and protection. This feature, however, is disabled by default.

Should You Worry About Antimalware Service Executable Process Being a Threat?

The Antimalware Service Executable has not been imitated by any viruses we have encountered. Because Microsoft Defender is an antivirus, any malware that tries to do this should be stopped in its tracks. It’s typical for Microsoft Defender to be operating as long as you’re using Windows 10 and have Microsoft Defender turned on.

If you’re seriously worried, you can always scan using a different antivirus tool to ensure your PC is not infected with malware.

Here are some steps that you can perform to fix the high CPU usage of the Antimalware Service Executable.

Method 1: Add Antimalware Service Executable to Windows Defender’s Whitelist

Windows Defender checks every file on your computer, including itself, throughout its scans. This can lead to fascinating interactions on rare occasions and is a typical cause of system latency. You may instruct Windows Defender to ignore itself while doing a system scan to avoid this by adding Antimalware Service Executable to the Windows Defender’s exclusion list.

1. Open Windows Defender by clicking on the Windows button, typing in “Windows Security,” and pressing “enter.”

image 28
  1. Under the “Virus & Threat Protection Settings,” click on “Manage Settings.”
image 29
  1. Click on “Add or Remove Exclusions” under Exclusions
image 30
  1. Click on “Add an exclusion” and select “Folder.“. Choose the Windows Defender folder with the Antimalware Service Executable MsMpEng.exe. In most cases, it is found under this path: C:\ProgramData\Microsoft\Windows Defender\Platform.

Once you have completed these steps, the folder mentioned above with the Antimalware Service Executable MsMpEng.exe will now be excluded from any scans performed by Windows Defender. Open your Task Manager to see if you can fix the High CPU Usage of the antimalware service executable process.

Method 2 – Temporarily Disable Windows Defender

You can turn off Microsoft Defender temporarily if you don’t want to use it. The antimalware service executable will no longer run as a result of this. Microsoft Defender will not be uninstalled; instead, it will be disabled. It may remain disabled after restarting the computer for some users, but it usually turns back on.

1. Open Windows Defender by clicking on the Windows button, typing in “Windows Security,” and pressing “enter.”

image 31
  1. Click on “Virus & Threat Protection” on the Windows Security homepage.
image 32
  1. Under Virus & Threat Protection Settings, click “Manage Settings” and disable the following options:
  • Real-time Protection
  • Cloud-delivered Protection
  • Automatic Sample Submission
  • Tamper Protection
image 33

The situation is temporary, as previously stated. The Group Policy Editor can permanently disable it, but this feature isn’t built into Windows 10 Home.

Even the Group Policy option is absent in some recent versions of Windows 10 Pro, so it is better and easier to disable Windows Defender through the application itself. This should fix the antimalware service executable’s high CPU usage. If not, then move on to the following method.

Method 3 – Disable Windows Defender Through the Registry Editor

If the problem continues after attempting the first two methods, you may be tempted to turn off Windows Defender in the Registry Editor as a last option. Before you remove Windows Defender, you should install an excellent anti-malware program on your computer because doing so exposes you to various cyberattacks.

1. Press the “Windows” and “R” keys to bring up the run command line. Type in “regedit” and click “OK,” or press enter on your keyboard to open the Registry Editor.

image 34
  1. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  2. If you can see the registry entry with the name “DisableAntiSpyware” in the main registry editor pane, right-click on it, click “Modify,” change the Value Data to “1,” and click on “OK.”
  1. If you do not see the “DisableAntiSpyware” registry entry, right-click on the space in the Registry Editor and click on “New,” click “DWORD (32-bit) Value” and name it “DisableAntiSpyware.”
image 35
  1. Once the entry has been created, right-click on it and change the Value Data to “1,” following the same steps listed above.
  2. Restart your computer and open the Task Manager to see if the antimalware service executable high CPU usage issue has already been fixed.

Method 4: Modify the Scheduling Options of Windows Defender

Since the real-time protection function is the leading cause of the issue, changing Windows Defender’s schedule is a perfect remedy. Fix the Antimalware Service Executable High CPU usage issue by following the steps for modifying the real-time protection settings.

1. Hold the “Windows” and “R” keys to bring up the run dialog box. Type in “taskschd.msc” and click “OK” or press enter on your keyboard to open the Windows Task Scheduler.

image 37
  1. On the left pane, double-click on “Task Scheduler Library,” click “Microsoft,” “Windows,” and then select “Windows Defender.”
  1. In the middle pane, double-click “Windows Defender Scheduled Scan.”
image 38
  1. On the next window, uncheck “Run with highest privileges.”
image 39
  1. Next, click on the “Conditions” tab and uncheck all the options under the tab and click “OK.”
image 40

After modifying Windows Defender’s schedule, your error should be repaired if you follow the steps above. Try the next one below if the above method fails to fix the antimalware service executable high usage.

Method 5: Check for new Windows Update

Antimalware Service Executable can experience high CPU usage due to out-of-date Windows drivers and files. Use Windows Update to see if there are any available updates to keep your system current.

  1. Press “Windows” on your keyboard and press “R” to bring up the run dialog box; type in “control update,” and press enter.
image 41
  1. Click on “Check for Updates” in the Windows Update window. If no updates are available, you should get a message saying, “You’re Up to Date.”
image 42
  1. If the Windows Update Tool finds a new update, let it install and wait for it to complete. You may be required to restart your computer for it to install.
image 43
  1. Restart your computer and open Windows Task Manager to see if the antimalware service’s high usage is still present.

Wrap Up

Although Windows Defender is a valuable utility, especially since it comes pre-installed with Windows 10, the application does consume a significant amount of your computer’s processing power. By following the methods we provided in this article, you will regain control of Antimalware Service Executable and maintain maximum performance on your computer.

Shayne Sherman
Meet the author

Shayne is an expert on all things Microsoft Windows and computer security. As a Windows user of over 30 years, he has been featured on Business Insider, Yahoo, Tech Republic, Hacker Noon, Techopedia, and many other publications. Aside from entertaining at his home theater, he enjoys spending time with his family, including his English bulldog, Fergie.