Antimalware Service Executable High CPU usage – Here’s what to do

As long as everything works normally on a computer, you don’t pay any attention to Windows components. But once your PC or laptop starts slowing down or even completely freezing, you need to dig in to figure out what went wrong. You have likely reached this article because you opened up the Task Manager and saw that a process called Antimalware Service Executable (MsMpEng.exe) had high CPU resource utilization.

The Antimalware Service Executable process is an integral part of Windows Defender. It’s not a virus. It’s a legitimate process built into Windows, but something is currently interfering with its normal operation on your computer. Read on to understand what this Windows component is responsible for and how you can fix the high CPU usage of Antimalware Service Executable.

In case you are having issues with Antimalware Service Executable using high amounts of disk resources, read this article instead.

What is Windows Defender?

Windows Defender is the free antivirus program included with Windows 10 operating system. Microsoft improved upon Microsoft Security Essentials, the antivirus program shipped with Windows 7. Microsoft wanted robust and effective antimalware software that would protect their users without the need for an external program. Windows Defender faced stiff criticism when it was first launched in 2006, but Microsoft has continued to improve Defender and roll out updates over the last 15 years.

Windows Defender is optional and can be disabled but should be done with extreme caution. It is your system, but make sure you understand the danger associated with allowing your system to operate without antimalware protection.

Windows Defender offers a variety of excellent features such as:

  • Virus & threat protection – It regularly scans your system, receives automatic updates, and includes real-time protection.
  • Firewall & network protection – A firewall monitors all incoming and outgoing network activity and blocks any connections that fail specific security rules.
  • App & browser control – It will warn against unrecognized applications, downloads, and sites and block sites based on Windows recognition.
  • Account protection – A secure sign-in across multiple devices, including SMS protection and Windows Hello.
  • Device security – These options depend upon hardware but include features like core isolation, security processor, and secure boot.
  • Device performance & health – A dashboard that monitors how well your system works in major areas: Windows Time service, Storage capacity, Apps and Software, and if using a laptop, Battery life.
Windows Security

What is Antimalware Service Executable (MsMpEng.exe)?

This article is primarily concerned with the Antimalware Service Executable (MsMpEng.exe), a feature of Virus & threat protection that is commonly associated with increased CPU usage. Antimalware Service Executable is a process that runs in the background of your computer. Ideally, you would never know it is there. But in reality, this process can cause very noticeable slowdowns in your system.

Antimalware Service Executable in Windows Task Manager

Unfortunately, ending this process in Task Manager will not solve the problem. Antimalware Service Executable is responsible for scanning while you use your computer. For example, when you open files, Antimalware Service Executable will scan them first. Sometimes this process uses more processing power than it should, and you feel your system stutter and slow down.

How to solve Antimalware Service Executable (MsMpEng.exe) high CPU usage

Below you can find tested solutions to help you remedy the problem of high CPU usage associated with Antimalware Service Executable (MsMpEng.exe). The solutions are purposely organized from easiest to most invasive so that you can quickly try a few common solutions before trying the more specialized options.

1. Scan for malware

Malware can cause issues with virtually any process, program, download, or file in your system. What may appear to be an issue caused by the Antimalware Service Executable could be due to some malware wreaking havoc on your computer. You should go ahead and complete a full scan before continuing on:

  1. Click the Windows key on your keyboard or click the Start button on the Taskbar.
  2. Search for “Windows Security” and click Open.
search for Windows Security
  1. Select Virus & threat protection from the menu on the left-hand side, and under Current threats, find and click Scan options.
Virus & threat protection
  1. Under Scan options, select Full scan, and then click Scan Now to scan all of your system and personal files.
  2. Alternatively, you can download third-party antimalware software to make sure Windows Defender hasn’t been compromised and isn’t missing something. Malwarebytes, for example, offers excellent free antimalware protection.
A full malware scan can fix the Antimalware Service Executable (MsMpEng.exe) high CPU usage issue
  1. The scanning process may take some time, so be patient. Windows Defender will quarantine and handle any malware it finds. When the scan is complete, restart your system, to see if the high CPU usage lingers.

2. Adjust scan schedule

If Windows Defender is set to fully scan your system using Antimalware Service Executable (MsMpEng.exe) during your peak usage hours, these high CPU usage problems may be especially bothersome. Thankfully you can change the set schedule time and frequency using the Task Scheduler application. To do this, follow the steps below:

  1. Click the Windows key on your keyboard or click the Start button on the Taskbar.
  2. Search for “Task Scheduler” and click Open.
Search Task Scheduler
  1. In the Task Scheduler window, look within the pane on the left-hand side for the Task Scheduler Library and double-click to open. Look for the following folders in this order, each successive folder will be within the dropdown of the previous folder. Click to expand Library > Microsoft > Windows > Windows Defender.
Task Scheduler - Windows Defender
  1. Now look in the middle-pane and underneath Name, find and double-click on Windows Defender Scheduled Scan.
Task Scheduler
  1. A window titled Windows Defender Scheduled Scan Properties (Local Computer) will open. To clear all scheduled scans, find the Conditions tab and uncheck everything. Click OK.
Windows Defender Scheduled Scan Properties - Conditions
  1. Make sure to continue here to create a new schedule for scans, or your system will be left without any regular scanning. Again double-click Windows Defender Scheduled Scan and find the Triggers tab. Click “New…
Windows Defender Scheduled Scan Properties
  1. You can tailor the schedule to your specific needs. Remember a scan will only be completed if your computer is on. A popular choice is running a scan nightly after you go to sleep. Maybe this is 10pm or maybe this is 4am, the choice is yours. You can also change how frequently your system is scanned. Click OK when your selections are complete.
New Trigger
  1. You can edit the scan times for all four services listed in the middle pane using the same process, Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification. Following these changes, restart your system and monitor to see if you notice an improvement in speeds,

3. Add Windows Defender to the scan exclusion list

Windows Defender actually scans itself during its scans, to prevent any malware from hiding within its system files. This presents some issues, such as increased CPU usage and lag. To prevent this unintended interaction, you can exclude Windows Defender from Windows Defender’s own scan list.

  1. Open Task Manager. You can either right-click on the Windows icon on the Taskbar and select Task Manager or press Ctrl + Shift + Esc.
Task Manager
  1. Find Antimalware Service Executable from the list. Right-click and select Open File Location.
  2. The file location for Antimalware Service Executable will open. Double-click to the right of the location and copy the location address. Exit this folder.
Manage Folder
  1. Click the Windows key on your keyboard or click the Start button on the Taskbar. Search for “Windows Security” and click on Open.
  2. Select Virus & threat protection from the pane on the left and then click on Manage settings under the Virus & threat protection settings header.
Family Options
  1. Scroll down to the Exclusions heading and click Add or remove exclusions.
Add Antimalware Service Executable (MsMpEng.exe) to Windows Defender's exclusion list to fix high CPU usage issue.
  1. Click Add an exclusion and select Folder from the dropdown. Paste the file location for Antimalware Service Executable into the Folder search box. Then click Select Folder. If your computer asks if you want to allow this application to make changes, click Yes.
  2. Now that Windows Defender will be skipped over during scans, Windows should run smoother without experiencing the consequences of software scanning itself. If your CPU usage remains high, continue to the next solution.

4. Turn off real-time protection

You can retain the daily antivirus scans but keep Antimalware Service Executable from scanning in real-time. This may stop the problem if it originates from the constant real-time scans instead of the scheduled scans. To turn off real-time protection:

  1. Click the Windows key on your keyboard or click the Start button on the Taskbar. Search for “Windows Security” and click on Open.
  2. Select Virus & threat protection from the left-hand pane and again click Manage Settings.
  3. In the new list, Real-time protection should be listed at the top. Switch this to Off.
Turning off real-time protection can fix the high CPU usage of Antimalware Service Executable (MsMpEng.exe)
  1. Notice the warning that this will leave your device vulnerable, and proceed with caution. Daily scans are recommended if you use this solution.

5. Turn off Windows Defender

If Windows Defender is still causing high CPU usage issues following the previous methods, it may be time to forgo Windows Defender and switch to third-party antimalware applications. Many users have reported this was the only solution that worked for them. A few highly recommended third-party options include:

To remove Windows Defender, you will need to enter the Registry, so follow along:

  1. Click on the Windows Key + R to open Run. In the search bar enter “regedit” and click OK. Your computer may prompt you to ask if this application can make changes to your computer.
    Warning: It’s important to understand that Registry changes can damage your system, so make sure you are careful and follow the steps.
run regedit
  1. The Registry window will open. Double-click the file path at the top and paste this instead:
    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
Registry Editor
  1. Double-click on DisableAntiSpyware within the middle pane, delete any value, set it to 0, and click OK. If you cannot change the value, you can right-click on DisableAntiSpyware and select Delete.
DisableAntiSpyware to resolve the Antimalware Service Executable (MsMpEng.exe) high CPU problem
  1. Restart your computer and then click on the Windows Key + R to open Run and enter “services.msc“. Within this list of services, you can search for Microsoft Defender Antivirus Service, to check if it’s running or not.

We have another article, where you can find additional ways to disable Windows Defender and Antimalware Service Executable (MsMpEng.exe).

Antimalware Service Executable high CPU usage solved

The solutions listed above provided you with a great set of options to fix your high CPU usage problem. Windows Defender is the onboard antivirus software included with Windows 10 and Windows 11. Windows Defender’s primary background service, Antimalware Service Executable, is known to cause some issues.

Problems are commonly experienced in the form of slowdowns due to high CPU usage. This happens during scheduled scans, real-time protection scans, and when Defender gets stuck in a loop. Alternatively, your system could have unidentified malware. After working through those main issues, if the problem remains, you can disable Windows Defender in favor of third-party antimalware software. There are many great options that may not impact your CPU usage the way Windows Defender does.

Leave a Comment