Windows Defender is a decent antivirus solution that comes in a package with Windows 10 and Windows 11. There were many controversies about its efficiency and quality in the past, which are still heard now. In this article, we’ll be dealing with one of the most rebuked traits of Windows Defender – its tremendous resource consumption. Namely, we will address the Antimalware Service Executable – one of Defender’s processes directly responsible for draining the CPU power.
What is Antimalware Service Executable?
Antimalware Service Executable is an internal process related to Windows Defender. It is responsible for the antivirus protection of your system – unless you have the other security program on your PC. If you open Task Manager, you will find the process in question in the list of background processes. The executable file associated with the msmpeng.exe process – exactly, the executable file of Windows Defender. It sometimes causes a lot of disturbances on msmpeng.exe high CPU usage, since the computer is quite hard to use in that state. Let me explain why that happens.
Regardless of whether it was a blatant flaw of Windows developers or Defender was deliberately designed with the future computer powers in mind, the fact remains: the Windows security program can be extremely annoying sometimes. And most often, this irritation aims at the Antimalware Service Executable process, because of its behaviour. Since the Defender is an integral part of Windows, it might start a scan at that very moment when you least need it. It depends on your CPU power, of course, but in most cases, Antimalware Service Executable high CPU usage may cause a considerable decrease in the performance of your PC. When it does its monitoring procedures, even opening your browser to check your mailbox may become quite a headache.
Any anti-malware program takes significant CPU and RAM amounts during the scanning. That’s why it is useless to try to decrease it – you’d just extend the time of the scan, without reaching any real success. Our hints in this article are to reschedule the msmpeng.exe activity and customise the time when Defender will be active for it to be less bothersome. When you expect the Windows Defender activity, it will be much easier to decrease the negative effect from Antimalware Service Executable high memory usage. The more radical solution we suggest is switching to a lighter security program instead of a cumbersome Defender. We do not recommend you to disable Antimalware Service Executable, since leaving your system unprotected is worse than having sporadic performance issues.
Regarding MsMpEng.exe Process
MsMpEng.exe process is an executable file of Microsoft Defender. The Antimalware Service Executable service launches it on the system start unless the user chooses another option. However, seeing exactly msmpeng.exe process running in your Task Manager is a bad sign. By default, if you don’t use third-party process exploring utilities, this name will not appear. Instead, you will see the name of the corresponding service we mentioned above. The most common case for seeing the msmpeng.exe in Task Manager is the presence of malware that uses this name as a disguise. Usually, such a masquerade is used by coin miner trojans. Removing them is possible with GridinSoft Anti-Malware – try that out.
Fixing Antimalware Service Executable: Rescheduling processes
The most resource-consuming and, therefore, the most irritating process executed by Windows Defender is a full scan. However, it is not a useless tool. If you wish to stick to Windows Defender as your security solution, it is a smart move to schedule full scans for some time when they will not interrupt your work. That’s how you do it:
- Open the Task Scheduler through the Search. Type “Task Scheduler”, and click on the first result
- In the left pane, click Task Scheduler Library and then move to Library→Microsoft→Windows→Windows Defender. You will see Windows Defender Scheduled Scan, Windows Defender Cache Maintenance, Windows Defender Cleanup, and Windows Defender Verification in the middle pane as you open the Windows Defender folder. All these four services need to undergo the following procedure
- We will start with Windows Defender Scheduled Scan. Double-click on it, then click the Conditions tab and uncheck all options to clear scheduled scans. To schedule some new scans, which is desirable for security reasons, add some in the same window – in the Triggers tab.
- Create a new schedule for the full scans of your system. Consider conducting a scan at least once a week as a security requirement. That is just a piece of advice, though. You can set appropriate time of the day for scanning your PC, when the process will not bother you.
Don’t forget about the remaining services shown in the Windows Defender folder! They appear in the background as well, and still affecting your performance. Do the same actions to those parameters.
Excluding Defender from the scan list
By default, Windows Defender scans every object on your device’s storage. As it runs onto itself, the performance of your PC especially degrades. Moreover, some other software issues might occur, causing the aforementioned msmpeng.exe high CPU usage. It is reasonable to put Windows Defender on the scan exclusion list so that the program doesn’t even try to scan itself. To add Windows Defender to the scan exclusion list, do the following:
- Open Task Manager. In the processes list, find Antimalware Service Executable. Right-click on it and select Open File Location in the drop-down menu.
- In the opened window, you need to copy the full path of the Antimalware Service Executable. Click on the address bar with the right mouse button and press “Copy path”.
- Now launch Windows Defender. You can use the Start Menu search bar to input windows defender right there and open the first found item. In the opened Windows Defender Security Center, go to Virus & threat protection → Virus & threat protection settings. Scroll the settings down to Exclusions and click Add or remove exclusions. On the opened screen, press Add and exclusion, select Folder, and paste the path from your clipboard. Click Open and Windows Defender will not scan the folder where Antimalware Service Executable is located.
Disable Windows Defender
As it was mentioned, we don’t recommend to disable Antimalware Service Executable, since it plays a significant role in your device security. However, if you would like to cut the Gordian knot at once and deactivate Windows Defender, here is how to pull this off. Since it is a Windows in-built component, you cannot remove Defender as if it were an arbitrarily installed application. You can only deactivate it. Should you proceed, remember that turning off Windows security will leave your device bare before the possible threats. Make sure you think of a substitute for Windows Defender – having a lame horse is better than walking.
To deactivate Windows Defender do the following steps:
- Open Run by pressing Win+R. In the dialog box, type regedit and click OK.
- In the opened Registry Editor, take the following path, using the navigation pane on the left side of the window: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
- If you see the DisableAntiSpyware registry entry, double-click it and set its value to 1. If you can’t find this registry entry, right-click the right pane of the Registry Editor window and, in the dropdown menu, select: New → DWORD (32 bit) Value. Name this entry DisableAntiSpyware. Double-click the entry and set its value to 1.
Installing an alternative solution
Users shouldn’t leave their systems unprotected. As soon as you deactivate the Windows default security program, you will need a substitute for it to stay safe. Our suggestion is that you give GridinSoft Anti-Malware a try. This versatile program features all state-of-the-art functions that Windows Defender could boast about. Scheduled deep scan, on-run protection, and Internet security are all there. However, thanks to the developers’ initial intention to make the solution quick and lightweight, Anti-malware does not obstruct your work process even when in the most active phase.