Antimalware Service Executable High CPU & Memory – How To Deal With It?

Antimalware Service Executable High CPU

Windows Defender is a decent antivirus solution that comes in a package with Windows 10 and Windows 11. There were many controversies about its efficiency and quality, which are still heard now. In this article, we’ll be dealing with one of the most rebuked traits of Windows Defender – its tremendous resource consumption. Namely, we will address the Antimalware Service Executable – one of Defender’s processes directly responsible for draining the CPU power.

What is Antimalware Service Executable?

Antimalware Service Executable is an internal process related to Windows Defender. It is responsible for your system’s antivirus protection – unless you have the other security program on your PC. If you open Task Manager, you will find the process in question in the list of background processes. The executable file associated with the msmpeng.exe process is exactly the executable file of Windows Defender. It sometimes causes a lot of disturbances on msmpeng.exe high CPU usage, since the computer is quite hard to use in that state. Let me explain why that happens.

Antimalware Service Executable High CPU & Memory – How To Deal With It?

Regardless of whether it was a blatant flaw of Windows developers or Defender was deliberately designed with the future computer powers in mind, the fact remains: the Windows security program can be extremely annoying sometimes. And most often, this irritation aims at the Antimalware Service Executable process because of its behavior. Since the Defender is an integral part of Windows, it might start a scan at that very moment when you least need it. It depends on your CPU power, of course, but in most cases, Antimalware Service Executable high CPU usage may cause a considerable decrease in the performance of your PC. When it does its monitoring procedures, opening your browser to check your mailbox may become quite a headache.

Antimalware service executable high cpu

Any anti-malware program takes significant CPU and RAM amounts during the scanning. That’s why it is useless to try to decrease it – you’d extend the scan time without achieving real success. Our hints in this article are to reschedule the msmpeng.exe activity and customize the time when Defender will be active for it to be less bothersome. When you expect , the Windows Defender activity, it will be much easier to decrease the negative effect from Antimalware Service Executable high memory usage. The more radical solution we suggest is switching to a lighter security program instead of a cumbersome Defender. We do not recommend you disable Antimalware Service Executable since leaving your system unprotected is worse than having sporadic performance issues.

Regarding MsMpEng.exe Process

MsMpEng.exe process is an executable file of Microsoft Defender. The Antimalware Service Executable service launches it on the system start unless the user chooses another option. However, seeing exactly the msmpeng.exe process running in your Task Manager is a bad sign. By default, if you don’t use a third-party process exploring utilities, this name will not appear. Instead, you will see the name of the corresponding service we mentioned above. The most common case for seeing the msmpeng.exe in Task Manager is the presence of malware that uses this name as a disguise. Usually, such a masquerade is used by coin miner trojans. Removing them is possible with GridinSoft Anti-Malware – try that out.

Fixing Antimalware Service Executable: Rescheduling processes

The most resource-consuming and, therefore, the most irritating process executed by Windows Defender is a full scan. However, it is not a useless tool. If you wish to stick to Windows Defender as your security solution, it is smart to schedule full scans for some time when they will not interrupt your work. That’s how you do it:

  • Open the Task Scheduler through the Search. Type “Task Scheduler,” and click on the first result

Antimalware Service Executable high memory

  • In the left pane, click Task Scheduler Library and then move to Library→Microsoft→Windows→Windows Defender. You will see Windows Defender Scheduled Scan, Windows Defender Cache Maintenance, Windows Defender Cleanup, and Windows Defender Verification in the middle pane as you open the Windows Defender folder. All these four services need to undergo the following procedure

Disable scheduled scans Defender

  • We will start with Windows Defender Scheduled Scan. Double-click on it, then click the Conditions tab and uncheck all options to clear scheduled scans. To schedule some new scans, which is desirable for security reasons, add some in the same window – in the Triggers tab.

Disable scheduled scans, enable triggers

  • Create a new schedule for the full scans of your system. Consider conducting a scan at least once a week as a security requirement. That is just a piece of advice, though. You can set an appropriate time of the day for scanning your PC when the process will not bother you.

Don’t forget about the remaining services shown in the Windows Defender folder! They appear in the background as well and still affect your performance. Do the same actions to those parameters.

Excluding Defender from the scan list

By default, Windows Defender scans every object on your device’s storage. As it runs onto itself, the performance of your PC especially degrades. Moreover, other software issues might occur, causing the aforementioned msmpeng.exe high CPU usage. It is reasonable to put Windows Defender on the scan exclusion list so that the program doesn’t even try to scan itself. To add Windows Defender to the scan exclusion list, do the following:

  • Open Task Manager. In the processes list, find Antimalware Service Executable. Right-click on it and select Open File Location in the drop-down menu.

MsMpEng.exe file location

  • In the opened window, you need to copy the full path of the Antimalware Service Executable. Click on the address bar with the right mouse button and press “Copy path”.

MsMpEng copy path

  • Now launch Windows Defender. You can use the Start Menu search bar to input windows defender right there and open the first found item. In the opened Windows Defender Security Center, go to Virus & threat protection → Virus & threat protection settings. Scroll the settings down to Exclusions and click Add or remove exclusions. On the opened screen, press Add and exclusion, select Folder, and paste the path from your clipboard. Click Open, and Windows Defender will not scan the folder where Antimalware Service Executable is located.

MS Defender set exclusions

Disable Windows Defender

As was mentioned, we don’t recommend disabling Antimalware Service Executable since it plays a significant role in your device’s security. However, if you want to cut the Gordian knot at once and deactivate Windows Defender, here is how to pull this off. Since it is a Windows in-built component, you cannot remove Defender as if it were an arbitrarily installed application. You can only deactivate it. Should you proceed, remember that turning off Windows security will leave your device bare before the possible threats. Make sure you think of a substitute for Windows Defender – having a lame horse is better than walking.

To deactivate Windows Defender, do the following steps:

  • Open Run by pressing Win+R. In the dialog box, type RegEdit and click OK.


  • In the opened Registry Editor, take the following path using the navigation pane on the left side of the window: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

DisableAntiSpyware registry entry

  • If you see the DisableAntiSpyware registry entry, double-click it and set its value to 1. If you can’t find this registry entry, right-click the right pane of the Registry Editor window and, in the dropdown menu, select: New → DWORD (32-bit) Value. Name this entry DisableAntiSpyware. Double-click the entry and set its value to 1.

Installing an alternative solution

Users shouldn’t leave their systems unprotected. As soon as you deactivate the Windows default security program, you will need a substitute for it to stay safe. Our suggestion is that you give GridinSoft Anti-Malware a try. This versatile program features all state-of-the-art functions that Windows Defender could boast about. Scheduled deep scans, on-run protection, and Internet security are all there. However, thanks to the developers’ initial intention to make the solution quick and lightweight, Anti-malware does not obstruct your work process even when in the most active phase.

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

View all of Stephanie Adlam's posts.

Leave a comment

Your email address will not be published. Required fields are marked *