7 Fixes For Antimalware Service Executable High CPU Usage

What Is “Antimalware Service Executable”?

Windows Defender service is a built-in feature of Windows 10. It replaces the free Microsoft Security Essentials antivirus for Windows 7. It assures that all Windows 10 users have one installed and operating at all times. You have an out-of-date antivirus program installed.  Windows 10 will automatically disable it and replace it with Windows Defender.

antimalware service executable in task manager

Windows Defender’s Service ”the Antimalware Service Executable” process, always runs in the background. It’s in charge of scanning files for malware when you open them. Running background system scans to look for malicious software. Updating antivirus definitions and whatever else a security program like Windows Defender has to do. 

The process is called Antimalware Service Executable in the Task Manager’s Processes tab. Its file name is MsMpEng.exe.

What is “msmpeng.exe”? Is it a Virus?

Go through the background processes list in Task Manager. Antimalware Service Executable is a process with the file msmpeng.exe as its counterpart.

This procedure enables Windows Defender to scan your computer for threats continuously. It provides real-time malware and cyberattack protection. At the same time, it may be the source of abnormally high CPU utilization.

Another function of Windows Defender that could be slowing down your PC is Full Scan. It runs a thorough scan of all of your computer’s files. Full Scan focuses hard on the CPU and isn’t hesitant to consume all of your system’s resources. When it is running, you may suffer latency, delays, hanging, and other system interruptions.

When an antivirus tool runs a scan, it is common for it to use up system resources. Windows Defender is significantly more greedy than the majority of antivirus programs. It has a history of using a lot of CPU for a long time. Perform scans as soon as you turn on your computer to send an email or check a website rapidly.

It’s critical not to turn off Windows Defender without first installing a different IT security solution. Allow the application to complete its task, resolve any threats.

No one heard of any viruses that purport to be the Antimalware Service Executable process. Windows Defender is an antivirus. Any malware that tries to accomplish this should be stopped in its tracks. It’s typical for Windows Defender to be operating as long as you’re using Windows and have Windows Defender turned on.

If you’re truly worried, you can always conduct a scan with another antivirus program to be sure there’s nothing dangerous on your computer.

Why Is CPU Usage So High?

The Antimalware Service Executable has high CPU usage or disk resources. It’s probably looking for malware on your machine. Windows Defender and antivirus programs examine your computer’s files regularly.

It also checks files as you view them and install updates with information on new threats regularly. This CPU usage could mean that Windows Defender is installing an update. You’ve just accessed a massive file that requires more time to analyze.

Windows Defender analyses your computer in the background only while it is idle and not in use. Even if you’re not using your computer, CPU usage may execute updates or scan files when you access them. The background scans, on the other hand, should not run while you are using your computer.

It is typical for any antivirus tool, as they all require some system resources to examine your computer and keep you safe.

Methods To Solve Antimalware Service Executable’ High Cpu Usage

  1. Windows Defender’s scheduling options
  2. Disable Windows Defender
  3. Use the Local Group Policy Editor
  4. MsMpEng.exe process is legit
  5. Check for malware infections
  6. Add Antimalware Service Executable to Defender’s exclusion list
  7. Remove Bad Updates

1. Windows Defender’s Scheduling Options

Antimalware Service Executable Process often causes considerable memory use. Windows Defender is doing a thorough scan for most individuals. We can solve this issue by scheduling the scans when you’re less likely to notice the impact on your CPU usage.

  • Start the program, then go to the Start menu, type “task scheduler,” and then click the top result.
task scheduler
  • Double-click Task Scheduler Library in the left navigation panel. Expand these folders even more and navigate to the following location: 
    • Microsoft/Windows/Windows Defender
  • After you’ve opened the Windows Defender folder. Double-click Windows Defender Scheduled Scan in the main panel.
Windows Defender folder Scheduled Scan
  • Uncheck all choices on the Conditions tab, then click OK. Your scheduled scans will be cleared as a result of this action.
Uncheck all choices on the Conditions tab
  • It’s vital to schedule some new scans to secure your computer. We can do so in a way that decreases the impact on your system’s performance. 
  • Double-click Windows Defender Scheduled Scan, then go to the Triggers tab and click New.
  • Create a new scan schedule that meets your requirements. Use parameters that strike a balance between system security and efficiency. 
fresh scan schedule
  • We recommend performing weekly scans at a time when the higher CPU usage is unlikely to be noticed.
  • Carry on with the other three schedules in the same manner.
  • Windows Defender Cleanup, Windows Defender Cache Maintenance, and Windows Defender Verification.

2. Disable Windows Defender

Disabling Windows Defender entirely may solve the issue. Keep in mind that doing so exposes your machine to a variety of cyberattacks. 

So you should install an effective anti-malware program. Disable antimalware service by the below steps.

Using the Registry Editor, turn off Microsoft Defender completely.

  • To launch the Run Dialog Box, press Windows Key + R.
  • To open the Registry Editor, type regedit in the Run Dialog Box and click OK.
  • Double-click the left navigation panel folders to get to HKEY/LOCAL MACHINE/SOFTWARE/Policies/Microsoft/Windows Defender.
HKEY/LOCAL MACHINE/SOFTWARE/Policies/Microsoft/Windows Defender.
  • If you locate a DisableAntiSpyware registry entry, double-click it and change the value data to 1. Suppose you don’t see a registry item titled DisableAntiSpyware.
    • Right-click in the main Registry Editor panel and select New > DWORD (32 bit) Value.
    • Give your new registry entry the name DisableAntiSpyware. Double-click it, then change the value data to 1.
 DisableAntiSpyware registry entry

3. Use the Local Group Policy Editor

  • Open the Local Group Policy Editor, press Windows Key + R, type gpedit.msc in the Run dialogue box, and click OK.
  • Navigate to Computer Configuration ⇒ Administrative Templates ⇒ Windows Components ⇒ Windows Defender in the Local Group Policy Editor.
  • Look for the Turn off Defender setting in this Group Policy path and double-click it. 
  • To turn off Defender, select the Enabled option. After that, click Apply and then OK.
  • The defender should be turned off immediately. Whether it still doesn’t work, restart the computer and see if it’s disabled.

4. MsMpEng.exe process is legit

There is a chance your machine has been infected with malware that forces the real Antimalware Service Executable to run. In that scenario, you should run a system scan with antivirus software. You may want to do it in Safe Mode with Networking.

You will erase antimalware service executable virus as soon as an antivirus detects some questionable software.

The genuine MsMpEng.exe, on the other hand, does not need to be removed. It’s a valid file that’s completely safe.

5. Check for Malware Infections

Something more nefarious is likely causing Microsoft Defender to slow down your machine. Check your system for any virus that may be compromising its ability to perform smoothly and safely. Conduct a comprehensive system scan with trustworthy and lightweight anti-malware solutions. 

6. Antimalware Service Executable to Windows Defender Folder exclusion list

Microsoft Defender scans every file on your computer, including itself, throughout its scans. It can lead to some fascinating interactions on rare occasions and is a common cause of system latency. You may simply tell Microsoft Defender to skip itself while doing a system scan to avoid this from happening. Add files in windows defender’s exclusion list to make it happen.

  • Open Windows Task Manager. Use Ctrl + Shift + Esc together.
  • Look for Antimalware Service Executable in the list of processes. 
  • Select “Open File Location” from the menu when you right-click on the process.
Open File Location
  • The whole path of Antimalware Service Executable can be found in the address bar. Copy the entire path by clicking on the address bar.
Copy the entire path on the address bar
  • Open the Windows Defender Security Center, go to the Start menu, type “Windows Security,” and then click the top result.
  • Select Virus & Threat Protection. Then “Virus & Threat Protection Settings” and “manage settings” from the drop-down menu.
windows defender security center
  • Click Add or remove exclusions after scrolling down to “Exclusions.” 
  • Click Add an exclusion on the next screen. 
  • Select Folder path address and paste the path to Antimalware Service Executable (MsMpEng.exe) into the address box. 
Antimalware Service Executable exclusion
file path
  • Finally, click Open, and the folder will no longer be scanned.

7.  Remove Bad Updates

When Windows Defender receives faulty definition updates, it may name specific Windows files as viruses. As a result, we’ll use Command Prompt to remove these updates in this step.

  • Open the run prompt by pressing the “Windows” + “R” keys simultaneously.
  • Grant administrative rights to the command prompt, type “cmd” and concurrently press “Shift” + “Ctrl” + “Enter.”
  • Press “Enter” after typing the following command.
    • “%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe” -RemoveDefinitions -All
  • Then, press “Enter” after typing the following instruction.
    • “%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe” -SignatureUpdate
  • Wait for the process to finish before checking to see if the problem still exists.


Windows Defender is a valuable feature, mainly because it comes with your operating system for free, but it might drain your PC’s CPU. You may take control of Antimalware Service Executable high CPU usage. Keep your computer running at maximum speed by following the methods outlined in this article.

Frequently Asked Questions

How do I fix antimalware service executable high CPU usage?

Antimalware Service Executable often causes considerable memory use. Windows Defender is doing a thorough scan for most individuals. Users can solve this by scheduling the scans when you’re less likely to notice the impact on your CPU. Optimize the scan schedule in its entirety.

Why is the anti-malware service executable running?

When you visit them, the Antimalware Service Executable is running to scan for malware and spyware. If there’s anything hazardous, it’ll detect it. Furthermore, it does a background scan of your system for viruses and worms.

What happens if I disable the antimalware service executable?

The Antimalware Service Executable causes high memory usage and memory leaks. Many customers have complained about memory concerns as a result of using this service. Antimalware Service Executable is unable to complete the task. If you can’t get Windows Defender to stop running on your computer, you’ll have to disable or uninstall it.

Why is my Windows Defender using so much CPU?

When Windows Defender is scanning the system for malware, this issue with MsMpEng.exe consuming 100% of the HDD and CPU is standard. While searching for viruses, the Windows Defender scan gets stuck on a few files. When this happens, it should be restricted or deactivated until it can be used typically again.

Can I end antimalware service executable?

Press Win + X to activate the Power User menu and kill the task if it’s creating problems. “Task Manager” should be selected.” Antimalware Service Executable may be terminated by right-clicking and selecting “End Task.” For the duration of your current session, Microsoft Defender will be disabled.

Meet the Author

Abdul Rahim has been working in Information Technology for over two decades. Learn how Abdul got his start as a Tech Blogger , and why he decided to start this Software blog. If you want to send Abdul a quick message, then visit his contact page here.