What is msmpeng.exe Antimalware Service Executable? How to Stop its Excessive CPU Usage?

Antimalware Service Executable High CPU

Antimalware Service Executable is an integral part of the Windows Defender mechanism. It secures the system from significant malware to ensure data integrity, availability, and confidentiality.

However, numerous users have reported high CPU usage when the msmpeng.exe process runs. If you, too, face this issue, you can follow the procedures listed in this blog to save CPU resources and maintain performance.

msmpeng.exe Antimalware Service Executable: A Brief Overview

msmpeng.exe is a process executed by the Windows Defender utility software. Its primary function is to scan the system, detect malware files, and quarantine or remove them. You will find this program constantly running by default on your system, as it supports real-time protection.

In addition, it also scans the downloaded files to protect you from adware, spyware, keyloggers, and other such malware. However, it’s reported that sometimes it uses exceptionally more CPU resources, leading to slowing the entire system.

To learn about the reasons behind more CPU utilization, look at the further section.

Why msmpeng.exe Antimalware Service Executable Consumes High CPU Resources?

There are numerous reasons why Antimalware Service Executable uses more CPU power. But the primary ones are as listed below:

  • While providing real-time protection against malware, the process needs to constantly scan the system and maintain the network. Due to this, more power is required.
  • Low CPU cores or outdated hardware can cause the system to lag and even crash.
  • The outdated software and hardware drivers can also be a primary reason.
  • An encrypted malware running in the background can fluctuate the functioning of msmpeng.exe.

Similarly, more reasons can be discovered depending on the use case and system specifications.

The Approaches To Reduce Antimalware Service Executable CPU Usage

Following are the top approaches that you can use to minimize CPU utilization by antimalware service executable (msmpeng.exe).

#1: Disable the Functioning of Windows Defender

As you know, msmpeng.exe is a process of Windows Defender. So, if you disable it, the Antimalware Service Executable will automatically stop, and CPU resources will be saved. However, before disabling the Windows Defender, you should install a third-party legit antimalware or system security solution.

To disable Windows Defender by using the registry editor, follow the below procedure:

Step 1: Open the run dialog window using the Win + R keys combination.

Step 2: Input the “Regedit” and click on “OK” to access the Registry Editor.

Step 3: By using the navigation pane, follow the below path.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Step 4: In the Windows Defender folder, find the “DisableAntiSpyware” registry and double-click on it.’

Step 5: Modify the value of the registry to 1, and the Windows Defender will be disabled on your system.

Disable Anti Spyware

Further, if “DisableAntiSpyware” is not available, you should execute the below steps.

Step 1: Go to “Registry Editor” and use the right-click on it.

Step 2: Choose “New” >> “DWORD (32 bit)”.

Step 3: Set the name of the new registry as “DisableAntiSpyware” ,use the double-click to reach settings, and change the value to 1.

#2: Modify the Windows Defender Scheduling Configuration

Mainly, the full scan performed by Windows Defender is scheduled by default. It gets executed when you turn on the system or anytime, according to the schedule. Due to this, the computer starts to lag in between and utilizes more CPU.

To modify the schedule, undergo the following process:

Step 1: Open the “Task Scheduler” with the help of the Windows search feature.

Step 2: Go to “Task Schedule Library” and double-click on it.

Step 3: By expanding the folders, navigate through the following path.

Library/Microsoft/Windows/Windows Defender.

Step 4: Under the “Windows Defender” folder, find the “Windows Defender Scheduled Scan” option and open it by double-clicking.

Windows Defender Scheduled Scan

Step 5: Go to the “Conditions tab” of the new window and uncheck all displayed options.

Step 6: Click on “OK” and the previous schedule data will be removed.

Conditions Tab

Further, you should schedule the scans per your needs and business requirements by following the below process.

Step 1: Go to “Windows Defender Scheduled Scan” and double-click on it.

Step 2: Navigate to the “Triggers” tab and click on “New”.

Step 3: Generate a new scan schedule per business requisites.

Step 4: Select the “Day of the scan” and hit the “OK” button.

Windows Defender Triggers

Step 5: Now, repeat the same procedure for the following:

  • Windows Defender Cleanup
  • Windows Defender Cache Maintenance
  • Windows Defender Verification

#3: Add msmpeng.exe in the Windows Defender’s Exclusion List

To stop the self-scanning functionality of Windows Defender, you can follow the process below.

Step 1: Access the Task Manager by using the Ctrl + Shift + Esc key combination.

Step 2:  A list of active processes will be displayed, from which you need to discover the “Antimalware Service Executable.”

Antimalware Service Executable high cpu

Step 3: Once you find the process, use the right-click to open its location.

Step 4: Copy the complete path of Antimalware Service Executable.

Step 5: Open the “Windows Defender” using the start menu.

Step 6: Go to “Virus & threat protection” and then open their settings.

Windows Defender Exclusions

Step 7: Scroll until you locate the “Exclusions” option.

Step 8: Click on the “Add or remove exclusions” option >> “Add an exclusion,” >> “Folder.”

Exclusions Add Folder

Step 9: Paste the path that you copied in Step 4.

Step 10: Click on “Open”.

As a result, when the Windows Defender initiates the scan, it will not include its own file and the folders that include it. Thus, the CPU resource utilization will be minimized.

Concluding Up  

The antimalware service executable scans constantly and provides real-time protection. Due to this, it sometimes uses additional CPU cores, leading to the slowing down of other processes and applications. To minimize CPU usage, you can follow any of the three main approaches listed above.

Disabling the Windows Defender, putting the process in the execution list, and modifying the scheduled scan will help you with this issue. You can go for any of the approaches, but remember to install a third-party antivirus software if you disable the Windows Defender. As a result, CPU utilization will be minimized.

Protect your Software & Application Code from against Tampering

Code Signing Certificates ensure the software integrity and authenticity and Get rid of the Unknown Publisher Message and Other Security Warning from Windows.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.