Antimalware Service Executable High CPU Usage Fixed Windows 11/10

Windows users have reported a problem with the primary Antimalware Service Executable (MsMpEng) using over 80% of the CPU processing power. This issue is more common on Windows 10 and 11.

What is the Antimalware Service Executable (msmpeng.exe)?

The Microsoft Malware Protection Engine, Msmpeng.exe, is the primary executable for the antivirus program in Windows 10 and 11.

This background program scans your computer for threats such as harmful software, viruses, and worms and quarantines or deletes them once they are detected.

What causes msmpeng.exe to use a high CPU?

Upon investigation, it was determined that the Antimalware service executable high CPU usage issue stems from multiple possible factors. These are some situations where you might notice abnormally high CPU usage caused by the MsMpEng component:

1. File Corruption Impacting Windows Defender

If you suspect Windows Defender is causing Antimalware service executable high CPU usage due to corruption, it’s best to begin troubleshooting. You have the option to use a third-party repair utility or perform a repair install to resolve the issue.

Many users have reported that the MsMpEng task runs too frequently, causing an excessive load. This issue often occurs when an administrative task related to MsMpEng is scheduled too frequently. To resolve this issue, you can use the Task Scheduler to adjust the task frequency that triggers the MsMpEng process.

2. Windows Defender interference

This problem may arise when Windows Defender clashes with a third-party antivirus program, typically from a smaller, unverified company. You can disable Windows Defender by using either the Local Group Policy Editor or the Registry Editor.

3. The antispyware function is activated

Some experts in the Windows 10 community suggest that a disabled Registry key could be the cause of the issue, even if Windows Defender is not an active antivirus. To solve this, simply open the Registry Editor and adjust the value data of the DisableAntiSpyware key.

4. Internal Windows Defender Conflict

Note: Adding MsMpEng.exe to the Windows Defender exclusion list can lower CPU usage. Users have found this solution to be highly effective when reactivating Windows Defender after using a different third-party antivirus for a long time.

5. Malware Infection

Interestingly, the security file MsMpEng.exe causing an increase in CPU usage could indicate a potential virus infection. This file may potentially be malware pretending to be a system process to gain access to the system’s resources. Perform a thorough scan using a reliable anti-malware tool to confirm.

Windows Defender has had a history of inaccurate virus definition updates, resulting in false positives where legitimate files are mistakenly flagged as malware or adware. To resolve this issue, you can remove the faulty update through an elevated CMD prompt if you are confident that your computer is virus-free.

6. Looping Process Mitigation

Antimalware service executable high CPU usage issue sometimes happens when the process mitigation feature accidentally triggers a persistent Exploit Protection loop. Windows Defender consistently interferes with a folder or program’s activity, resulting in high CPU usage from repeated attempts.

7. Windows Defender is inefficient

If none of the other solutions in this article work, you can permanently fix this issue by using a different antivirus program. If you’re prepared to switch from the built-in Windows Defender suite, go ahead with this option.

How to fix high CPU usage using an executable antimalware service?

Now that we have discussed all possible causes for this behavior, let’s focus on resolving the issue.

Here are some proven methods that other users have used to effectively treat a situation where the MsMpEng process uses an abnormally high amount of CPU resources.

1. Address system file corruption issues

To address this issue, start by checking for any corrupted system files.

You have two options to ensure that:

1. Follow the steps for a Windows 10 repair install to effectively replace any damaged system files, while keeping your applications, games, personal media, and documents intact.
2. If you have tried the previous option and did not find any system file corruption causing high MsMpEng.exe usage, you can move on to the following method.

2. Decrease the frequency of tasks related to MsMpEng.exe

Several users have reported that this behavior is often caused by an administrative task related to MsMpEng running frequently.

To address this problem, you can use Task Scheduler to decrease the frequency of the task responsible for initiating the MsMpEng process.

To accomplish this, you must access the Task Scheduler utility located in the Administrative Tools. Next, you can customize the Windows Defender Scheduled Scan task located in the Windows Defender settings. This allows you to choose whether you want the scan to run weekly or monthly.

Important: This will be very useful if you are using Windows 10 on a less powerful PC with limited CPU processing power.

To reduce the frequency of MsMpEng.exe tasks, follow these steps:

1. To open a Run dialog box, press the Windows key + R.
2. To open Task Scheduler with admin access, type ‘taskschd.msc‘ in the Run box and press Ctrl + Shift + Enter.
3. Click Yes at the User Account Control prompt to grant admin access.
4. Once you’re in Task Scheduler, you can find the location you need using the left side menu.
5. Microsoft > Windows > Windows Defender
6. Click on the Windows Defender folder in the side menu, then double-click on Windows Defender Scheduled Scan in the central pane.
7. Go to the General tab in the Windows Defender Scheduled Scan Properties window and deselect the ‘Run with Highest Privileges‘ option.
8. After that, go to the Conditions tab and deselect all the options under Idle, Power, and Network. Finally, click OK to save the changes.
9. This is only temporary; we’ll schedule them properly using the steps below. No need to worry!
10. Now, let’s proceed with the rescheduling portion. Go to the Triggers tab and select New. Choose between the Weekly or Monthly option based on your preference. Next, select the desired Day, click OK, and ensure that the Enabled box is checked at the bottom of the screen.
11. Please note that this action will adjust the scan frequency of Windows Defender. Please wait for any ongoing scans to finish before proceeding. After completing the task, the results will be visible. Even if the scan runs according to your schedule, you might still experience high CPU usage.
12. Do the same thing for the other three schedules: Windows Defender Cache Maintenance, Windows Defender Cleanup, and Windows Defender Verification.

If you’re still experiencing the same issue after adjusting the scan frequency, proceed to the next method below.

3. Disable overlapping Windows Defender

This issue may arise if Windows Defender is running alongside another third-party antivirus software. This can occur when you use a security solution from a smaller company that Microsoft does not verify.

To resolve this issue, you will have to manually disable Windows Defender. One efficient method is to use the Local Group Policy Editor.

Please note that this method is compatible with Windows 10 Enterprise and Pro Editions and more advanced versions of earlier operating systems. If you can’t use the Local Group Policy Editor, you can directly revert to the Registry tweak.

To disable a potential Windows Defender overlap, follow these steps:

1. Simply press the Windows Key + R. Next, enter ‘gpedit.msc‘ into the Run dialog box.
2. To open the Local Group Policy Editor with admin access, press Ctrl + Shift + Enter.
3. Once you’re in the home screen of the Local Group Policy Editor, find the location you need using the side menu on the left.
4. Computer Configuration > Administrative Templates > Windows Components > Windows Defender
5. Once you’ve navigated to the appropriate Group Policy path, locate “Windows Defender” and then find the “Turn off Windows Defender” setting in the central pane. Simply double click on it. To disable Windows Defender, choose the “Enabled” option. Click the “Apply” button, then select “OK.”
6. Once you complete this step, Windows Defender will be disabled immediately. Just perform a quick restart, and you’re done.
7. If you look at Task Manager, you’ll see that MsMpEng is no longer listed among the system processes.

If this method didn’t work for you or if you prefer a different approach, please proceed to the next method below.

4. Disable the AntiSpyware function

According to insiders in the Windows 10 community, this problem could be caused by a disabled Registry key, even if Windows Defender is no longer the active antivirus.

To resolve this issue, you can open the Registry Editor and modify the value data of the DisableAntiSpyware key.

Please note that this method is only applicable if Windows Defender is currently active as your computer’s antivirus solution or if it was recently disabled without being replaced by a different antivirus suite. Typically, when a new third-party antivirus is installed, it automatically disables Windows Defender’s anti-spyware function.

To determine if this scenario is relevant, follow the steps below to utilize the Registry Editor and disable the antispyware function if necessary:

1. Begin by opening a Run box using the Windows key + R shortcut.
2. After that, you can open the Registry Editor with administrative privileges by typing ‘regedit‘ in the Run box and pressing Ctrl + Shift + Enter.
3. Click Yes when encountering the User Account Control (UAC) prompt to give admin access.
4. Once you’re in the Registry Editor, simply use the left menu to find the location you need.
5. The path you need to navigate to is:
   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
6. Here is a quick tip: You have two options to reach this location. You can either navigate there manually or paste the path into the navigation bar and hit Enter for instant access.
7. To access the correct location, navigate to the right-hand pane and double-click on the registry entry called DisableAntiSpyware.
8. Please note that if the Registry key is not found in the Windows Defender folder, you have the option to download and apply a registry file to your PC. This will automatically add the missing key to your registry.
9. To disable the Anti Spyware function, follow these steps:
   1. Open the Edit World (32-bit) Value window for DisableAntiSpyware.
   2. Set the Base to Hexadecimal.
   3. Change the Value data to 1.
   This will ensure that the Anti Spyware function remains disabled.
10. After making the changes, close the Registry Editor and restart your computer.
11. Once your PC has finished booting up, verify if you are still encountering the same high CPU usage issue caused by Msmpeng.exe.

If you’re still experiencing the issue after following the instructions, you can try the method outlined below.

5. Scan for Malware

It may seem ironic, but a virus infection can be indicated by high CPU usage caused by the security file MsMPEng.exe. The MsMpEng.exe file could be disguised as malware, pretending to be a system process to exploit the system’s resources.

To ensure this is not the case, performing a thorough scan using a trusted anti-malware program is recommended.

We suggest using a deep Malwarebytes scan as it is a highly effective security scanner for both malware and adware.

Once the scan is finished, follow the instructions to remove any infected instances. After restarting your PC, reopen the Task Manager by pressing Ctrl + Shift + Esc. Check if the CPU usage related to MsMpEng.exe has decreased.

If the issue persists, proceed to the next method below.

6. Adding Msmpeng.exe to the Windows Defender Exclusion list (if applicable)

Some users have reported that adding MsMpEng.exe to Windows Defender’s exemption list resulted in a noticeable decrease in CPU usage.

This solution is effective for situations where Windows Defender was reactivated after a long period of using a different third-party antivirus.

Remember that certain harmful programs may try to hide by pretending to be the Msmpeng executable, so they can go undetected by security software like Windows Defender. As a result, Windows Defender or another antivirus program might repeatedly scan the file due to a false positive.

If you followed the steps in Method 5 to check for infections on your computer, there’s no need to worry. A common false positive can likely occur on Windows 10 when using Windows Defender.

If this situation applies to you, you can quickly resolve it by adding the MsMpEng.exe file to the exclusion list. Once you do this, you’ll see a noticeable decrease in CPU usage.

Here are the steps you should follow:

1. Press Ctrl + ALT + Del on your keyboard and open the Windows Task Manager.
2. Please note that if the primary interface opens automatically, you can click on ‘More Details‘ to access the advanced interface.
3. Find the Antimalware Service Executable process in the list of processes.
4. After accessing the Expert interface, navigate to the Processes tab and locate the Antimalware Service Executable (MsMpEng.exe).
5. To view the full path of the executable, right-click on it and select Open File Location. The file MsMpEng will be highlighted. To copy the location of this file path, click on the address bar.
6. After that, press the Windows Key and then ‘I.’ Select the option labeled ‘Update and Security‘. Next, choose ‘Windows Defender‘ from the menu on the left side. Scroll down and choose ‘Add an exclusion‘ from the ‘exclusion‘ options. Exclude a process or FileType that ends in .exe, .com, or .scr. Finally, provide the path to MsMpEng.exe
7. After completing these steps, simply restart your PC and check if the CPU resource usage significantly decreases once your PC is back up and running.

If the resource consumption remains high or Windows Defender is not your current antivirus, proceed to the next method below.

7. Reverting a Bad Windows Defender Definition Update

Windows Defender has a track record of virus definition updates that may result in false positives. If you’re confident that you don’t have a virus infection, open an elevated CMD prompt to remove the bad update.

Interestingly, this problem mainly affects Windows 10, as Microsoft has resolved it for their most recent operating system. Despite this, we continue to encounter frequent instances of problematic Windows Defender definition updates on Windows 10.

If you think you’re dealing with high CPU usage caused by MsMpEng.exe and this situation applies to you, the fastest solution is to use an elevated Command Prompt interface to remove the problematic update.

Please note that this method assumes that you currently use Windows Defender as your default security suite.

Follow the instructions below for a clear and concise guide on how to do this:

1. Press the Windows key + R to open the Run dialog box.
2. To open a Command Prompt window with admin access, type ‘cmd‘ inside the Run text box and then press Ctrl + Shift + Enter simultaneously.
3. Click Yes when the User Account Control (UAC) prompts to grant admin access.
4. To remove all the definitions currently associated with WindowsDefender, type the following command in the elevated CMD prompt:
   “%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe” -RemoveDefinitions -All
5. Please ensure that all commas are kept within the command to ensure its proper functionality.
6. After successfully processing the first command, enter the second command and press Enter to update the virus signatures for Windows Defender.
   “%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe” -SignatureUpdate
7. After the second command is processed successfully, you can restart your PC and check Task Manager to see if the CPU consumption has decreased.

If you’re still experiencing the Antimalware service executable high CPU usage problem, try the next method below.

8. Fixing the Process Mitigation Loop

Another possible reason for this error is when the process mitigation feature triggers an Exploit Protection loop. Windows Defender may repeatedly attempt to disable the activity of a folder or program without success, leading to endless attempts. This results in increased CPU usage.

If this situation applies, you can fix it by addressing the process mitigation loop. This will stop the Exploit Protection Service, which can significantly reduce CPU usage.

Please note that there is a potential issue with Exploit Protection causing a loop in Windows Defender. This loop occurs when Windows Defender attempts to disable the activity of a folder or program, but if it is unsuccessful, it will continue to try again and again. As a result, this can lead to high CPU usage.

To deploy this fix, follow the instructions provided:

1. To open up a Run dialog box, simply press the Windows key + R.
2. After opening the Run dialog box, type ‘powershell‘ and press Ctrl + Shift + Enter to open an elevated Powershell window with admin access.
3. Clicking Yes at the User Account Control will grant you admin access and open an elevated Powershell window.
4. To disable the Exploit Protection and prevent the process mitigation loop, simply enter the command provided in the Elevated Powershell window.
   powershell “ForEach($v in (Get-Command -Name \”Set-ProcessMitigation\”).Parameters[\”Disable\”].Attributes.ValidValues){Set-ProcessMitigation -System -Disable $v.ToString().Replace(\” \”, \”\”).Replace(\”`n\”, \”\”) -ErrorAction SilentlyContinue}”
5. It’s essential to be aware of any warnings you receive, but it’s best to wait until the process is finished.
6. Once the command is processed successfully, you can restart your PC. After the next startup is complete, open Task Manager and check if the Antimalware Service Executable (MsMpEng) usage is still high.

Hope the Antimalware service executable high CPU usage issue will be resolved.

Also Check;

• Windows Printer Error 0x0000011b
• Windows Clean Boot Process
• Missing Wi-Fi Adapter in Windows
• Install Windows 11 22H2
• View Saved Passwords Windows 11
• Change the Download Path Windows 11
• Change Windows 11 System Sounds
• Remove Keyloggers in Windows 10