If you are using Windows 7, Windows 8/8.1, or Windows 10, you might have noticed the MsMpEng.exe service taking up most of your CPU resources. This executable file also uses up a lot of RAM, sometimes even going up to 100 percent.
This leads to slow computer response, freezing and lagging.
You can see its usage by opening Task Manager, and looking for Antimalware Service Executable under “Processes”. Many Windows users have shared their concern about the high CPU usage and in case you’re in such a situation, don’t worry, you’re in good hands.
Today’s tutorial shares everything you need to know about MsMpEng.exe.
What is MsMpEng.exe in Windows 10?
The MsMpEng.exe file or Antimalware Service Executable is an app developed by Microsoft and is part of Windows Defender. It’s responsible for real-time protection and performs the heavy work of detecting malware, worms, spyware, and viruses. If it finds any suspicious items on your PC, it quarantines or removes them.
The process also scans your computer and prevents spyware infections from tampering with your operating system. Considering the significance of this process, terminating it can compromise the security of your system.
MsMpEng.exe has two main features:
- Real-time protection. This service is associated with Windows Defender, and one of its main purposes is to protect your system. This means that it is constantly scanning your files and applications in real time.
- Full-Scan feature. This feature scans all the files on your computer if you have scheduled it to run whenever you connect to a network, when the computer wakes up or if you’ve set the scan to run on a daily basis.
The thing is, heavy CPU and RAM usage are the side effects of this process, and when it is performing a full scan on your system, your computer may hang, freeze, or load programs slower than usual.
Is Msmpeng.Exe Safe?
Since .exe indicates an executable file, you must be asking yourself, “Is MsMpENg.exe a virus or a trusted file belonging to the Windows Operating system?”
First off, MsMpEng.exe is not malware or spyware. On the contrary, it helps to protect Windows users from harmful and unwanted applications. The file should be located in C:\Program Files\Windows Defender.
If the file is located anywhere else, especially in the C:\Windows\System32 folder, it might be a threat, since some malware may use the MsMpEng.exe file name as camouflage.
How to Decrease CPU Consumption by MsMpEng.exe?
If you’re affected by frequent PC lagging and delayed response, MsMpEng.exe might be eating up all your available CPU and it’s paramount that you find a fix. If you checked Task Manager when Windows Defender was performing one of its scheduled scans, the CPU usage will obviously be almost 100 percent.
We recommend that you give it a few minutes and check back again. If the CPU usage is still over the roof, then proceed with the workarounds provided below.
Fix 1: Stop Windows Defender from Scanning its Own Directory
- Press the Windows Key and type Windows Defender.
- Choose “Virus & threat protection” from the results. Alternatively, press the Windows Key+I, and then open “Update & Security”.
- Go to Windows Security > Virus and threat protection.
- Open the “Manage settings” link under the “Virus and threat protection settings” section.
- Find the “Exclusions” section, and then select “Add or remove exclusions”.
- Click “Add an exclusion”, and then select “Folder”.
- Look for the “Windows Defender” folder, and select it.
- Finally, click “Select Folder.
This will exclude the Windows Defender folder from being scanned by its own application, which may significantly reduce the high CPU usage.
Fix 2: Limit CPU Usage
- Open Task Manager by right-clicking the “Taskbar”.
- Open the “Details” tab.
- Locate MsMpEng.exe, and right-click it.
- Select “Set affinity”, and then choose the CPU limit threshold that you want MsMpEng.exe to use.
Fix 3: Reschedule Windows Defender Using Task Scheduler
- Press the Windows Key, and then type task scheduler.
- Select the first result, which should be “Task Scheduler”.
- Expand “Task Scheduler Library” on the left pane, and navigate to this path: Microsoft/Windows/Windows Defender.
- Look for “Windows Defender Scheduler Scan” on the right pane, and highlight it.
- Select “Properties”, located under the “Actions” pane.
- Go to the “Conditions” tab, and disable the “Start the task only if the computer is idle for:”, “Start the task only if the computer is on AC power”, and “Start only if the following network connection is available” options.
- Click “OK”.
- Now back to the “Task Scheduler” window, select the “Properties” option again.
- Open the “Triggers” tab and select “New”.
- Select the “Weekly” or “Monthly” option and then choose your preferred day.
- Make sure you check the “Enabled” box and then click “OK”.
- When you’re done, go back to the “Task Scheduler” main window and repeat the same process for the other three schedules, namely: Windows Defender Cache Maintenance, Windows Defender Cleanup, and Windows Defender Verification.
Fix 4: Turn Off Windows Defender
Before you disable Windows Defender, make sure you have another antivirus program installed on your PC. We recommend that you use Auslogics Anti-Malware to handle all of your system’s security issues. This is a world-class anti-malware program that is developed with high expertise to detect and flush out malicious items that might harm your system.
Auslogics Anti-Malware effectively scans your computer and quarantines or removes all malicious items without hogging your CPU or RAM. With advanced technology, you can trust the application to offer maximum protection against malware attacks.
Now, to turn off Windows Defender, there are two approaches you can employ:
- a) Using Local Group Policy
- b) Using the Registry
Using the Local Group Policy
- Press the Windows Key+R, and type gpedit.msc in the “Run” dialog box.
- Hit “Enter” or click “OK” to open the Local Group Policy Editor.
- Navigate to the following path: Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus.
- Double-click “Turn off Windows Defender Antivirus”.
- Select “Enabled”, and then click Apply > OK.
- Restart your PC and see if the system is running normally.
Using the Registry
- Press the Windows Key+R, and then type regedit.
- Click “OK” or press “Enter”.
- Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
- If you see the “DisableAntiSpyware” option, double-click it and change its value to “1”.
- If you don’t see it, you can easily create it by right-clicking on a blank space on the right pane, and then select DWORD (32-bit) Value > New.
- Name it DisableAntiSpyware. Double-click it and change its value to “1” in the Value data:” box.
- Exit the Registry Editor. Windows Defender should now be turned off.
Like we mentioned earlier, it is highly risky to run your computer without any antivirus or anti-malware program installed. Therefore, ensure that you find a reliable one before making these changes to your system.
Fix 5: Disable Sample Submission
Sample Submission is a Windows feature that sends viruses or malware to Microsoft for analysis. This aims to improve the functionality of Windows Defender and make it more secure. However, this feature can cause high disk and CPU usage, therefore affecting your PC’s performance.
This is especially true for users running older computers or with slow internet speeds. You can fix this problem by disabling the Sample Submission feature.
To do this:
- Press the Windows Key+I, and then open Update & Security.
- Next, go to Windows Security > Virus and threat protection.
- Open the “Manage settings” link under “Virus and threat protection settings”.
- Look for “Automatic sample submission” and click the toggle button to turn it off.
Windows will no longer send sample files to Microsoft for analysis. This step may help reduce high usage of your system resources.
Fix 6: Check for Malware Infections
It is highly likely that your system is infected with malware that is causing MsMpEng.exe to take longer scanning the files or applications.
Since Windows Defender may also be causing the high CPU usage, it’s advisable to use another third-party malware removal tool like Auslogics Anti-Malware to find and delete these malicious items or apps.
Perform a full scan so that the program can check every corner of your computer and remove the harmful files from wherever they are hiding.
Once the software finishes the comprehensive scan, and you have removed all the suspicious files and programs detected on your computer, restart your system and check if CPU usage is registering at normal levels.
Do you need further assistance from our technical staff? Don’t hesitate to reach out to us via the comments section.