How To Fix Antimalware Service Executable High CPU / Memory Usage [2023]

The Antimalware Service Executable, also known as MsMpEng (MsMpEng.exe), plays a crucial role in Windows Defender’s operations. However, some users may encounter the “Antimalware Service Executable high disk usage” error in the Task Manager, causing excessive CPU and memory utilization. If you’ve faced this issue, there’s no need to worry; you’re not alone. In this comprehensive guide, we’ll explore what the Antimalware Service Executable is, why it can lead to high CPU usage and, most importantly, how you can optimize your Windows 10 PC to prevent excessive CPU utilization.

Understanding Antimalware Service Executable

What is Antimalware Service Executable?

The Antimalware Service Executable is a core Windows Security process responsible for continuous protection against malware threats. Also known as msmpeng.exe, it operates in the background, periodically scanning files and applications for potential threats. This real-time scanning is essential for safeguarding your system against various forms of malware, including viruses, Trojans and spyware.

Why Does Antimalware Service Executable Consume High CPU?

Understanding why the Antimalware Service Executable consumes high CPU is crucial for addressing the issue effectively. The primary reason for the elevated CPU usage by Antimalware Service Executable is it’s continuous background operation. It actively scans files and programs, taking immediate action upon detecting any suspicious activity and monitors it’s own folder for threats.

Moreover, Windows Defender, the built-in antivirus and antimalware software in Windows 10, relies on this service to maintain robust security. As a result, it operates proactively to ensure your system remains protected.

Should You Disable Antimalware Service Executable?

While it’s possible to reduce CPU usage by preventing Antimalware Service Executable from scanning it’s folder, we strongly advise against disabling Windows Defender if you don’t have alternative antivirus software installed. Windows Defender provides a baseline level of security and disabling it could leave your system vulnerable to malware attacks.

However, there are situations where users may consider temporarily disabling Windows Defender, such as when using third-party antivirus solutions. It’s essential to weigh the pros and cons carefully and ensure you have an alternative security solution in place before taking this step.

How to Resolve Antimalware Service Executable High CPU Usage

Now that we have a solid understanding of what Antimalware Service Executable is and why it might lead to high CPU usage, let’s delve into practical solutions to address this issue. We’ll explore a range of methods, from adjusting Windows Defender settings to more advanced troubleshooting steps.

Adjust Windows Defender’s Scheduling Options

The high CPU usage issue can be addressed by modifying Windows Defender’s scheduling options, which impact it’s continuous protection. Here’s how to optimize it:

1. Press the Win + R keys simultaneously to open the Run box. In the Run box, type “taskschd.msc” and hit Enter.
2. In the Task Scheduler Library, navigate to “Microsoft” > “Windows” > “Windows Defender”.
3. Double-click “Windows Defender Scheduled Scan”.
4. In the Property window, uncheck “Run with highest privileges”. This will prevent the scan from running with elevated permissions, which can reduce it’s impact on CPU usage.
5. Uncheck all items in the “Conditions” section. This step ensures that the scan won’t start under specific conditions, such as on battery power.

By making these adjustments, you can significantly improve the CPU usage of Antimalware Service Executable without compromising your system’s security.

Disable Real-Time Protection and Reschedule Scans

High memory usage by Antimalware Service Executable is often caused by real-time protection continually checking your PC for threats. While real-time protection is a critical component of Windows Defender, you can temporarily disable it to troubleshoot high CPU usage. Here’s how:

1. Go to “Settings” and open “Update & Security”.
2. Select “Windows Security” and click on “Virus & threat protection”.
3. Click “Manage settings”.
4. Turn off “Real-Time Protection” to stop the continuous monitoring of files for potential threats.

Keep in mind that disabling real-time protection makes your system more vulnerable to malware, so use this option for troubleshooting purposes and consider re-enabling it once you’ve resolved the high CPU usage issue.

Add Antimalware Service Executable to Exclusion List

To further mitigate CPU consumption, add Antimalware Service Executable to the exclusion list. This instructs Windows Defender not to scan this specific file, thereby reducing the load on the CPU. Here’s how to do it:

1. Press Win + I to open “Settings” and go to “Update & Security”.
2. Choose “Windows Security” and click “Add an Exclusion” in the Exclusions section.
3. Select “Exclude a .exe, .com, or .scr process” and add “MsMpEng.exe” to the exclusion list.

By adding Antimalware Service Executable to the exclusion list, you can significantly reduce CPU usage while maintaining protection for other files and processes.

Disable Windows Defender

If the high CPU usage issue persists despite the previous fixes, you may consider temporarily disabling Windows Defender. However, proceed with caution, as this step will leave your system without real-time protection, making it more vulnerable to malware. Here’s how to disable Windows Defender:

1. Press Win + R to open the Run Dialog Box.
2. Type “regedit” and press Enter to open the Registry Editor.
3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
4. Create a new DWORD (32-bit) Value inside the Windows Defender folder and name it “DisableAntiSpyware”. Set it’s value data to 1.

Disabling Windows Defender should be a last resort and it’s advisable only if you have an alternative, reliable antivirus solution in place.

Update All Device Drivers

Ensuring that your system’s device drivers are up to date can contribute to stable performance and may help resolve CPU usage issues. Outdated or incompatible drivers can lead to various system problems, including high CPU usage. Follow these steps to update your device drivers:

1. Identify the drivers that need updating: To determine which drivers need updating, you can use the Device Manager. Right-click on the Start button, select “Device Manager” and expand the categories to view your device drivers.
2. Visit the manufacturer’s official website: Go to the official website of your device’s manufacturer(e.g., NVIDIA, Intel, AMD) and navigate to the support or downloads section. Locate the latest drivers for your specific hardware.
3. Download and install the drivers: Download the updated drivers from the manufacturer’s website and follow the installation instructions. Be sure to choose drivers that are compatible with your Windows system version(e.g., Windows 10).

Updating device drivers can help ensure that your hardware functions optimally, potentially reducing CPU usage caused by compatibility or performance issues.

Check for System File Corruption

Corrupted system files can lead to high CPU usage issues, including those related to Antimalware Service Executable. To address this, you can use the System File Checker(SFC) utility, a built-in Windows tool that scans for and repairs corrupted system files. Here’s how to run an SFC scan:

1. Press Win + S to open the search bar, type “Command Prompt” and right-click on “Command Prompt” in the search results. Select “Run as administrator” to open Command Prompt with administrative privileges.
2. In the Command Prompt window, type the following command and press Enter:

3. The SFC tool will scan your system for corrupted files and attempt to repair them. This process may take some time, so please be patient.
4. Once the scan is complete, follow any on-screen instructions to address any issues found.

Running an SFC scan can help ensure the integrity of your system files and may resolve CPU usage problems caused by file corruption.

Run a Malware Scan

While Antimalware Service Executable is designed to protect your system from malware, it’s essential to ensure that your PC isn’t already compromised. Running a thorough malware scan can help identify and remove any existing threats that could contribute to high CPU usage. Here’s how to perform a malware scan using Windows Defender:

1. Open the search bar by pressing Windows + S keys simultaneously.
2. Search for “Windows Security” and select it from the search results.
3. In the Windows Security app, choose “Virus & threat protection”.
4. Click “Scan options”.
5. Select “Full Scan” to examine every file on all your drives thoroughly.
6. Click “Scan now” to initiate the scan. Depending on the size of your storage and the number of files, this process may take some time.
7. If Windows Defender detects any threats, it will automatically take action to remove them.

It’s important to regularly scan your PC for malware to ensure that your system is not affected by any malicious software that could contribute to high CPU usage.

Advanced Troubleshooting

In some cases, high CPU usage by Antimalware Service Executable may persist despite the above fixes. If you’ve exhausted the standard troubleshooting methods, consider these advanced steps to address the issue.

Tweak Defender’s Scheduled Scan

One way to further optimize the CPU usage of Antimalware Service Executable is by modifying the Windows Defender Scheduled Scan settings. This involves reducing some unnecessary privileges and conditions associated with the scan. Follow these steps:

1. Access the Task Scheduler by pressing the Win + R keys simultaneously and entering “taskschd.msc”.
2. In the Task Scheduler Library, navigate to “Microsoft” > “Windows” > “Windows Defender”.
3. Double-click “Windows Defender Scheduled Scan” to open it’s properties.
4. On the General tab, uncheck “Run with highest privileges”. This step removes the elevated privileges, reducing the impact on CPU usage.
5. Next, go to the Conditions tab and uncheck “Start the task only if the computer is on AC Power”. This change allows the scan to run regardless of whether your computer is running on battery power or AC power.
6. Finally, go to the Triggers tab and click “New” to create a new trigger. Select “Weekly” from the options, choose a specific day and click “OK” to save the changes.

By tweaking the scheduled scan settings, you can further optimize Antimalware Service Executable’s impact on CPU usage.

Remove Corrupt Windows Update Files

Windows Defender relies on cumulative updates released by Microsoft for it’s effectiveness. However, if these updates become corrupted or buggy, they can lead to issues with Antimalware Service Executable and high CPU usage. Here’s how to remove potentially corrupt Windows update files:

1. Launch Command Prompt as an administrator by searching for “Command Prompt” in the Start menu, right-clicking on it and selecting “Run as administrator”.
2. In the Command Prompt window, execute the following two commands, one at a time:

3. After executing these commands, restart your PC to apply the changes.

Removing corrupt update files can help Windows Defender function more smoothly and reduce CPU usage caused by update-related issues.

Turn off Process Mitigation

Process Mitigation is responsible for the Exploit Protection Service, which can sometimes lead to conflicts with Windows Defender and result in high CPU usage. Disabling Process Mitigation can help resolve this issue. Follow these steps:

1. Launch Command Prompt as an administrator from the Start menu.
2. In the Command Prompt window, execute the following command:

3. Once the command is executed, restart your PC to apply the changes.

Disabling Process Mitigation can prevent conflicts between Windows Defender and the Exploit Protection Service, potentially reducing CPU usage.

Add Antimalware Service Executable to Defender Exclusion List

Another effective way to minimize CPU usage by Antimalware Service Executable is by adding it to Windows Defender’s exclusion list. By doing so, you instruct Windows Defender not to scan this specific service file, which can significantly reduce CPU load. Here’s how to add Antimalware Service Executable to the exclusion list:

1. Open Task Manager by pressing Ctrl + Shift + Esc simultaneously.
2. Under the Background Processes section, locate “Antimalware Service Executable”, right-click on it and select “Open File Location”.
3. The File Explorer will open and you’ll see the EXE file named “MsMpEng.exe”. Copy the location from the address bar, which will be something like:

4. Go to the Start Menu and search for “Windows Defender Firewall”. Open it.
5. Click on “Allow an App or Feature through Windows Defender Firewall” from the left menu bar.
6. Click on the “Change Settings” button, followed by “Allow Another App”.
7. Click on the “Browse” button next to the “Path” field and paste the location you copied earlier from the File Explorer.
8. Select the “MsMpEng.exe” file from that folder and click “Open”.
9. The location will now be loaded into the “Path” field and the app section should display the “Antimalware Service Executable” file. Click “Add” to add it to the whitelist.

After completing these steps, restart your PC and check if it has resolved the Antimalware Service Executable High CPU/Memory usage issue.

Kill Antimalware Service Executable Process

In some cases, users have successfully resolved the Antimalware Service Executable High CPU/Memory usage issue by forcibly terminating the process. This action will stop most associated Defender processes and upon restarting your PC, they should initiate fresh instances, potentially reducing CPU usage. Here’s how to do it:

1. Launch Task Manager by pressing Ctrl + Shift + Esc.
2. Go to the “Details” tab, locate the “MsMpEng.exe” file and note down it’s Process ID(PID) number.
3. Launch Command Prompt as an administrator from the Start Menu.
4. Execute the following command, replacing “pid_number” with the PID you noted earlier:

5. After executing the command, reboot your PC to allow the associated processes to restart.

By forcibly terminating the Antimalware Service Executable process, you can potentially resolve the issue of high CPU/Memory usage. Upon rebooting, Windows Defender processes should restart normally.

Disable True Color Service(For Dell Users)

Some Dell users have reported a connection between the True Color utility(a Dell bloatware application) and Antimalware Service Executable’s high CPU usage. Disabling True Color has resulted in a considerable reduction in CPU load, even with Antimalware Service Executable still running. If you’re a Dell user, consider trying this workaround:

1. Launch Task Manager by pressing Ctrl + Shift + Esc.
2. Under the “Background Processes” section, find “TrueColorALS.exe”.
3. Select “TrueColorALS.exe” and then click the “End Task” button at the bottom right.

Disabling True Color may reduce CPU usage and help mitigate the Antimalware Service Executable High CPU/Memory usage issue on Dell computers.

Disable Windows Defender

If none of the aforementioned methods have resolved the issue, you may consider disabling Windows Defender as a last resort. However, proceed with caution, as this action will leave your system without real-time protection against malware. There are two methods to disable Windows Defender: via the Group Policy Editor and the Registry Editor. Here are shorter instructions for both methods:

Group Policy:

1. Launch the Group Policy Editor by pressing Win + R, typing “gpedit.msc” and hitting Enter.
2. Navigate to “Computer Configuration” > “Administrative Templates” > “Windows Components” > “Windows Defender” in the left menu bar.
3. Open the “Turn off Windows Defender” policy from the right-hand side and set it’s state to “Enabled”.

Registry Editor:

1. Launch the Registry Editor by pressing Win + R, typing “regedit” and hitting Enter.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
3. Create a new DWORD (32-bit) Value inside the Windows Defender folder and name it “DisableAntiSpyware”. Set it’s value data to 0.

Disabling Windows Defender should only be done if you have an alternative, reputable antivirus solution in place, as your system will be vulnerable to malware without real-time protection.

Frequently Asked Questions(FAQs)

Can I End the Antimalware Service Executable?

While Antimalware Service Executable doesn’t continuously consume excessive resources, you can disable it if you find it disruptive. However, it’s equally acceptable to leave it enabled, as it’s an integral part of Windows Defender’s functionality. If you decide to disable it, ensure you have an alternative antivirus solution in place.

Why Does Antimalware Service Executable Use High CPU?

The high CPU usage by Antimalware Service Executable is primarily due to it’s continuous scanning of files and programs for potential threats. It actively monitors and takes action against any suspicious activity, which can lead to elevated CPU usage during these operations.

How Do I Stop Antimalware Service Executable from Using Memory?

To reduce memory usage by Antimalware Service Executable, you can disable Windows Defender or add it to the exclusion list.

Summary

In your efforts to mitigate high CPU and memory usage by Antimalware Service Executable, the methods discussed in this comprehensive guide offer a range of solutions. From adjusting Windows Defender settings to advanced troubleshooting steps, you now have a toolbox of options to address this issue effectively.

Remember to consider the potential trade-offs between performance and security when making changes to your antivirus and antimalware configurations. Regularly updating device drivers, checking for system file corruption and running malware scans should be part of your routine maintenance to keep your Windows 10 PC running smoothly and securely.

Additional Note

If you’ve encountered high CPU or memory usage issues and the troubleshooting steps provided in this guide haven’t resolved the problem, consider seeking further assistance from Microsoft support or a qualified IT professional. It’s essential to maintain a secure and efficient computing environment and expert guidance may be necessary in complex cases.

Conclusion

The Antimalware Service Executable is a vital component of Windows Defender, providing real-time protection against malware threats. While it’s continuous background operation is essential for system security, it can sometimes lead to high CPU and memory usage issues. By following the steps outlined in this guide, you can effectively troubleshoot and optimize the Antimalware Service Executable’s performance, ensuring a balance between system security and resource efficiency.

Experiencing difficulties with your Device, check out our “How To” page on how to resolve some of these issues.