If your computer is sluggish, you may notice the antimalware service executable, or MsMpEng.exe, process in Task Manager hogging your resources. While you can disable it, it’s a good idea to understand the purpose of this process and how disabling it may affect the security of your PC.
- What Is Antimalware Service Executable?
- Update Windows to Update Microsoft Defender
- Disable the Antimalware Service Executable Process Only If You Have Other Antivirus
- Disable Microsoft Defender Temporarily
- Disable Microsoft Defender Permanently Through Local Group Policy
- Troubleshooting the High CPU Usage
- Scan for Viruses
What Is Antimalware Service Executable?
As the name implies, the antimalware service executable helps defend your computer against malware and other virus threats. It appears in Task Manager as MsMpEng.exe or Antimalware Service Executable and is the background process for the built-in Microsoft Defender antivirus tool. Microsoft Defender was formerly known as Windows Defender.
It’s designed to work like other antivirus tools by running constantly in the background. This helps to protect you from threats in real time. While it’s running, it scans any files you open or download, scans your system for potential threats, updates itself, and other common antivirus tasks.
During scans and updates, the antimalware service executable process uses more resources. This is common among all types of antivirus tools. During peak usage, they tend to use more resources. However, the usage should be less after a scan or update. As you can see above, RAM usage was higher while I was running an update. This dropped back about 150 MB and less after the update was finished.
While it may seem suspicious at first, it’s a legitimate Windows process, much like these other processes that may look like malware.
Update Windows to Update Microsoft Defender
If you use Microsoft Defender as your antivirus, you don’t have to disable it just to get rid of the high CPU usage. In fact, if you haven’t had issues before, the problem is likely a Windows update.
Either check for a new Windows update to also update Microsoft Defender, which may solve any CPU issues, or roll back an update to see whether that fixes the problem. Check for the latest Windows update issues, along with details on rolling back an update. Typically, Microsoft addresses these quickly.
Disable the Antimalware Service Executable Process Only If You Have Other Antivirus
As long as the antimalware service executable process isn’t running hard all the time, it’s okay to leave it enabled. It’s safe and helps protect your PC. However, if you’re having issues with constant resource usage, you may want to disable it.
It’s completely okay to disable the process – and even Microsoft Defender. While it’s built in, you’re not required to use it. Before you do this, though, install an alternative antivirus tool; otherwise, you’re leaving your system vulnerable. With the right precautions, you can be safe without a third-party antivirus, as Windows Security is a pretty comprehensive system that should keep you safe.
You can temporarily disable the Antimalware Service Executable process within Task Manager; however, it restarts when you reboot your computer.
End the task until the next reboot if it’s causing trouble by pressing Win + X to open the Power User menu. Select Task Manager.
Right-click Antimalware Service Executable, and select End task.
This disables Microsoft Defender for the rest of your session.
If, for any reason, you get an Access denied error while doing this, disable Microsoft Defender, then end the task in Task Manager. Either disable it temporarily or permanently via the below instructions.
Disable Microsoft Defender Temporarily
If you’d rather not use Microsoft Defender, you can disable it temporarily. This stops the antimalware service executable from running. It won’t uninstall Microsoft Defender – just disable it. For some users, it remains off after a restart, but typically, it turns back on after a restart.
Go to Settings -> Privacy & Security -> Windows Security. Select Open Windows Security in the right pane.
Choose Virus & threat protection.
Select Manage settings under Virus & threat protection settings. Toggle off Real-time protection and Cloud-delivered protection.
If you plan to continue using Microsoft Defender for protection, try the temporary disabling method first. When you restart, monitor your CPU usage. It’s possible the service simply hung up and needed to restart to avoid hogging your resources.
Disable Microsoft Defender Permanently Through Local Group Policy
While this is just a temporary solution to solve the Antimalware Service Executable high CPU usage problem, the Group Policy Editor lets you disable Microsoft Defender permanently. Windows 11 Home edition doesn’t have the full editor available, but you can enable the local group policy editor, and get the same results. Follow the linked guides to stop Microsoft Defender from restarting every time you reboot your PC.
Troubleshooting the High CPU Usage
Just because the Antimalware Service Executable isn’t a virus, that doesn’t mean it won’t cause high CPU usage issues. If your CPU temperature is rising, try these steps to cool it down. For most users, high usage comes down to two main issues.
1. Full Scan Increases CPU Usage
Typically, the most common reason for the antimalware service executable high CPU usage issue is a scan running. Most antivirus apps noticeably increase resource use when a scan runs. However, you can switch from a full scan to a quick scan for a less resource-intensive scan.
Open Windows Security. Either search from the Start menu, or go through Windows Settings. Then, go to Virus & threat protection -> Scan Options. Select Quick scan. By default, it’s usually Full scan.
If Microsoft Defender is your only antivirus app, I highly recommend running a full scan at least a few times a week. Start the scan manually from the Scan Options window by choosing your scan type and selecting Scan Now.
2. Two Antimalware Service Executable Processes Running at Once
Sometimes more than one Antimalware process is running at once in Task Manager. This is quite normal. One of the processes is expandable and shows that Microsoft Defender Antivirus Service is running. (That’s the app for Windows Defender/Security.)
The second process is the Content Process, which manages virus definitions. Both of these are important to keep the service running properly.
Scan for Viruses
If you suspect you may already have a virus, download and run the Microsoft Safety Scanner tool. A virus that got past Microsoft Defender could be wreaking havoc with it. This tool includes the latest virus definitions to remove malware and get your system back to normal. You can also try removing a virus without an antivirus tool. Once the virus is gone, try these Microsoft Defender tactics for a safer PC.
Overall, the antimalware service executable isn’t anything to worry about. For more insight on Windows security, see our guide on whether you need antivirus software if you already have Windows Defender.
Image credit: Unsplash. All screenshots by Crystal Crowder.
Our latest tutorials delivered straight to your inbox
