Guide: Antimalware Service Executable (MsMpEng) – How to Fix High CPU Usage

The Windows Defender program uses a process called MsMpEng.exe, or a more recognizable name: Antimalware Service Executable. This process consumes a lot of CPU, as it permanently scans not only files in real-time, but also connections and related apps in real-time. And this is because it’s job is to Protect in Real Time.

Another process that the Antimalware Service Executable does is to run a Full Scan when the PC comes out of sleep or when it connects to a network, or when it is scheduled to run.

So, if you see it running a full scan, you should let it do its job and wait for it – if you have many files, it might even a few hours until it completes the full scan. If you don’t have enough patience and you want to also run something else on your PC or browse the internet, your system will be lagging, and it will be annoying.

Some people have Full Scan activated for when the PC wakes up from sleep, or when it’s connected to a network or it’s set to run daily. To fix the Full Scan, which must be done occasionally, follow the steps below. High CPU can also be caused by something else, so consider trying the first method to see if there’s a different cause.

Fix 1: Repairing Defender Files

Download ‘Reimage Plus’ and start it to scan and repair the files that might be either missing or corrupt. Repair any corrupt or missing files and see if the CPU still shows to be in high usage.

Move to the next method if this step didn’t help you.

Fix 2: Properly Rescheduling Windows Defender

1. Click on ‘Start Menu’ and go to ‘Administrative Tools’ and then choose ‘Task Schedule’ from the explorer ‘Window’.
2. Go to ‘Library/Microsoft/Windows/Windows defender’ and locate “Windows Defender Scheduled Scan”. Click on it and choose ‘Properties’.
3. From ‘Properties’ click on ‘Conditions’ and uncheck ‘Idle’, ‘Power’ and ‘Network’. Click OK.

Now we are going to reschedule it so that it may occasionally run.

4. Click on “Windows Defender Scheduled Scan” again and go to ‘Properties’. Here, you will go to ‘Triggers’ and choose ‘New’.
5. Choose the ‘Weekly’ or ‘Monthly’ option, choose the Day and hour when you want the Full Scan to start. Click OK and remember to check if it’s enabled.

When the scheduled Full Scan starts, it will have a high CPU usage – let it do its job. You must do the same rescheduling for: ‘Windows Defender Cache Maintenance’, ‘Windows Defender Cleanup’, and ‘Windows Defender Verification’. For these, turn the conditions off and set them to get triggered once per week.

Fix 3: Turn Off Windows Defender

If you want to completely get rid of the high CPU usage, you can turn off Windows Defender, but you will have to install another antivirus to be protected.

You need to use the Local Group Policy Editor to disable Windows Defender (works only on Window 10 Pro or Enterprise editions and other advanced early Windows operating systems). IF you cannot use the Local Group Policy Editor, you can use a Registry to fix the issue.

How to Use Local Group Policy Editor

1. Press Windows key + R to open Run and type: ‘gpedit.msc’ -> click ‘OK’ – This opens Local Group Policy Editor.
2. In the editor, go to ‘Computer Configuration’ -> ‘Administrative Templates’ -> ‘Windows Components’ -> ‘Windows Defender’.
3. In the ‘Windows Defender’ search for ‘Turn off Windows Defender’ and double click it. Select the Enabled option to turn off Windows Defender, click ‘Apply’ and ‘OK’.

Windows Defender should be immediately disabled. If not, restart the PC and check again in the same path to see if the option of turning it off is still enabled.

Fix it by Using Registry

1. Open Run (Windows key + R) and type ‘regedit’ -> click ‘OK’ – This opens the ‘Windows Registry’ window.
2. From there, go to ‘HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender’.
3. You will see in ‘Windows Defender’ folder a registry called ‘DisableAntiSpyware’ -> double click it and edit ‘Value Data’ to ‘1’.

Fix 4: Add MsMpEng.exe to Windows Defender Exclusion List

You can reduce CPU high usage by adding the Antimalware Service Executable to an exclusion list.

1. One Windows Task Manager (Ctrl + Shift + Esc)
2. Search for the Antimalware Service Executable in the processes list.
3. Right click on it -> ‘Open File Location’. Copy the full path of the executable.
4. Open settings (Hold ‘Windows’ key and press I), then choose ‘Update and Security’ -> ‘Windows Defender’ (left pane) -> and add an exclusion ‘under exclusion’ -> paste the path to ‘MsMpEng.exe’.
5. Go back to Task Manager and check to see how much this process will consume. Paste the whole path to the folder that you have copied, adding to it: ‘\MsMpEng.exe’. Click OK.

Fix 5: Scan for Malware

Your MsMpEng.exe might be affected by malware and this is why it might cause high CPU usage. Run a full scan with either MalwareBytes or AdwCleaner and delete any malware that could be present in your PC.

We hope one of these methods fixed the high CPU usage for you. Remember that Windows Defender is especially built to protect users, so the Antimalware Service Executable should run from time to time. It is recommended that you allow the service to occasionally run and let it do a full scan of your PC at least once a month.