An antimalware service executable, part of Defender integrated into the Windows Security Suite, is a legitimate process and not a malware or security threat. It was designed to protect your PC from malware, however, while doing so, it may start using a lot of system resources like RAM and CPU. This affects the performance of the PC.
Pro tip: Top 8 Ways to Maximize CPU Performance on Windows 11
You should disable it
No. An antimalware service executable, as the name suggests, protects your PC from malware threats. It runs a periodic scan. While Defender is running, you may notice a temporary CPU and RAM usage spike. However, usage levels should return to normal once the scan is complete.
Also, even if you disable the Antimalware Service executable process, Defender will automatically restart it. You can only stop it from running by completely disabling Windows Security, which is also not recommended as it puts your PC at risk.
Information about this process on forums and social media sites is misleading. Installing one or another antivirus app will stop this process. I have Malwarebytes Premium installed, and the Antimalware Service Executable still runs in the background on my PC.
When should you troubleshoot?
You need to troubleshoot the antimalware service executable for high RAM and CPU usage when it constantly consumes abnormally high amounts of resources. On my PC, CPU shows 0% while memory is only 108MB. Once the scan is complete and any detected threats are dealt with, the antimalware service executable should return to its previous state.
press Ctrl+Shift+Esc Keyboard shortcut to open task manager and search MsMpEng.exe Or Antimalware service executable to find it. You will see a screen like the above screenshot where you can see the system resources being used.
1. Run a manual scan and get Malwarebytes
Run a manual scan using Defender:
- open Windows Security Using Windows Search.
- choose Virus and threat protection.
- choose Scan options Under a quick scan.
- choose Full scan and click Scan now.
Malwarebytes is a trusted name and you can use it to do two things:
- Remove All Malware Threats Defender failed to detect or remove.
- Replace Defender with an antimalware service executable that reduces excessive consumption of resources, although the service will still run in the background.
Download: Malwarebytes
We do not recommend that you use two antivirus programs at the same time on the same machine. Installing Malwarebytes will automatically disable Defender.
Microsoft has a standalone tool called Microsoft Safety Scanner To detect and remove malware from your computer. You have to download a new copy every time you want to run it because it doesn’t update automatically and doesn’t need to be installed.
2. Turn real-time protection off and on
Many Windows users found this handy tip To resolve the antimalware service executable process that consumes too much RAM and processing power.
- go there Windows Security > Virus and threat protection > Manage settings.
- Turn off the toggle below Real time protection. Wait for a few minutes and turn it back on. If turning it off solves the problem but turning it back on brings it back, continue reading.
3. Change the schedule of Windows Defender
Windows Security runs periodic scans in the background. It may be running this scan while you work. Rescheduling the scan can fix the Antimalware Service executable process from consuming too much CPU and RAM. Instead of daily, you can schedule it to run weekly.
- open work schedule from Windows Search.
- In the left window pane, navigate to Task Scheduler Library > Microsoft > Windows > Windows Defender.
- Double-click on Windows Defender Scheduled Scan option in the middle window pane under the Name column.
- In the following pop-up, uncheck Run with highest privileges option under General tab
- Uncheck everything below Conditions tab.
- Click above exactly Save all settings in all open windows and check again if the antimalware service is using too many resources in the executable task manager (press Ctrl+Shift+Esc Keyboard shortcut to open directly).
- To set up a new schedule, go to triggers tab, and click New. On the pop-up, select weekly And check capable of.
- Repeat the same steps for Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification In the middle window-pane. Go back to step 3 above.
4. Disable AntiSpyware
The issue, discovered by members of Windows Insiders users, traces back to the Registry Editor key. Here’s how to fix it:
- open Registry Editor Using admin rights Windows Search.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Folder structure from the left window-pane.
- You will find the DisableAntiSpyware file in the right window pane. otherwise, Press the right button Anywhere and choose New > DWORD (32-bit) value.
- Rename the file as Disable antispyware.
- Double-click and enter the newly created file to open it Data value as 1.
- save All changes. Reboot your computer.
5. Disable the Exploit Protection Service
At times, the defender is unable to stop a stubborn serve. This leads to a continuous loop where the antimalware service executable is constantly running in the background, trying, failing and then retrying to complete the task resulting in high CPU and RAM usage.
- open PowerShell with admin rights from Windows Search.
- Copy and paste the below command and press Enter:
powershell “ForEach($v in (Get-Command -Name \”Set-ProcessMitigation\”).Parameters[\”Disable\”].Attributes.ValidValues){Set-ProcessMitigation -System -Disable $v.ToString().Replace(\” \”, \”\”).Replace(\”`n\”, \”\”) -ErrorAction SilentlyContinue}”
6. Clean boot and reset option
A clean boot will load your Windows OS with the minimum drivers and apps that are required to run the OS. Microsoft has an excellent guide on how to do this Do a clean boot. Once done, read on After clean boot troubleshooting reset the computer to start normally To reboot the computer in regular mode with all applications and features including startup programs.
7. Add MsMpEng.exe to the exclusion list
What happens is that when scanning for malware, the antimalware service executable also scans the folder where it is saved. This again can create a kind of loop that leads to high CPU and RAM usage. Adding the associated process to the exclusion list will prevent it.
- Launch Microsoft Defender from Windows Search.
- go there Virus and threat protection > Manage settings Under Virus and threat protection settings.
- At the bottom, click on Add or remove exclusions Under exclusion.
- Click above Add an exclusion and choose process From the drop-down menu.
- type MsMpEng.exe and click Add.
Antimalware service executable process
The process itself is legal. The only problem is when it starts using more resources than it should. Then you experience a slow PC. We do not recommend disabling Defender without enabling other antivirus applications. We also do not recommend disabling critical services using Group Policy Editor. Instead, there are some solutions that you can use to fix the antimalware service executable process running in loops.