Antimalware Service Executable: Fix High CPU Usage Now

Have you ever opened up your task manager and found this menacing 99% CPU usage glaring into your eyes? Well, rest assured. You are not alone.  Many Windows users report this problem frequently and the common culprit is the “Antimalware Service Executable”.

Antimalware Service Executable is a background service built into Windows 10 antivirus software ‘Windows Defender’.  We’ll dig deep in this article to find out what it is, why it takes up so much CPU and if it can be stopped.

What Is Antimalware Service Executable?

Antimalware Service Executable plays a crucial role in Windows 10’s defense against viruses and malware.  It is a background service that runs to continuously monitor your PC for potential threats and viruses that could harm your computer’s data. If you’re not aware of it already, open up ‘Task Manager’ (Start Menu > Task Manager) and you’ll see this service consuming most of your CPU’s data.  The corresponding file for the Antimalware Service Executable can be found by clicking the details tab in Task Manager and is labeled as msmpeng.exe.  Sooner or later you’ll realize that ending this process necessarily doesn’t kill it ‘for good’, and ending it could possibly put your computer at risk to viruses and malware without a proper alternative anti-virus software to replace it.

Why Does It Use Up So Much CPU?

There are two main features that the Antimalware Service Executable process offers.  The first one being the “real-time” monitoring feature.  This feature constantly monitors and scans files on the computer in real-time.  This feature is crucial as it prevents any unprecedented attacks against your PC.

The second feature that the Antimalware Service Executable provides is its “Full Scan Feature”.  This feature scans the entirety of files on your computer.  By default, it is usually set to run when the computer wakes up from sleep or connected to a network.  A common reason why your CPU usage is so high is since your Windows Defender has a full scan scheduled daily.  The scan will meticulously go through every file, hogging your computer’s processing power and reducing your computer speed to its bare minimum in the process.  It is recommended that you schedule your full scan to just once per week and at a time where you are not using your computer i.e. at night when you sleep.

Can It Be stopped?

“I have tried to disable Windows Defender, but the process is still ongoing” is a common query we receive.  This is in fact true.  Even after disabling Windows antivirus tools, the Antimalware Service Executable or msmpeng.exe remains running as a hidden file.

Nevertheless, the answer is yes. It can be stopped.  However, there are several methods to go about stopping the Antimalware Service Executable and improving the performance of your computer.  We’ll go through the most common and efficient methods to reduce the high CPU usage of Antimalware Service Executable below:

How To Reduce High CPU Usage Caused by Antimalware Service Executable?

1. Scheduling Windows Defender Appropriately Using Task Scheduler
2. Exclude Antimalware Service Executable from Windows Defender
3. Disable Windows Defender
4. Using the Registry Editor
5. Installing a 3rd Party Antivirus Software

METHOD 1:  Scheduling Windows Defender Appropriately Using Task Scheduler

This method will prevent Antimalware Service Executable from running at times when your computer is at use or if a network connection is available.

1. Click the Start Menu icon and type in ‘Run’. Press Enter.
2. In the window that opens, type taskschd.msc and Press Enter.
3. Click on Task Scheduler Library, then Microsoft, then Windows folders.
4. Open the Windows Defender Folder by double clicking it.
5. Then open the Windows Defender Schedule Scan.
6. A new window will open.  In the General tab uncheck ‘Run with the highest privileges’.  In the Conditions tab, uncheck everything.

METHOD 2: Exclude Antimalware Service Executable From Windows Defender

Using the steps below, you will set Antimalware Service Executable service operation or msmpeng.exe as an exception in Windows Defender.

1. Press the Windows logo key and ‘I’ at the same time to open Windows Settings.
2. Click on ‘Update & Security’.
3. Click on the Windows Defender Tab and then select ‘Add and Exclusion’.
4. Under Processes, click the ‘+’ button next to “Exclude a .exe, .com or .scr process”.
5. Type in MsMpEng.exe and then click OK.

METHOD 3: Disable Windows Defender

A major reason why Antimalware Service Executable uses up so much CPU is that it is constantly monitoring the PC through real-time protection. You can disable the real-time protection offered in the Windows Defender Security Center settings, allowing your computer to operate much faster.

1. Open Windows Defender Security Center
2. Now click on ‘Virus & threat protection’.
3. A new window will open, then click on ‘Virus & threat protection settings’
4. Turn Off ‘Real-time protection’ toggle button.

Windows Defender has been successfully turned off.

Note: We don’t recommend you to do this as this can expose your computer to threats like Virus, Malware and Trojans. 

METHOD 4: Using Registry Editor

Now, this method is a more permanent solution to getting rid of Antimalware Service Executable.  Please note that before conducting this method, any accidental changes to the registry can cause irreversible damage to the data of the computer.

1. Press the Windows Key and the R key to open the run dialog box.
2. Type in regedit and press Enter.
3. In the registry editor double click the folders on the left hand-side in the following sequence: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
4. Double-click on the registry file ‘DisableAntiSpyware’  and change its ‘Value data:’ to 1.

METHOD 5: Installing a 3rd Party Antivirus Software

Antimalware service executable is a service solely working under Windows Defender.  Installing any other trusted 3rd party antivirus software will automatically shut down Windows Defender and stop Antimalware service executable/msmpeng.exe operations.  This will allow your PC to run at a significantly higher performance considering yours have appropriately scheduled the scans for the 3rd party software.

There several antivirus software available on the market today that can replace Windows Defender.  I personally have experimented with Avast Free Antivirus and found it to be much more secure than Windows Defender.  It has also offered several exclusive features such as a password manager and VPN.  Some other good examples include Malwarebytes and Kaspersky Anti-Virus.

Final Words

It’s important to realize that the Antimalware Service Executable is a crucial software in Windows 10 defense against malware and viruses.  Disabling it will potentially put your computer at risk. Therefore after following these methods or even before attempting them, it’s important you make a restore point of your PC (just in case you have to restore your system if any error occurs). Additionally, it is undoubtedly advised to install a 3rd party antivirus software when disabling Windows Defender.