If you have seen a program “Antimalware Service Executable” in the Task Manager, don’t be worried. It’s not a third party service or a virus mimicking an antivirus. Its an official program from Windows which makes sure to secure your Windows PC. Here we answer all your queries for the question – What is Antimalware Service Executable and why does it show high CPU, Disk or Memory usage? Is it a virus? Do I need to disable it? i
What is Antimalware Service Executable
Windows 10 and Windows Defender, now integrated within the core of OS, and primed as Windows Defender Antivirus System, has come a long way. Like many other programs which need to run continuously in the background, WDAS also runs in the background with the name of Antimalware Service Executable (MsMpEng.exe).
If for some reason, you have seen it listed in the Task Manager consuming memory, and CPU more than ever, don’t be worried. Many a time the antivirus program needs to run the background with scheduled scanning, checking files for malware, runtime software installation, and continuously monitor files for changes.
The best way to cross check is right click on the program name, when in Task Manager, and open its file location. You will notice that its available under C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0. You can also invoke the Defender program manually to perform scan, and this will increase the CPU and Memory usage.
Antimalware Service Executable shows high CPU usage
If you are wondering about this, it’s not entirely true. I have seen this program sitting in the background, and doing nothing. At times, I have seen it consuming 30% CPU usage. If you have seen it taking high CPU portion, the chances are that it is scanning your files in the background. This is to make sure of potential virus or malware.
You will notice these types of surge happens at certain events. When your PC boots, software installation is in progress, when you download the file from the internet or check your emails in Outlook with attachments.
The best part of this Antimalware Service Executable or Windows Defender is that it only does background scans when your PC is sitting idle. This makes sure that your PC is not slow when you are working, and running scans in idle stage give the program advantage of using more CPU resources.
Should you disable Antimalware Service Executable
We do not recommend that all. The biggest reason that goes in our support is that it works along with third-party antivirus solution. This gives you enough reason not to disable Windows Defender. Windows Defender disables it automatically when you install a third-party antivirus.
There are many more reasons. Windows Defender is the last protection you have got when it comes to ransomware which can lock down your files. Microsoft has implemented this feature with OneDrive to make sure your files are safe and can be recovered back.
However, if you feel like its taking too much of resources, you can turn off the real-time protection. Go to Settings> Update & Security >Virus & threat protection > Virus & threat protection settings and disable Real-time protection. It will automatically enable it when it doesn’t find any AntiVirus software installed on your PC.
Like I said, Windows Defender works along with other antivirus solution. Even though it disables itself, from time to time, it will scan your PC. It will figure out risks which could have been missed by your primary antivirus solution.
The primary reason for writing this post is recommendations to completely disable this services at many forums. It’s not a wise thing to do as per my experience.