What is Antimalware Service Executable? Why is it consuming high CPU/Memory?

If you have seen a program “Antimalware Service Executable” in the Task Manager, don’t be worried. It’s not a third party service or a virus mimicking an antivirus. Its an official program from Windows which makes sure to secure your Windows PC. Here we answer all your queries for the question – What is Antimalware Service Executable (msmpeng.exe) and why does it show high CPU, Disk or Memory usage in Windows 10? Is it a virus? Do I need to disable it? Find all your answers to these questions in this post.

What is Antimalware Service Executable

Windows 10 and Windows Defender, now integrated within the core of OS, and primed as Windows Defender Antivirus System, has come a long way. Like many other programs which need to run continuously in the background, WDAS also runs in the background with the name of  Antimalware Service Executable (MsMpEng.exe).

If for some reason, you have seen it listed in the Task Manager consuming memory, and CPU more than ever, don’t be worried. Many a time the antivirus program needs to run the background with scheduled scanning, checking files for malware, runtime software installation, and continuously monitor files for changes.

What Is Antimalware Service Executable

The best way to cross check is right click on the program name, when in Task Manager, and open its file location. You will notice that its available under C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0. You can also invoke the Defender program manually to perform scan, and this will increase the CPU and Memory usage.

Antimalware Service Executable shows high CPU/Memory usage

If you are wondering about this, it’s not entirely true. I have seen this program sitting in the background, and doing nothing. At times, I have seen it consuming 30% CPU usage. If you have seen it taking high CPU portion, the chances are that it is scanning your files in the background. This is to make sure of potential virus or malware.

You will notice these types of surge happens at certain events. When your PC boots, software installation is in progress, when you download the file from the internet or check your emails in Outlook with attachments.

The best part of this Antimalware Service Executable or Windows Defender is that it only does background scans when your PC is sitting idle. This makes sure that your PC is not slow when you are working, and running scans in idle stage give the program advantage of using more CPU resources.

Should you disable Antimalware Service Executable

We do not recommend that all. The biggest reason that goes in our support is that it works along with third-party antivirus solution. This gives you enough reason not to disable Windows Defender. Windows Defender disables it automatically when you install a third-party antivirus.

There are many more reasons. Windows Defender is the last protection you have got when it comes to ransomware which can lock down your files. Microsoft has implemented this feature with OneDrive to make sure your files are safe and can be recovered back.

However, if you feel like its taking too much of resources, you can turn off the real-time protection. Go to Settings> Update & Security >Virus & threat protection > Virus & threat protection settings and disable Real-time protection. It will automatically enable it when it doesn’t find any AntiVirus software installed on your PC.

Antimalware Service Executable

Like I said, Windows Defender works along with other antivirus solution. Even though it disables itself, from time to time, it will scan your PC. It will figure out risks which could have been missed by your primary antivirus solution.

The primary reason for writing this post is recommendations to completely disable this services at many forums. It’s not a wise thing to do as per my experience.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

3 Comments

  1. “We do not recommend that all. The biggest reason that goes in our support is that it works along with third-party antivirus solution. This gives you enough reason not to disable Windows Defender. Windows Defender disables it automatically when you install a third-party antivirus.”

    This is in your article. I must say that Windows Defender seems to “Enable” itself frequently, after a Windows 10 Update. I have had to “Disable” Windows Defender because it does not “play nicely” with Bitdefender Total Security 2018 and Bitdefender does not always “Disable” Windows Defender. I have been getting strange notices, since this last attempt to Update. I have to go into Security and fix Windows Defender, twice now. This has to be part of the reason for the Failed Update times 4.

    Just saying this has been my experience for the past week or so. This also very easily could be unique unto me, only. }:O)

  2. Edsonline

    We have 4 computers so far that start running very slow due to windows defender using up 30+ % of the CPU…. the process never ends. Reboot few times, it kept coming back.
    In one computer I was able to fix by running disk /online …. but on the other 3 I had to do a windows reset.

    I can’t tell what is causing it…my guess is the windows update, currupted files or applications.

    Any suggestions?

  3. Dinar Qurbanov

    i had similar problem. i had read that it easy for the windows antivirus to get infected. after i have seen an online solution to add the antimalware itself into its own exclusions, i have come to idea that it is infected itself. so, then i have reinstalled windows.

    warning: you will need to reinstall all programs if you reinstall windows!

    warning: if you connect your hdd to other computer not with usb cable, but directly, i am afraid you may boot from it and infect the healthy hdd, so you sould carefully choose boot device. also you should be afraid of running programs from the infected hdd manually or by some autostart mechanism, though as far as i know that autostart was in windows xp, but it is not very actual with more new versions of windows, since it is disabled by default.

    warning: you may lose your windows’ activation! i think my windows key was saved in efi partition, you may need to find and write your windows product key to a paper.

    for that (reinstalling windows), i have connected its hdd via external case with usb cable to a linux, and deleted windows and program files (except some configuraion files of programs in appdata), (also i deleted users directory and others, moving my files to another folder before that), (just deleting whole c: partition, moving your files to other place before that, may be faster, if you have files of little total size), and deleted some partitions, except EFI boot partition, though that was dangerous, i hoped it (the EFI partition) was not infected. then, i created new windows 10 iso and dvd and reinstalled windows using it.

    about not deleting efi partition: i thought my windows key was saved in it. i think i could get windows product key using some command or program from inside the old infected windows, i am not sure whether i could get windows key from that partition by other method. i think i could, if i had windows key, alternatively change gpt partition scheme to mbr and delete it (the EFI). i had seen that windows did not install due to GPT if i put laptop to non-EFI mode. or, if i was sure i can get windows key from the efi later, i could remove boot flag from it instead of deleting it.

    alternatively, instead of reinstalling windows, you can try to check your windows hdd with other antivirus, installing it to same system, or, better, to other machine, and connecting this infected hdd to it, and booting from the healthy hdd.

    why i did not just run windows installer from inside the old infected windows installation? because it was recommended to me to format all hdd and to boot from the installer dvd in order to not infect fresh installation. i believe in this principle, and, as i said, i just delete some files instead of deleting/formatting all partitions, because formatting would require a new hdd to move files to it.

    alternatively, you can try to get old state of your system from some backup system… (there are also windows’ built-in system or systems, and you may have one from laptop manufacturer and you may have made backups manually or get them automatically). (this may delete your latest changes to your files, so you may need to save such files somewhere).

    alternatively, you can reinstall windows from laptop manufacturers’ special partition. i have not used this way, because windows 8 was there, and i wanted to try to install a “vanilla” windows, ie without the additional preinstalled soft.

Leave a Reply

Your email address will not be published. Required fields are marked *


8 + 8 =