How to Fix High CPU Usage by Antimalware Service Executable?
Is your PC suddenly slow, your fan spinning at full speed, and your Task Manager showing Antimalware Service Executable eating up 80% or even 100% of your CPU? You are not alone. This is one of the most common performance complaints among Windows 10 and Windows 11 users, and the good news is that it is completely fixable.
The Antimalware Service Executable, also known as MsMpEng.exe, is a core process of Windows Defender. It works in the background to protect your computer from viruses, malware, and other threats. While it does an important job, it can sometimes go rogue and drain your CPU resources at the worst possible time.
This guide gives you a full breakdown of what causes this problem and exactly how to fix it, step by step. Whether you are a beginner or a tech-savvy user, each solution here is written to be clear, practical, and easy to follow. You do not need to be an IT expert to get your PC running smoothly again.
Read on, and you will have your CPU usage back to normal in no time.
Key Takeaways
- Antimalware Service Executable (MsMpEng.exe) is a legitimate Windows Defender background process, not a virus, but it can cause high CPU usage due to real-time scanning, scheduled scans, or scanning its own folder.
- Rescheduling Windows Defender scans using Task Scheduler is one of the most effective ways to prevent CPU spikes during your active work hours, giving you full control over when the scan runs.
- Adding exclusions to Windows Defender, specifically the Windows Defender folder and the MsMpEng.exe process, can significantly reduce the CPU load without disabling your protection entirely.
- Outdated virus definitions can cause Windows Defender to work harder than necessary. Keeping your security definitions up to date often resolves the issue quickly and with minimal effort.
- Performing a clean boot helps identify if a third-party program is conflicting with Windows Defender and triggering the high CPU usage, allowing you to pinpoint and remove the root cause.
- Switching to a third-party antivirus and disabling Windows Defender is a valid long-term option for power users who need full control over system resources, but it should be done carefully to avoid leaving your PC unprotected.
What Is Antimalware Service Executable?
Before fixing the problem, it helps to understand what you are dealing with. Antimalware Service Executable is a background process that belongs to Windows Security, previously called Windows Defender. Its file name is MsMpEng.exe, and you can find it running in your Task Manager at almost any time.
This process handles real-time protection for your computer. It scans files, downloads, and programs as you use them, checks for threats, and either removes or quarantines anything suspicious. It also handles scheduled scans that run automatically to keep your system clean.
The process is completely legitimate and is a core part of Windows 10 and Windows 11. If you see it in Task Manager, it does not mean your PC has a virus. In fact, it means Windows Defender is doing its job. The problem arises when the process consumes an unusually large share of your CPU resources, slowing everything else down.
Understanding its role is important because the goal is not to kill this process entirely, but to control how and when it runs. Disabling it without a replacement puts your PC at risk. The solutions below will help you reduce its CPU usage while keeping your system protected.
Why Does Antimalware Service Executable Use So Much CPU?
There are several reasons why MsMpEng.exe can spike your CPU usage. Knowing the cause helps you pick the right fix faster.
Real-time protection is the biggest culprit. When this feature is active, Windows Defender scans every file you open, every program you launch, and every download you receive. This constant monitoring is CPU-intensive, especially on older or lower-spec hardware.
Scheduled scans also play a major role. Windows Defender runs automatic full-system scans in the background. If these scans are set to run during your peak usage hours, your CPU will take a serious hit. By default, Windows picks its own schedule, which does not always align with when you need your PC to perform best.
Another common trigger is Windows Defender scanning its own folder. Ironically, MsMpEng.exe sometimes scans the very directory it lives in, C:\Program Files\Windows Defender, which creates a loop and drives CPU usage through the roof. Adding that folder to the exclusions list solves this specific issue quickly.
Outdated virus definitions can cause Windows Defender to work harder to identify threats because it is using stale signatures. Keeping definitions up to date allows the scanner to work more efficiently. A bad or corrupt update can also trigger a constant scan loop.
Finally, third-party software conflicts can cause Defender to behave erratically. Some applications, especially other security tools, can clash with MsMpEng.exe and cause it to loop or over-scan.
Fix 1: Add Windows Defender to Its Own Exclusion List
One of the quickest and most effective fixes is telling Windows Defender to stop scanning its own folder. This is a simple change that takes less than two minutes and can immediately reduce CPU usage.
Here is how to do it step by step. First, press the Windows key on your keyboard and type Windows Security, then open the app. Click on Virus & threat protection in the left menu. Scroll down and click on Manage settings under the “Virus & threat protection settings” section.
Once you are inside the settings page, scroll all the way down until you find the Exclusions section. Click Add or remove exclusions, then click Add an exclusion. From the dropdown menu, select Folder. In the folder path box, type or paste the following path: C:\Program Files\Windows Defender, then click Select Folder. A security prompt will appear asking you to confirm. Click Yes to complete the process.
After adding this exclusion, Windows Defender will no longer scan its own installation folder. This eliminates the self-scanning loop that causes a large share of the high CPU usage problem. Restart your computer and check Task Manager to see if MsMpEng.exe has settled down.
Fix 2: Reschedule Windows Defender Scans Using Task Scheduler
Windows Defender runs full system scans on a schedule, and if that schedule is set to run during your active work hours, your CPU will suffer. The good news is you can change that schedule to a time when you are not using your PC, such as late at night or early in the morning.
Start by pressing Windows key + R to open the Run dialog. Type taskschd.msc and press Enter. This opens the Task Scheduler app. In the left panel, expand the folders in this order: Task Scheduler Library > Microsoft > Windows > Windows Defender.
You will see several tasks listed in the center panel. Right-click on “Windows Defender Scheduled Scan” and select Properties. In the General tab, uncheck the box that says “Run with highest privileges.” This reduces the CPU priority of the scan.
Next, switch to the Conditions tab and uncheck all the boxes there. Then click the Triggers tab and hit New to create a new trigger. Set the frequency to Weekly, pick a day you prefer, and set the time to something like 2:00 AM when you are asleep. Click OK to confirm. Click OK again to close the Properties window.
Also look at the other tasks in the Windows Defender folder, including Windows Defender Cache Maintenance, Windows Defender Cleanup, and Windows Defender Verification. Open each one, go to the Conditions tab, and uncheck all conditions. This stops them from running unexpectedly and consuming CPU at random times.
Fix 3: Add MsMpEng.exe as a Process Exclusion
In addition to excluding the Windows Defender folder, you can also add the MsMpEng.exe process itself as a process exclusion. This tells Windows Defender not to scan the executable file that runs the antimalware engine, which further reduces CPU overhead.
Open Windows Security and go to Virus & threat protection. Click Manage settings and scroll to the Exclusions section. Click Add or remove exclusions, then click Add an exclusion. This time, instead of selecting Folder, select Process from the dropdown menu.
In the text box that appears, type MsMpEng.exe and click Add. Windows Defender will now skip scanning this process in real time. This is a targeted fix that lowers CPU usage without broadly weakening your security posture. Combined with the folder exclusion from Fix 1, this can deliver a noticeable improvement in system performance.
Restart your PC after making this change to allow the settings to take full effect. Open Task Manager and check the CPU column to confirm that Antimalware Service Executable is no longer hogging your resources.
Fix 4: Update Windows Defender Virus Definitions
Outdated virus definitions are a surprisingly common cause of high CPU usage. When Windows Defender uses old or corrupted signature files, it has to work harder to analyze files and determine whether they are safe. Updating to the latest definitions allows the engine to process threats more efficiently.
Open Windows Security and click on Virus & threat protection. Scroll down until you see the Virus & threat protection updates section and click Check for updates. Windows will connect to Microsoft’s servers and download the latest threat definitions. Allow the update to complete fully before restarting your computer.
It is also a good idea to keep Windows itself updated. Open Settings, go to Windows Update, and click Check for updates. Microsoft often releases patches that include performance improvements for Windows Defender, especially fixes for known high-CPU bugs. Keeping your system fully updated addresses problems that Microsoft has already identified and resolved.
If a bad definition update caused the spike, updating often fixes it automatically. Many users report that a simple definition update reduced MsMpEng.exe CPU usage from over 70% down to single digits.
Fix 5: Perform a Clean Boot to Find Conflicting Software
Sometimes a third-party application is triggering the high CPU behavior in Windows Defender. A clean boot starts Windows with only essential Microsoft services running, which helps you identify whether external software is causing the conflict.
Press Windows key + R, type msconfig, and press Enter. The System Configuration window opens. Go to the Services tab and check the box that says “Hide all Microsoft services.” This is an important step because it ensures you do not accidentally disable a Microsoft service. Once hidden, click Disable all to turn off all non-Microsoft background services.
Next, click on the Startup tab and select Open Task Manager. In Task Manager, right-click each startup item and select Disable to turn them all off. Close Task Manager, go back to System Configuration, click Apply, then OK. Restart your PC.
After the clean boot restart, check if MsMpEng.exe CPU usage has dropped. If the CPU usage is now normal, a third-party program was causing the issue. You can then re-enable services and startup programs one by one, restarting after each group, until the problem reappears. The last item you re-enabled is the likely culprit.
Common culprits include backup software, cloud sync tools like older versions of Dropbox or OneDrive, and other security applications that conflict with Windows Defender.
Fix 6: Turn Off Real-Time Protection Temporarily
If you need immediate relief from high CPU usage and are okay with temporary vulnerability, you can turn off real-time protection for a short period. This is not a permanent solution, but it is useful when you need full CPU performance for a specific task like video rendering, gaming, or installing large applications.
Open Windows Security and go to Virus & threat protection. Under the “Virus & threat protection settings” heading, click Manage settings. Find the Real-time protection toggle and switch it Off. Windows will warn you that your device may be vulnerable. Proceed only if you are not downloading files or visiting unfamiliar websites during this time.
Once you finish your CPU-intensive task, go back and turn Real-time protection back On immediately. Leaving it off for extended periods exposes your system to malware. Think of this fix as a short-term workaround, not a lasting solution. Use the other methods in this guide for a permanent fix.
Fix 7: Reset Windows Defender Scan Cache
A corrupted or overgrown scan cache can force Windows Defender to re-scan files it has already processed, creating a continuous loop of CPU activity. Resetting this cache is a lesser-known but highly effective fix that many users overlook.
First, you need to stop the Microsoft Defender Antivirus Service. Press Windows key + R, type services.msc, and press Enter. Scroll down to find Microsoft Defender Antivirus Service, right-click it, and select Stop.
Now open File Explorer and navigate to C:\ProgramData\Microsoft\Windows Defender\Scans\. Inside this folder, look for a subfolder called mpcache or any scan history files. Delete the contents of this folder. Do not delete the folder itself, just the files inside it.
After clearing the cache, go back to Services, find Microsoft Defender Antivirus Service, right-click it, and select Start again. Restarting the service allows Windows Defender to rebuild a fresh cache from scratch. This can significantly reduce the CPU spike that happens each time Windows logs in, which is a common complaint reported by many users.
Fix 8: Disable Windows Defender and Use a Third-Party Antivirus
If you have tried the above methods and the CPU usage is still high, a long-term option is to replace Windows Defender with a third-party antivirus solution. When a reliable third-party antivirus is installed and active, Windows Defender disables itself automatically to avoid conflicts. This stops MsMpEng.exe from running altogether.
There are several well-regarded free antivirus options available, such as Avast Free Antivirus, Bitdefender Free Edition, and Malwarebytes Free. These options use fewer system resources in many configurations and offer solid protection.
To manually disable Windows Defender after installing a third-party antivirus, open Windows Security and check the notification area. If your third-party antivirus is recognized, Windows Security will show it as your active protection and will indicate that Windows Defender real-time protection is off.
If Windows Defender does not disable on its own, you can use the Group Policy Editor. Press Windows key + R, type gpedit.msc, and press Enter. Navigate to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus. Double-click “Turn off Microsoft Defender Antivirus” and set it to Enabled. Click Apply then OK. Note: Group Policy Editor is available on Windows 10 Pro and Windows 11 Pro editions, not on Home editions.
Fix 9: Run a Full Malware Scan
There is an ironic but real possibility that the reason MsMpEng.exe is working overtime is because your PC has an actual malware infection. Malware can trigger Windows Defender to scan constantly because it keeps detecting and re-detecting threats.
If the high CPU usage is being caused by a real infection, no amount of scheduling or exclusion tweaks will permanently fix the problem. You need to remove the malware first.
Open Windows Security, click on Virus & threat protection, and select Scan options. Choose Full scan and click Scan now. This will scan every file and folder on your computer. The scan may take anywhere from 30 minutes to a few hours depending on how many files are on your drive. Let it run to completion.
If Windows Defender finds anything, follow the prompts to remove or quarantine the threats. After the scan is complete, restart your computer. In many cases, removing the detected threats will cause MsMpEng.exe to return to normal CPU levels because it no longer has to fight an active infection.
Fix 10: Adjust Windows Defender Process Priority
Windows Defender runs at a high CPU priority by default, which means it takes resources away from other applications. You can lower its priority using Task Manager so that your other programs get more CPU time while Defender continues to run in the background.
Open Task Manager by pressing Ctrl + Shift + Esc. Click on the Details tab at the top. Scroll down until you find MsMpEng.exe in the list. Right-click on it, hover over Set priority, and select Below Normal or Low. Windows will ask you to confirm the change. Click Change priority to confirm.
This change tells Windows to give MsMpEng.exe lower priority compared to the apps you are actively using. Your antivirus continues to run and protect your PC, but it no longer steals CPU cycles from your browser, games, or productivity software. Note that this setting resets every time you restart your computer, so you may need to apply it each session or use a script to automate it.
For a more permanent adjustment, you can use Windows Registry or a startup script to set the priority automatically at boot, but for most users, setting it manually when needed is a practical enough solution.
Fix 11: Make Sure Windows Is Fully Updated
This fix is simple but often overlooked. Microsoft regularly releases Windows Updates that include performance patches and bug fixes for Windows Defender. Running an outdated version of Windows means you may be experiencing a known bug that has already been patched.
Press Windows key + I to open Settings. Click on Windows Update and then Check for updates. Download and install all available updates, including optional updates and driver updates. After the updates are installed, restart your computer.
In many reported cases of persistent high CPU usage by MsMpEng.exe, a Windows cumulative update resolved the issue entirely without any other changes needed. Microsoft monitors feedback from millions of users and frequently patches issues with Windows Defender’s resource consumption. Staying current with updates is one of the most passive and low-effort ways to maintain a healthy and well-performing system.
If your system is showing a failed update, address that first. Failed or stuck updates can also trigger unusual Windows Defender behavior as the system tries to reconcile file changes during the update process.
Fix 12: Use Windows Security Notification Area to Check for Issues
Sometimes the high CPU usage is triggered by a specific alert or notification that Windows Defender is trying to show you. If there is an unresolved threat, a required action, or a protection setting that needs attention, Defender can enter an active state and keep scanning.
Look in your system tray at the bottom right of your taskbar for the Windows Security shield icon. If it has a yellow warning or red X on it, click it to open the Windows Security dashboard. Address any alerts that appear, such as confirming a quarantine action, re-enabling a protection feature, or clearing a pending notification.
Once all alerts are resolved and the dashboard shows a green checkmark on each category, Windows Defender should return to a lower, more stable level of CPU activity. This is a quick check that takes less than a minute but is easy to miss if you do not regularly look at your system tray.
If you see a notification saying “Threats found” that has been sitting there unresolved, take action on it immediately. An unresolved threat detection is one of the most common reasons Windows Defender loops in a high CPU state.
Fix 13: Rebuild the Windows Defender Security Database Using PowerShell
A corrupted Windows Defender security database can cause abnormal behavior, including continuous high CPU usage that does not stop even after a restart. Rebuilding this database forces Windows Defender to start fresh with clean data files.
Open PowerShell as an administrator. To do this, press Windows key + X and select Windows PowerShell (Admin) or Terminal (Admin) on Windows 11. In the PowerShell window, type the following commands one at a time and press Enter after each one:
Stop-Service -Name WinDefend -Force
Remove-Item -Path "C:\ProgramData\Microsoft\Windows Defender\Scans\*" -Recurse -Force
Start-Service -Name WinDefend
The first command stops the Windows Defender service. The second command clears the scan database files. The third command restarts the service with a clean state. After running these commands, restart your computer and monitor CPU usage in Task Manager.
This approach is more thorough than manually deleting cache files through File Explorer and is a good option if the cache reset in Fix 7 did not provide enough relief.
Fix 14: Check and Repair Corrupted System Files
Corrupted Windows system files can interfere with Windows Defender’s normal operation and cause it to use excessive CPU. Windows has a built-in tool called System File Checker (SFC) that can detect and repair these files automatically.
Open PowerShell or Command Prompt as an administrator. Type the following command and press Enter:
sfc /scannow
The System File Checker will scan all protected system files and replace any corrupted ones with correct versions. This process can take 10 to 20 minutes. Do not close the window until it is finished.
After SFC finishes, run a second tool called DISM to repair the Windows image itself. Type this command and press Enter:
DISM /Online /Cleanup-Image /RestoreHealth
DISM connects to Windows Update to download any needed repair files, so make sure your internet connection is active. After both tools complete, restart your PC. Corrupted system files are more common than most users realize, especially on systems that have been running for years or have had improper shutdowns or power failures.
When Should You Be Concerned About MsMpEng.exe?
Most of the time, high CPU usage from Antimalware Service Executable is a temporary and normal behavior that happens during a scan or definition update. However, there are situations where the issue signals something more serious.
If MsMpEng.exe consistently uses over 50% of your CPU for hours at a time with no active scan running, it may indicate a malware infection, a corrupted Defender installation, or a serious software conflict. In these cases, you should run a full malware scan using a secondary scanner like Malwarebytes Free in addition to Windows Defender, and then consider a repair or reset of Windows if the issue persists.
Also, verify that the MsMpEng.exe you see in Task Manager is located at C:\Program Files\Windows Defender\MsMpEng.exe. If the file is running from a different directory, such as a temp folder or an obscure location, it could be a malicious program masquerading as a Windows process. Right-click the process in Task Manager and select Open file location to confirm its path.
FAQs
Is Antimalware Service Executable a virus?
No, Antimalware Service Executable is not a virus. It is a legitimate Windows background process that belongs to Windows Defender, also known as Windows Security. Its file name is MsMpEng.exe and it handles real-time malware protection for your system. However, if you notice MsMpEng.exe running from an unusual folder location rather than C:\Program Files\Windows Defender, it could be a fake process pretending to be the legitimate one. Always verify the file path in Task Manager if you are suspicious.
Can I disable Antimalware Service Executable permanently?
You can disable it, but it is not recommended unless you have a reliable third-party antivirus installed to replace it. Disabling MsMpEng.exe without a replacement leaves your PC completely unprotected from malware, ransomware, and other threats. If you want to stop Windows Defender from running, install a reputable third-party antivirus first, which will cause Windows Defender to deactivate itself automatically.
Why does Antimalware Service Executable use so much RAM in addition to CPU?
Windows Defender loads virus definitions and scan data into RAM so it can identify threats quickly. A large set of virus definitions combined with active real-time scanning can consume a significant amount of memory. The same fixes that reduce CPU usage, such as adding exclusions and rescheduling scans, also tend to reduce memory usage. Keeping definitions updated and clearing the scan cache also helps lower RAM consumption.
Does the Antimalware Service Executable slow down gaming?
Yes, it can. During a scheduled scan or a real-time scan triggered by a large game file being accessed, MsMpEng.exe can consume enough CPU and disk resources to cause lag, stuttering, or frame rate drops in games. Adding your game folders to the Windows Defender exclusion list and rescheduling scans to off-peak hours are the best ways to prevent this. Many gamers also enable Windows Game Mode under Settings > Gaming > Game Mode, which helps prioritize resources for active games.
How long does the high CPU usage from Antimalware Service Executable last?
If the high CPU usage is caused by a routine scheduled scan, it typically lasts between 20 minutes and a few hours depending on the size of your hard drive and the number of files on it. If the high CPU usage has been going on for more than 24 hours without stopping, there is likely an underlying issue such as a malware infection, a corrupted scan database, or a software conflict. Use the fixes in this guide to diagnose and resolve the root cause.
Should I use a third-party antivirus alongside Windows Defender?
Running two real-time antivirus programs at the same time is generally a bad idea. They will conflict with each other, each scanning the other’s processes, which can cause even higher CPU and memory usage. If you choose to use a third-party antivirus, disable Windows Defender’s real-time protection first or let the third-party antivirus handle the deactivation automatically. You can still use Windows Defender for occasional manual scans if needed, but having two active real-time scanners simultaneously causes more problems than it solves.
I’m a tech enthusiast who loves breaking down gadgets, apps, and tools into simple, honest reviews. At GenResizeHub, I help you make smarter buying decisions through in-depth comparisons and easy-to-follow guides. Got a question? Drop me a mail!
