What is the MsMpEng.exe process and why is it using up the processor or memory?


After opening the task manager, ordinary users can detect the Antimalware Service Executable process, which loads the Windows 10 system. This process can load the system in various ways, from creating a load on the central processor, RAM, and ending with a weak hard drive, which is the most common.

In this article, we will look at what this process is and how to disable Antimalware Service Executable in Windows 10. I’ll say right away that you will not be able to remove Antimalware Service Executable, it’s better not to even try, but disabling it is very possible.

Antimalware Service Executable what is this process

When the Antimalware Service Executable process is detected in the task manager, which mercilessly loads your system, users try to remove the task or kill the process in a simple way and receive an error denied access, although they have administrator rights. Therefore, the problem remains and to solve it, you must first figure out what kind of process is loading the system.

To do this, you can simply open this process in the task manager and see which service is responsible for it. In this case, we will see the Windows Defender Antivirus service. If we look at the properties of the Antimalware Service Executable process, we will see that the MsMpEng.exe executable file is responsible for its operation. Therefore, we can assume that if you detect activity on your computer, Windows Defender checks the system for malware in the background.

Disable Windows Defender tasks

When installed on a system, not all third-party antiviruses disable Defender background tasks as part of automatic system maintenance. Some antiviruses can only disable standard real-time protection. Third-party security software installed on the system usually carries out its scheduled maintenance in the background. And in parallel, the standard Windows antivirus does the same work. Total: we have two service processes that solve the same issue. In this case, Defender tasks can be disabled by selecting “Disable” in the context menu of each of them.

If a third-party antivirus is subsequently removed from the system, Defender background tasks can be activated in the opposite way - by selecting “Enable” in the context menu.

If the system does not have a third-party antivirus, and Windows Defender provides protection against malware, the launch of its background tasks can be configured to suit your needs. To do this, double-click to open each of the Defender’s scheduled tasks in a separate window.

How to disable Antimalware Service Executable

Since this is a Windows Defender service, then you can use a global method to solve the problem, namely, completely disabling Windows 10 Defender Security Center. For more ways to disable Antimalware Service Executable in the latest versions of Windows 10, see the previous link. We will show you some of the simplest ways to disable Antimalware Service Executable yourself completely and quickly.

Task Scheduler

  1. Open computer management by running the command mmc compmgmt.msc in the Win+R .
  2. Then follow the path: Utilities > Task Scheduler Library > Microsoft > Windows > Windows Defender .
  3. Select all Windows Defender files along this path and click in the context menu Complete, and then Disable.

After these actions, the Antimalware Service Executable process will stop loading the system as a whole, this can be observed in the task manager, even without the need to restart the computer.

Registry Editor

  1. Open the registry editor by running the regedit in the Win+R .
  2. Go to the registry key: HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows Defender .
  3. Changing the parameter value DisableAntiSpyware on 1to disable Antimalware Service Executable.

In this case, we will need to reboot the system for the changes to take effect.

The Antimalware Service Executable process is really important because it is responsible for Windows Defender scanning the system in the background. Therefore, if you have a weak computer, a very old hard drive, then you may see an unwanted load on the system by this process. In such cases, it is worth pausing or completely disabling Antimalware Service Executable in Windows 10.

If you are a beginner, then we strongly do not recommend making changes in the registry editor. Or, before making changes, read the article on how to create a backup copy of the Windows 10 registry.

If you're using Windows Defender on Windows 10 and you're noticing high CPU usage for an uncharacteristically long period of time, know that it can be fixed.

In this article, we have provided several simple steps that will prevent Antimalware Service Executable and optimize the operation of this service.

What is the process msmpeng.exe or Antimalware Service Executable for?

If you use Windows Defender as your primary antivirus protection, then when you open Task Manager (Ctrl+Shift +Esc) on the “Processes” tab, you will find a process called Antimalware Service Executable and the corresponding file MsMpEng.exe .

This process allows Windows Defender to monitor your computer for threats and provide real-time protection against malware and cyberattacks. On the other hand, this particular process can cause a disproportionately large load on the processor.

Another feature of Windows Defender that can slow down your system is the Full Scan, which analyzes all the files on your computer. Performing a full scan actively requires processing power, and in some cases the process may use all available system resources. All this leads to freezes, delays, loss of responsiveness and other system malfunctions.

Why does this process heavily load the processor or RAM and is it possible to disable it?

The component in question may be consuming too many resources (RAM, CPU, hard drive memory). In this case, the entire computer and its user suffer: various windows open slowly or even not at all, the system slows down and freezes, you have to constantly restart the PC even using the power button (which is not very good for the system).

The above may happen for the following reasons:

  1. Entries in the Defender registry have been damaged or have errors. In this case, special third-party utilities will help to clean the registry of incorrect keys. Two popular programs are CCleaner and Zookware Cleaner. Both of them are free and have a fairly convenient and simple interface. Also use the built-in Windows Update Assistant. Its shortcut is located on the “Desktop” or on the PC system drive in the root folder of Windows10Upgrade.


    Run the Windows Update Assistant file to check for system updates

  2. The PC was subject to a virus attack. Registry entries may be damaged for this reason. The Antimalware Service Executable process can consume a lot of RAM and CPU as Defender tries to detect and neutralize the threat in the background. Help him - run an advanced scan and wait until the standard antivirus finds and removes malware. You can also use a third-party treatment application, Dr.Web CureIt!, which can work simultaneously with the main protection program.
  3. Windows Defender is already running a scan. In this case, you just need to wait for it to finish.

If it does not complete for a long time or you experience such a load constantly while your PC is running, and cleaning the registry does not help, disable the Antimalware Service Executable process. You will not be able to do this in the Task Manager, since the operating system will deny you access to this process. You will have to deactivate the entire Windows Defender at once to disable the process in question.


In Task Manager you cannot disable the Antimalware Service Executable process

Microsoft itself does not recommend deactivating the process, but it can still be done. An important condition for disabling the Antimalware Service Executable process is the preliminary or subsequent urgent installation of third-party antivirus software. For example, you can install Kaspersky, Avast, ESET NOD32, AVG, Avira or others on your PC. Third-party viruses, by the way, consume less system resources than standard Defender.

If you had previously installed a third-party antivirus, which was immediately switched to passive mode, since the main antivirus was Defender, and two antiviruses cannot work efficiently on one device at the same time, simply activate the third-party program. The application will run on your computer instead of the standard antivirus. In any case, the PC needs protection - without an antivirus it will be very vulnerable and even the protective options of browsers will not help.


An antivirus should always be running on your PC - built-in or third-party

An alternative method to solve the problem is to determine the period of time during which Windows Defender can run through the Task Scheduler.

Reducing the startup priority of Windows Defender tasks

If your computer has good hardware, scheduled anti-virus scanning can be left as it is, simply lowering the priority of the process. In the “General” tab, you need to uncheck the “Run with highest rights” option.

and for laptops, also in the “Conditions” tab, uncheck the box to run the task only when powered from the mains.

How to disable Antimalware Service Executable via Task Scheduler

The classic Windows application called “Task Scheduler” can help with deactivating the process, in which you can create a schedule for programs installed on your PC:

  1. The easiest and fastest way to open the “Task Scheduler” is a request in the “Windows Search” panel (called by clicking on the magnifying glass icon). Just start entering the first word - you will immediately see the desired built-in program as a result.


    Type "scheduler" into Windows Search

  2. There is another way to the “Task Scheduler,” but a longer one: press the R and Win buttons simultaneously to bring up the “Run” window on the display. Type the word control in the free field and click OK. This way we will open the “Control Panel”.


    Write the word control in the "Open" field

  3. Launch the “Administration” section (for ease of searching, set the display mode to “Large icons” in the upper right corner of the panel).


    Open the “Administration” section in the “Control Panel”

  4. In Explorer, look for the scheduler in the list and double-click on it.


    Find and launch “Task Scheduler”

  5. In the first part of the window, expand the library, and then the Microsoft and Windows directories.


    Open the Microsoft folder and then the Windows folder in the left pane

  6. We launch the Windows Defender folder, dedicated to the system’s standard antivirus. In the middle part of the window you will see the contents of this folder - four parameters. Launch the first one by double clicking.


    In the Windows Defender folder, double-click the first item in the middle panel

  7. In the dialog box, in the “Conditions” section, uncheck all the items and click OK to save the changes. We repeat the procedure for the three remaining entries in the Windows Defender folder.


    In the “Conditions” tab, uncheck all the boxes and save the changes

  8. Now select each entry in turn and click on the “Disable” option in the third part of the window.


    Disable all components using the appropriate option in the third panel

  9. If you don't want to completely deactivate Windows Defender, create a schedule for it to run without interfering with your business on your PC. We also open the dialog box for the first entry. In the “Triggers” tab, click on the “Create” button.


    Click on the “Create” button under the empty field

  10. In the new gray window, set the period and frequency of the task - scanning the PC for viruses. Click OK and repeat the steps for the remaining entries in the list.


    Set the required time and days for Defender to work

  11. You can also set a conditional period for Defender to work in the same “Conditions” tab where we disabled all the items. Using the first point, we let the system understand that the security program should only work when the PC is idle (when you are not doing anything on it).


    You can specify that Defender should only work when the PC is idle

  12. In the “General” tab, you can try setting a low priority for Defender processes, including the Antimalware Service Executable component. Uncheck the box below and click OK.


    Reducing the priority of Defender processes

Different times and periods for running Windows Defender tasks

In the “Triggers” tab of the Defender task window, you can click the “Create” button at the bottom,

to assign tasks, for example, to run on a weekly basis and set the most convenient time when the computer is usually not in use. This could be at night or lunchtime.

At this time, naturally, the computer must be turned on. For laptops and tablets, power must come from the mains.

Deactivation via "Local Group Policy Editor"

Another useful utility for enabling certain operating system components is the Local Group Policy Editor. Let's look at how to deactivate "Defender" in it:

  1. Again, open the already familiar “Run” window through a combination of R and Win. To bring up the desired editor on the screen, write or insert a more complex command gpedit.msc - click on OK to execute it.


    Paste and run the gpedit.msc command in the Run window

  2. In the editor window, pay attention immediately to the first panel - quickly double-click on the large “Computer Configuration” section. In it we open the third block called “Administrative Templates”.


    In the PC Configuration directory, open the Administrative Templates folder

  3. Now we open sequentially the following directories with different policies (tasks): “Windows Components”, and then “Windows Defender Antivirus Utility”.


    Locate and open the Windows Defender Antivirus folder

  4. Under the list of folders we find the second policy for disabling the standard security application - double-click on the item.


    Expand the second item to turn off the antivirus

  5. Place a checkmark to the left of the “Enabled” value. In the lower right part of the gray window, apply the changes made and click OK to close it. We reboot the PC - the antivirus will stop working.


    Set it to Enabled and save changes

Video: how to disable Defender completely in Windows 10

Shutdown via Registry Editor

Disabling Defender and, accordingly, the Antimalware process is possible by correctly editing the registry. This method is recommended to be used only by already confident users, since incorrectly changing entries can affect the operation of the PC. Follow the instructions strictly:

  1. We immediately press R and Win on the keyboard - in the panel with the line “Open” we write the regedit key. Now click OK and wait for the command to be executed.


    In the “Open” field, paste the regedit command and click OK

  2. The system will open a window in which it will ask you to give permission to the editor to change anything in the operating system. Let's allow it - click on "Yes".


    Allow the editor to make changes on PC

  3. In the editor interface, first we will work on the left side with folders - open the third section HKEY_LOCAL_MACHINE, and in it the fifth SOFTWARE directory.


    Open the SOFTWARE folder in the HKEY_LOCAL_MACHINE directory

  4. After that, double-click block by block: Policies - Microsoft - Windows Defender. In the “Defender” catalog, right-click on any free space on the right side of the screen. Move the cursor to the “Create” option, and in the context menu click on the third line with the DWORD parameter. This will create a new entry in the Windows Defender folder.


    Create a DWORD value using the context menu

  5. Let's name the new entry DisableAntiSpyware. Launch its dialog box by double-clicking.


    Name the new setting DisableAntiSpyware

  6. In the value field, put one and click OK.


    Set the value to one and click OK

  7. For all changes to take effect, you must restart your PC. After this, we check the load on the system.

It is possible to deactivate the Antimalware Service Executable process when it constantly takes up a lot of resources from the system, but only if you have a third-party antivirus that will perform protective functions instead of the standard Windows program. You cannot disable a process individually; you can only deactivate Defender as a whole. You can do it through the “Registry Editor”, “Local Group Policy Editor”, and also in the “Task Scheduler”.

Rating
( 2 ratings, average 5 out of 5 )
Did you like the article? Share with friends:
For any suggestions regarding the site: [email protected]
Для любых предложений по сайту: [email protected]