Excessive CPU utilization by MsMpEng.exe

Occasionally for no apparent good reason the resident MsMpEng.exe will eat 100% of my CPU resources, for what seems like about 1 minute - I can see this with Windows Task Manager.

It seems to happen maybe within the first half hour(?) or so after a start up of my PC.

This obviously severely slugs my system.

At the time I was merely using an old version of Ulead PhotoImpact 8 - which I use frequently - almost daily - and hadn't notice anything untoward with MsMpEng.exe until today's incidents - at least twice - as I restarted my PC in case something was messed up/corrupted - but it happened again shortly after start up.

This also could be related before the restart I was notified the Dr Watson had crashed and sent in the incident report.

I can't figure out why this is happening -
the only resident security related software I am running is Kerio Personal Firewall 2.1.5 -
I do NOT have any other security software installed/resident.

My system:
eMachines W3017
AMD Sempron(tm) Processor 3100+ 1.8GHz
1Gb RAM
Windows XP 5.0.1.2600 (2600.xpsp_sp2_gdr.090206-1233 (Service Pack 2))
(regularly updated - via Automatic Update Notify)
 

Question Info


Last updated September 3, 2019 Views 116,705 Applies to:
Answer
Answer

Hi UnknownVT,

FWIW, we have been able to reproduce larger than normal scan times for the ZIP Repair tool you mentioned.

We identified that this was due to the fact that this was a file packed with a very uncommon obfuscator (ExeCryptor). This issue should be fixed in tomorrow's signature update.

If you have any other particular files that are taking exceptionally long scan times, it would be great if you could let us know what they are.

We are not able to diagnose the TWAIN photo loader issue as yet, but would appreciate if you could contact support about it.

Sincerely,

Shiroy Choksey [MSFT]

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Answer
Answer

 

Suggestion you could uninstall your old firewall and see if the problem is gone. Sunbelt Software has a free personal firewall and it’s supported. Then see what happens if problem remains, reappears or is gone for good.  
Thank you for the suggestion.

This is not conclusive - as I have not been able to recreate the problem - but I'll outline what I have tried.

Firewall as potential problem -

I did one better - with MSE resident - I simply stopped/disabled the my Kerio firewall and ran through the things that I could remember doing when the excessive CPU utilization occurred - this was running my older version of Ulead PhotoImpact 8.

With or without the firewall running the behavior was the same -
I did this several times to confirm
as well as hoping to see the problem.

However I can see high CPU utilization (like up to 99%) for what I would term a "normal" duration - while I was loading photos into PhotoImpact 8.

What I use is an old TWAIN loader this opens up thumbnail display where I choose the photos to open then it runs through
1) Acquiring image data
2) Decoding JPG image
3) Transferring Data to application

The first two stages are quick and MsMpEng.exe remains "idle"
It is during the third stage of Transferring data to application that MsMpEng.exe can have up to 99% CPU utilization.

In comparison if I merely use the Open file which invokes explorer - MsMpEng.exe remains at 00% during the open.

Details of the TWAIN utility:
[IMG]http://img.photobucket.com/albums/v71/UnknownVT/PC/CanonTWAIN.jpg[/IMG]

It's during this phase that MsMpEng.exe has high CPU utilization (which does NOT occur if one merely "opens' the JPG files)
[IMG]http://img.photobucket.com/albums/v71/UnknownVT/PC/Transfer3.jpg[/IMG]

Remember this is the same with or withOUT the Firewall running
- so I really don't think the Firewall is the culprit.

However it is this TWAIN loader which is causing MsMpEng.exe to use the CPU.

But in mitigation while my system is "normal" even though MsMpEng.exe can use up to 99% CPU it is not really slugging my system as I am not doing anything else - and I have confirmed this by stopping MsMpEng.exe and doing the TWAIN loading.

However a simple open of JPG files doesn't seem to invoke MsMpEng.exe - which remains at 00%.

Thanks for the suggestions.

--
Vincent

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.