Antimalware within Defender is taking up 50% of my memory

How do I fix this?
|
Answer
Answer

Hello,

With the issue description, I understand that you are experiencing issue with high CPU usage because of Antimalware Service. I will certainly help you to fix the issue.

Antimalware Service Executable is the name of the process MsMpEng (MsMpEng.exe) used by the Windows Defender program. The service associated with this program is the Windows Defender.
Service. The two most common reason for it to be consuming high CPU usage are the real-time feature which is constantly scanning files, connections and other related applications in real time, which is what it is supposed to be doing (Protect in Real Time).

The second is the Full Scan feature which may be scanning all files, when the computer either wakes up from sleep or when it is connected to a network, or if it is scheduled to run daily.

I would suggest you try the steps given below to fix the problem and check it if helps.

1. Open the Win+X  click/tap on Task Manager.

2. After opening the “processes” of Task Manager we easily can navigate to the antimalware service and on right clicking that option a file path will open.  There we can find the file named msmpeng.exe

3.


4. Once the “file location” is opened, click on the left top option that is “Home”. Then select “Copy path” option.

5. The next thing is related with making Windows defender aware about the path. For this, open the “Windows

Security Essential” or “Windows defender”. You can search it on “search” option found in Start Menu.

6. Navigate to the “settings” option and select “Excluded files and locations” tab.

7. If you are done with the last step, paste the file location on the first window appears and click on the “Add” tab. A second box will flash and the path pasted in previous step will be shown there. Recheck it.

8. Save the changes and close the tabs. 

Hope this helps, if you need any further assistance please write us back we will be glad to assist you.

Regards 

29 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Answer
Answer

Well… things aren’t usually quite that simple. If the problem was really that the Windows Defender Antimalware Engine (MsMpEng.exe) had a bad habit of chasing its own tail, then everybody would have this problem – and fixing it would be a snap, because we would only have to tell Windows Defender not to scan itself by setting up this exclusion that prevents the Antimalware Engine from scanning the Antimalware Engine.

But of course the process that’s really bugging Windows Defender will normally be something like a leftover component of a third-party real-time antivirus app; or an undetected malware process; or an overactive logging utility; or maybe just a busy database; or an errant third-party process; or maybe even an errant Windows process. So if you're going to try solving the high-CPU issue by using exclusions, then you would normally have to hunt down the misbehaving process with a utility like Process Monitor in order to find the executable file that actually needs to be excluded. That’s actually been the standard professional approach for this issue all along  but even professionals sometimes have a hard time identifying the specific process that's aggravating the Microsoft Antimalware Engine.

So tracking down the culprit can honestly be more work than it’s worth for average users – and the most practical solution is usually just to switch over to a free third-party AV app if a simple malware/antimalware cleanup doesn’t resolve the issue:

http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/how-to-stop-antimalware-service-executable-from/a3a57d31-4687-43c0-b274-261da7d89245

But let’s take a minute to "flash back" to the original source of this old self-exclusion “fix” that the Support Engineers are now recommending, because things have gotten a little confused over the years. This is where the self-exclusion trick got started:

http://geekswithblogs.net/Coleman/archive/2007/03/26/109906.aspx

What’s important for us to note here is that the author added the MsMpEng.exe DWORD to the Processes subkey in the registry, which means that he was actually registering a process exclusion for MsMpEng.exe – not a path exclusion.

So it’s a little ironic that the people who are currently touting this as a magic bullet have somehow replaced the original  suggestion with a recommendation for a Files and Folders (path) exclusion. As mentioned above, the self-exclusion trick isn't very likely to succeed, but if you want to give this a try, then you should really set both a path exclusion, and a process exclusion, for the MsMpEng.exe file. The process exclusion would presumably prevent the Antimalware Engine from rescanning files if it was actually in a condition where it was chasing its own tail. 

But  we can also see from the screenshot above that there's a lot of activity going on with Chrome, and of course the Windows Defender Antimalware Engine always responds to something like this by increasing its own activity level, because it’s busy tracking everything that's happening on the PC in real-time. So if the high CPU level isn’t a continuous thing , then it wouldn’t necessarily indicate any kind of dysfunctionality.

GreginMich

65 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated June 3, 2021 Views 48,029 Applies to: