Lemme fix: Windows Denfender High CPU usage

Another week and another Lemme fix, this time we inspect Windows Defender, which might cause high CPU usage during the updates or even if you PC is in idle. The Antimalware Service Executable is causing the issue, aka MsMpEng.exe which can be seen in the Task Manager, you will notice a higher cpu usage, among higher network and disk I/O writes.

WD causes higher CPU drain

What is the msmpeng.exe Antimalware Service Executable?

Open up the Windows Task Manager (Ctrl + Shift + Esc or Start Menu > Task Manager), scroll through the list of background processes and you will find a process called Antimalware Service Executable and its corresponding file msmpeng.exe. This process allows Windows Defender to continuously monitor your computer for potential threats and provide real-time protection against malware and cyber attacks. At the same time, however, it can also be the cause of disproportionately high CPU usage.

You should not disable or remove Windows Defender, of course advance users could but normally the AV is good enough for a daily usage, I will guide you to solve the problems instead of disabling it.

Windows Defender’s scheduling options

  • At the command prompt, type Taskschd.msc
  • In the navigation pane on the left, double-click Task Scheduler Library. Continue to expand these folders and navigate to the following destination: Library/Microsoft/Windows/Windows Defender.
  • When you have opened the Windows Defender folder, double-click Windows Defender Scheduled Scan, located in the middle pane.
  • Click the Conditions tab, uncheck all options and click OK. This will clear your scheduled scans.
  • To protect your computer, it is important to schedule some new scans, but we can do this in a way that will reduce the impact on your system’s performance. To do so, double-click Windows Defender Scheduled Scan, select the Triggers tab and click New.
  • Create a new scan schedule that suits your needs, selecting options that strike the balance between protection and system efficiency. As a guideline, we recommend (at minimum) weekly scans at a time when you’ll be unlikely to notice the increased CPU usage. Repeat the process for the three remaining services (Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification) found in the Library/Microsoft/Windows/Windows Defender folder.
WD Tash scheduler
You can enable, disable or customize the tasks how you want.

Add Antimalware Service Executable to Windows Defender’s exclusion list


  • Open Windows Defender, now you see the menu from the screenshot, click on the shield symbol, you see the Exclusion window, there you can add Antimalware Service Executable (MsMpEng.exe).
  • The dir is: c:\\program files\\windows defender

Disable Windows Defender

I not recommend it, but you’re the boss, in case you use another AV you can go and disable Windows Defender.

Disable Windows Defender
The checked services, .dll’s and registry entries should not be disabled, only what you see on the screenshot.
  • Download the free util called AutoRuns from Microsoft.
  • Run the program, wait till it collected all the services, registry entries and drivers, now in the upper search box type ‘Windows Defender’. Disable the services, registry entries and .dll files you can see on my screenshot. Uncheck these entries only. You’re done, reboot your machine and Windows Defender is vanished.

Another solution would be to work with registry entries or gpedit.msc, but from my experience the AutoRuns way is the fastest way and you really disable all drivers which are loaded during the Windows startup.

Closing words

Microsoft is aware of the issue because it was reported several times and since Windows 1709 the problem seems to be solved but not for all people it seems. There working on a fix with the upcoming versions, so it’s a good advise to update your Windows asap to solve this among other issue.

These temporarily workarounds could help you in case you still have this issue and it might come in handy when you’re anyway use another AV solution.

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: