What Is Antimalware Service Executable
As noted in the introduction, Antimalware Service Executable is a valid process that is run and maintained by Windows Security. Microsoft Defender uses it to fight malware on your PC. As such, it is supposed to be running constantly in the background. However, it usually consumes little to no resources. You will notice in the above screenshot that on my Windows 11 computer, the CPU and Memory usage is close to zero. However, several users find Antimalware Service Executable process to be consuming too much PC resources, ultimately slowing down their Windows 10 or 11 computer. Note that the file name of the process is MsMpEng.exe instead which can add to the confusion. Pro Tip: Top 8 Ways to Maximize CPU Performance on Windows 11
Should You Disable Antimalware Service Executable
You should never close this process. It is supposed to be running at all times in the background. Closing this process puts your Windows computer at malware risk. Ideally, if Antimalware Service Executable process is consuming more resources, it should mean that Defender is running a scan in the background, looking for malware threats, updating libraries, or whatever else it needs to do to neutralize the threat if any is detected. Also, even if you do disable Antimalware Service Executable process, Defender will restart it automatically. You can only stop it from running by disabling Windows Security completely which is also not recommended. Now there is some misleading information about this process online. One is that installing another antivirus app will stop this process. I have Malwarebytes Premium installed and Antimalware Service Executable still runs in the background just fine. Once the scan is complete and any threat, if detected, has been dealt with, Antimalware Service Executable should go back to its previous state. If Antimalware Service Executable process continues to consume high CPU and RAM usage, here are some troubleshooting steps.
1. Scan Manually
There are two reasons to scan your computer using both Defender and Malwarebytes. One is to figure out if the PC is infected with malware and two is to reduce CPU and RAM usage by Antimalware Service Executable process.
- Press Windows+S to open Windows Search. Type Windows Security and open it.
- Select Virus & threat protection tab in the left sidebar, and then perform a full scan from the right window pane. Here you can perform a full or a Quick scan.
- Once the scan is complete, download Malwarebytes. The free version is good enough but I would recommend the paid version if you can afford it. Run a scan using Malwarebytes too as it was designed to detect malware specifically. Note 1: You cannot and should not use two antivirus programs on the same machine at the same time. Installing Malwarebytes will disable Defender automatically. Note 2: You can use any third-party antivirus of your choice and still use Defender by enabling periodic scanning in Windows Security > Virus & threat protection. Finally, most Windows users don’t know this but Microsoft has a separate, regularly updated tool called Microsoft Safety Scanner. You will have to download a fresh copy every time you want to run it. The tool is not updated automatically and doesn’t have to be installed. Simply download and run. It will scan for viruses on your Windows PC.
2. Turn Off/On Real-Time Protection
Several Windows users found this simple tip to work and help resolve Antimalware Service Executable process consuming too much RAM and CPU. Windows Security has a number of components that help protect your computer. One of them is the real-time protection. You will find it under Windows Security > Virus & threat protection > Manage settings. Now scroll a little and turn off Real-time protection, wait a few moments, and then turn it back on.
3. Change Defender’s Schedule
Since Windows Security runs periodic scans in the background, rescheduling the scan can help fix Antimalware Service Executable process taking too much CPU and RAM.
- Press Windows+R to open the Run prompt. Type taskschd.msc and press Enter button on your keyboard. It will open the Task Scheduler.
- In Task Scheduler, in the left window-pane, navigate to the below folder structure.
- Now double-click on Windows Defender Scheduled Scan option in the middle window pane under the Name column.
- In the pop-up that follows, uncheck Run with highest privileges option under General tab.
- Uncheck everything under the Conditions tab.
- Click on OK to save all settings in all open windows and check again if Antimalware Service Executable is consuming too many resources in the Task Manager (press Ctrl+Shift+Esc to open Task Manager directly).
- To set a new schedule, go to the Triggers tab, and click on New. Then in the pop-up that follows, select Weekly and check Enabled.
- Repeat the same steps for Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification in the middle window-pane. Go back to step 3 above. Doing so will reschedule the Antimalware Service Executable component to run weekly instead of daily. Now allow the current scan to finish and see if system resources are freed up.
4. Add to Exclusion List
Add the Antimalware Service Executable process to the exclusion list will prevent Windows from running it automatically once it is closed.
- Open Windows Security again and select Virus & threat protection in the left sidebar. Now click on Manage settings under the Virus & threat protection settings section.
- Scroll to the bottom and click on Add or remove exclusions.
- Click on Add an exclusion button. You may be asked to give permission. If yes, do it.
- In the drop-down menu, select Process because that’s what Antimalware Service Executable is. In the Task Manager, it is listed under Processes.
- Now enter the name of executable file that runs the process. We mentioned at the beginning that Antimalware Service Executable file name is MsMpEng.exe so that’s what you will enter here.
- Click on Add and then OK to save changes. Then restart your computer and check if the PC continues to consume high CPU and RAM resources.
5. Use 3rd-Party Antivirus
The Antimalware Service Executable is primarily associated with Defender component of Windows Security. Using a third-party antivirus should resolve the issue. I am using and recommend Malwarebytes (not affiliated in any way) but you can go with another. Note that the above process is still running on my computer even though I have Defender disabled. But it may help reduce high CPU and RAM usage as it will alter how and when malware scans are performed on your Windows computer.
6. Disable AntiSpyware
This particular issue was discovered by Windows 10 Insiders community members. It traces back to a Registry Editor key that is easy enough to fix.
- Search Registry Editor in Windows Search and open it with Admin rights.
- Navigate to the folder structure below from the left window pane.
- You should find DisableAntiSpyware file in the right window pane. If not, right-click anywhere and select New > DWORD (32-bit) Value.
- Now rename the file as DisableAntiSpyware. You can select the file and press F2 to rename any file on Windows.
- Now double-click to open the newly created file and enter the Value data as 1.
- Save all changes. Reboot your computer once and check again.
7. Disable Exploit Protection Service
A false positive scenario where Defender cannot close an activity or disable a service for some reason. While not a big deal, now the service is running in a loop causing the Antimalware Service Executable process to run in a continuous loop. This then results in the process to take high CPU and RAM resources.
- From Windows menu, search for PowerShell and open it with admin rights.
- Copy-paste the command below and hit Enter to execute it. Note: You may see a warning of some kind but that is okay. Allow the command to run its course. When done, reboot the computer. Also Read: Command Prompt vs PowerShell vs Windows Terminal: How They Differ
Antimalware Service Executable Process
The process itself is legit. The only problem is when it begins to consume more resources than it should. That’s when you experience a slow PC. We don’t recommend disabling Defender without enabling another antivirus app. We also don’t recommend disabling critical services using Group Policy Editor. Instead, there are some workarounds that you can use to fix Antimalware Service Executable process running in loops.