Home » Windows » 7 Fixes for Antimalware Service Executable High CPU/RAM Usage on Windows 10/11

7 Fixes for Antimalware Service Executable High CPU/RAM Usage on Windows 10/11

by Gaurav Bidasaria
0 comment

The Antimalware Service Executable is a legit process that runs in the background of your Windows 10 and 11 computer. It is part of Windows Security, more specifically Defender, and helps protect your PC against malware threats. Problems occur when the Antimalware Service Executable process begins to consume too much RAM and CPU, resulting in a slow, laggy user experience.

What Is Antimalware Service Executable

As noted in the introduction, Antimalware Service Executable is a valid process that is run and maintained by Windows Security. Microsoft Defender uses it to fight malware on your PC. As such, it is supposed to be running constantly in the background. However, it usually consumes little to no resources.

antimalware service executable service running on windows

You will notice in the above screenshot that on my Windows 11 computer, the CPU and Memory usage is close to zero. However, several users find Antimalware Service Executable process to be consuming too much PC resources, ultimately slowing down their Windows 10 or 11 computer. Note that the file name of the process is MsMpEng.exe instead which can add to the confusion.

Pro Tip: Top 8 Ways to Maximize CPU Performance on Windows 11

Should You Disable Antimalware Service Executable

You should never close this process. It is supposed to be running at all times in the background. Closing this process puts your Windows computer at malware risk. Ideally, if Antimalware Service Executable process is consuming more resources, it should mean that Defender is running a scan in the background, looking for malware threats, updating libraries, or whatever else it needs to do to neutralize the threat if any is detected.

Also, even if you do disable Antimalware Service Executable process, Defender will restart it automatically. You can only stop it from running by disabling Windows Security completely which is also not recommended. Now there is some misleading information about this process online. One is that installing another antivirus app will stop this process. I have Malwarebytes Premium installed and Antimalware Service Executable still runs in the background just fine.

Once the scan is complete and any threat, if detected, has been dealt with, Antimalware Service Executable should go back to its previous state. If Antimalware Service Executable process continues to consume high CPU and RAM usage, here are some troubleshooting steps.

1. Scan Manually

There are two reasons to scan your computer using both Defender and Malwarebytes. One is to figure out if the PC is infected with malware and two is to reduce CPU and RAM usage by Antimalware Service Executable process.

1. Press Windows+S to open Windows Search. Type Windows Security and open it.

windows security on windows 11 computer

2. Select Virus & threat protection tab in the left sidebar, and then perform a full scan from the right window pane. Here you can perform a full or a Quick scan.

quick scan in virus and threat protection in windows security

3. Once the scan is complete, download Malwarebytes. The free version is good enough but I would recommend the paid version if you can afford it. Run a scan using Malwarebytes too as it was designed to detect malware specifically.

Note 1: You cannot and should not use two antivirus programs on the same machine at the same time. Installing Malwarebytes will disable Defender automatically.

malwarebytes in windows security on windows 11

Note 2: You can use any third-party antivirus of your choice and still use Defender by enabling periodic scanning in Windows Security > Virus & threat protection.

enable periodic scanning of defender in windows security

Finally, most Windows users don’t know this but Microsoft has a separate, regularly updated tool called Microsoft Safety Scanner. You will have to download a fresh copy every time you want to run it. The tool is not updated automatically and doesn’t have to be installed. Simply download and run. It will scan for viruses on your Windows PC.

2. Turn Off/On Real-Time Protection

Several Windows users found this simple tip to work and help resolve Antimalware Service Executable process consuming too much RAM and CPU.

Windows Security has a number of components that help protect your computer. One of them is the real-time protection. You will find it under Windows Security > Virus & threat protection > Manage settings.

windows security virus & threat protection

Now scroll a little and turn off Real-time protection, wait a few moments, and then turn it back on.

turn off and on real-time protection in windows security

3. Change Defender’s Schedule

Since Windows Security runs periodic scans in the background, rescheduling the scan can help fix Antimalware Service Executable process taking too much CPU and RAM.

1. Press Windows+R to open the Run prompt. Type taskschd.msc and press Enter button on your keyboard. It will open the Task Scheduler.

run prompt in windows 11

2. In Task Scheduler, in the left window-pane, navigate to the below folder structure.

Task Scheduler Library > Microsoft > Windows > Windows Defender
windows defender in task scheduler on windows 11

3. Now double-click on Windows Defender Scheduled Scan option in the middle window pane under the Name column.

windows defender scheduled scan in task scheduler in windows 11

4. In the pop-up that follows, uncheck Run with highest privileges option under General tab.

5. Uncheck everything under the Conditions tab.

5. Click on OK to save all settings in all open windows and check again if Antimalware Service Executable is consuming too many resources in the Task Manager (press Ctrl+Shift+Esc to open Task Manager directly).

6. To set a new schedule, go to the Triggers tab, and click on New. Then in the pop-up that follows, select Weekly and check Enabled.

7. Repeat the same steps for Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification in the middle window-pane. Go back to step 3 above.

Doing so will reschedule the Antimalware Service Executable component to run weekly instead of daily. Now allow the current scan to finish and see if system resources are freed up.

4. Add to Exclusion List

Add the Antimalware Service Executable process to the exclusion list will prevent Windows from running it automatically once it is closed.

1. Open Windows Security again and select Virus & threat protection in the left sidebar. Now click on Manage settings under the Virus & threat protection settings section.

windows security virus & threat protection

2. Scroll to the bottom and click on Add or remove exclusions.

add exclusions in windows security on windows 11

3. Click on Add an exclusion button. You may be asked to give permission. If yes, do it.

add an exclusion to windows security on windows

4. In the drop-down menu, select Process because that’s what Antimalware Service Executable is. In the Task Manager, it is listed under Processes.

5. Now enter the name of executable file that runs the process. We mentioned at the beginning that Antimalware Service Executable file name is MsMpEng.exe so that’s what you will enter here.

add exclusion for MsMpEng.exe in windows security

6. Click on Add and then OK to save changes. Then restart your computer and check if the PC continues to consume high CPU and RAM resources.

5. Use 3rd-Party Antivirus

The Antimalware Service Executable is primarily associated with Defender component of Windows Security. Using a third-party antivirus should resolve the issue. I am using and recommend Malwarebytes (not affiliated in any way) but you can go with another. Note that the above process is still running on my computer even though I have Defender disabled. But it may help reduce high CPU and RAM usage as it will alter how and when malware scans are performed on your Windows computer.

6. Disable AntiSpyware

This particular issue was discovered by Windows 10 Insiders community members. It traces back to a Registry Editor key that is easy enough to fix.

1. Search Registry Editor in Windows Search and open it with Admin rights.

open registry editor with admin rights on windows

2. Navigate to the folder structure below from the left window pane.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

3. You should find DisableAntiSpyware file in the right window pane. If not, right-click anywhere and select New > DWORD (32-bit) Value.

4. Now rename the file as DisableAntiSpyware. You can select the file and press F2 to rename any file on Windows.

5. Now double-click to open the newly created file and enter the Value data as 1.

6. Save all changes. Reboot your computer once and check again.

7. Disable Exploit Protection Service

A false positive scenario where Defender cannot close an activity or disable a service for some reason. While not a big deal, now the service is running in a loop causing the Antimalware Service Executable process to run in a continuous loop. This then results in the process to take high CPU and RAM resources.

1. From Windows menu, search for PowerShell and open it with admin rights.

open powershell with admin rights on windows

2. Copy-paste the command below and hit Enter to execute it.

powershell “ForEach($v in (Get-Command -Name \”Set-ProcessMitigation\”).Parameters[\”Disable\”].Attributes.ValidValues){Set-ProcessMitigation -System -Disable $v.ToString().Replace(\” \”, \”\”).Replace(\”`n\”, \”\”) -ErrorAction SilentlyContinue}”

Note: You may see a warning of some kind but that is okay. Allow the command to run its course. When done, reboot the computer.

Also Read: Command Prompt vs PowerShell vs Windows Terminal: How They Differ

Antimalware Service Executable Process

The process itself is legit. The only problem is when it begins to consume more resources than it should. That’s when you experience a slow PC. We don’t recommend disabling Defender without enabling another antivirus app. We also don’t recommend disabling critical services using Group Policy Editor. Instead, there are some workarounds that you can use to fix Antimalware Service Executable process running in loops.

You may also like