Understanding Msmpeng.exe: What It Is and How to Fix High CPU Usage

Understanding Msmpeng.exe: What It Is and How to Fix High CPU Usage

Written by Kenneth Sawyer, In How To, Published On
February 26, 2024

In Shorts: 

  • Msmpeng.exe is an essential Windows process, but it can sometimes use too much CPU and slow down your system.
  • MsMpEng.exe launches the Windows Antimalware Service Executable to keep Windows Defender monitoring for threats.
  • The Antimalware Service Executable guarantees Windows Defender offers real-time virus, malware, and cyberattack protection.
  • Known as msmpeng.exe, the antimalware service executable periodically scans files and applications.
  • MSMpEng.exe scans downloaded files for spyware and removes or quarantines questionable objects.

Windows Defender uses the Antimalware Service Executable, often known as MsMpEng, to carry out its operations. The executable that launches MsMpEng.exe is called MsMpEng.exe. Nonetheless, several Windows users have reported that the MsMpEng sometimes displays excessive CPU consumption. Some people even worry that MsMpEng.exe could contain a virus. Windows Security includes an antimalware service executable that runs in the background. This post will explain what MsMpEng.exe is, why it utilises a lot of CPU power, and how to resolve the issue. Msmpeng.exe is an essential Windows process, but it can sometimes use too much CPU and slow down your system. This comprehensive guide explains what msmpeng.exe is, why it causes high CPU usage, and how to fix it.

What is Msmpeng.exe?


Msmpeng.exe, also known as the Antimalware Service Executable, is a core component of Windows Defender. It runs in the background to provide real-time protection against malware and cyber threats. Specifically, msmpeng.exe is the executable file for the Windows Defender service called MsMpEng.

MsMpEng runs continuously to:

  • Scan files, downloads, and connections in real-time
  • Detect malware, viruses, spyware, ransomware, etc.
  • Remove or quarantine suspicious programs
  • Prevent threats by searching for known malware signatures
  • Provide active protection against zero-day threats

So, in essence, msmpeng.exe allows Windows Defender to monitor your system and keep it secure from the latest malware and cyberattacks.

Why Does Msmpeng.exe Use a High CPU?

Despite being an essential security service, msmpeng.exe is also known to spike CPU usage on some systems.

1. Real-time Scanning

One of the primary jobs of msmpeng.exe is to scan files, downloads, and system activity in real time. This continuous monitoring requires significant CPU resources, especially when accessing high volumes of data. As msmpeng.exe scans new files, downloads, or accesses new parts of the system, it can cause CPU usage to shoot up. The problem is exacerbated by copying large volumes of data or installing major updates.

2. Scheduled Deep Scans

Windows Defender is also configured to perform scheduled scans on your entire system. This full scan analyses all files, folders, disk sectors, registry keys, services, etc., in detail to detect malware or anomalies. Deep scans happen automatically regularly, usually early in the morning. As you can imagine, scanning the entire file system and registry hogs most of the CPU power during the process. So, in summary, msmpeng.exe can use up large amounts of CPU resources when performing real-time or scheduled deep scans. The problem is temporary but can slow down your computer until the scans are complete.

How to Fix High CPU Usage by Msmpeng.exe

If msmpeng.exe is using too much CPU on your system, there are a few ways to fix the issue:

1. Exclude Windows Defender Folder from Scans

One of the quickest solutions is to exclude the Windows Defender folder from being scanned.

Here are the steps:

  1. Open Windows Security settings
  2. Click Manage settings
  3. Under Exclusions, click Add or Remove Exclusions
  4. Click Add an exclusion
  5. Select Folder and enter “C:\Program Files\Windows Defender
  6. Click Select Folder and then Yes to confirm

This prevents Windows Defender from scanning its folder endlessly. You instantly reduce unnecessary CPU load from self-scans.

2. Disable Real-Time Monitoring

Real-time scanning is usually the main culprit for high CPU usage. You can temporarily disable real-time monitoring:

  1. Go to Virus & Threat Protection settings
  2. Under Real-time protection, turn the toggle Off
  3. Remember to turn it back On when done

Your CPU usage should significantly drop. But remember, your system will be vulnerable during this time.

3. Postpone Scheduled Scans

You can also reschedule deep scans to less intensive times:

  1. Open Task Scheduler
  2. Go to Microsoft > Windows > Windows Defender
  3. Right-click the scheduled scan and select Properties
  4. On the Triggers tab, change the time and frequency
  5. Click OK to save

This prevents deep scans from running during peak usage times.

4. Restart Windows Defender Service

Sometimes, simply restarting the Windows Defender services can help:

  1. Hit Windows + R to bring up the Run dialogue box.
  2. Type “services.msc” and press Enter
  3. Find Windows Defender Antivirus Service, right, and select Restart

This restarts the MsMpEng service and clears any stuck threads and handles.

5. Update Windows and Windows Defender

Make sure you’ve installed the latest Windows updates. Also, update the Windows Defender definitions to avoid intensive scanning of nonexistent threats.

6. Check for Conflicts

Scan for malware and also check for conflicts with other antivirus programs. Uninstall any other redundant security software running real-time protection.

7. Adjust CPU Usage Limits

You can also adjust the maximum CPU usage allowed for MsMpEng:

  1. Open Registry Editor
  2. Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
  3. Modify the “CpuPriority” DWORD to 3-4 (Default is 2)

This lowers the CPU priority and limits usage by MsMpEng.

Is It Safe to Disable Msmpeng.exe?

Despite the high CPU usage, it’s generally not recommended to disable msmpeng.exe completely, as it leaves your system vulnerable. However, excluding the Windows Defender folder and postponing scans can safely reduce CPU load without too much risk. You can also temporarily disable real-time scanning if needed. But don’t disable the core MsMpEng antivirus service, as that will completely stop all Windows Defender functionality.

How to Prevent Malware Infections?


Here are some general tips to improve your security and avoid malware problems:

  • Use trusted antivirus like Windows Defender or Malwarebytes.
  • Maintain antivirus updates and avoid downloading unwanted files and apps.
  • Avoid opening dodgy email attachments.
  • Exercise caution with browser plugins and extensions.
  • Regularly backup vital data.
  • Keep your OS, browsers, etc., updated.
  • Utilize strong passwords and two-factor authentication.
  • Avoid public Wi-Fi.
  • Access public networks with VPN.
  • Avoid downloading pirated softwar

Always watch out for emerging cyber threats to be secure online. However, simple security can prevent most threats.


While high CPU usage by msmpeng.exe can seem problematic, it’s important to understand why it occurs and how to address it safely. The core MsMpEng service should never be fully disabled, but you can take steps like excluding folders, postponing scans, and tweaking priorities to keep your system running smoothly.

Frequently Asked Questions

Is msmpeng.exe a virus?

No, msmpeng.exe is not a virus. It is a legitimate and important Windows process that runs the Antimalware Service Executable for Windows Defender.

Is it safe to delete msmpeng.exe?

No, you should never delete msmpeng.exe. Doing so will completely disable Windows Defender’s real-time protection and leave your system vulnerable to malware.

Why is MsMpEng using so much memory?

MsMpEng may use a lot of memory during real-time scans or scheduled deep scans of your system. The memory usage should return to normal levels once the scans are complete.

How do I disable msmpeng permanently?

You can completely disable Windows Defender by uninstalling it via Programs and Features. But this will remove your main antivirus protection, so it’s not recommended.

What is Windows Defender Service Host?

Windows Defender Service Host (WdService.exe) is the parent process of msmpeng.exe that provides the core platform for Windows Defender services to interact with the system.

Can I set msmpeng.exe priority to Low?

Adjust the CPU priority to Low, which may help reduce usage. However, low priority can impact its ability to respond to emerging threats in real-time.

Does turning off real-time protection turn off Windows Defender?

No, turning off real-time protection only temporarily disables behavior monitoring and scans. Other core Windows Defender services will continue running.

What happens if I end the task on msmpeng.exe?

Ending the msmpeng.exe task will temporarily interrupt Windows Defender services. But they will automatically restart after about 30 seconds.

Also Read -   Planning to Move House? Here Are 5 Ideas to Help You Move Worry-Free
Related articles
Join the discussion!