Fix: Antimalware Service Executable High Memory

Deep ShresthaBy
antimalware service executable high memory

Antimalware Service Executable takes high system memory, especially when Windows Defender’s Virus & threat protection is running a scan. While it releases the memory once the scan completes, you may notice a significant drop in performance during this process.

Although you cannot end this task since it is a system process, you can stop the scan and release the memory. If Windows Defender is not performing any scan, features like Real-time protection or cloud-delivered protection might still cause the process to take high memory resources.

Disabling these features should, in theory, stop the high memory usage. If it does not resolve the issue, there are a few things you can try to fix the problem with high memory usage.

Before that, let’s know a little about this background process.

What is Antimalware Service Executable?

Antimalware Service Executable (MsMpEng.exe) is a system application that automatically runs on startup if you do not have any third-party antivirus application installed. 

antimalware service executable

Once the system turns on, the Windows Defender antivirus will run a quick scan which can result in the Antimalware Service Executable consuming high resources for a couple of minutes. 

If it is not running any scan, the background process should take about 150 MB to 200MB of memory resources. This number should not go higher than 300MB on idle conditions. If it is, we recommend that you start by checking Virus & threat protection.

Check Virus & Threat Protection

Windows Defender and its background process and services use a high CPU, memory, Disk, and CPU resources when it scans the PC. This number is even higher when it is running a full scan.

You can simply cancel the scanning process to lower memory, CPU, and disk resource usage.

  1. Press the Windows + R key.
  2. Type windowsdefender: and press Enter.
    windows defender antimalware service
  3. Click on Virus and threat protection.
    virus and threat protection windows defender
  4. Click on Cancel if it is running a system scan.
    cancel full scan virus and threat protection

Once you cancel the scan, check if Antimalware Service Executable uses lower system resources. This number should decrease gradually and after some time, Windows Defender’s CPU and Disk usage will be close to 0, and its memory usage should stay around 150 MB to 300 MB.

Disable Virus & Threat Protection Features

If the system is not running any scan, but the Antimalware background process is still using high memory usage, it might be using features included in Virus & Threat protection.

These features include locating and scanning new files on the system, providing protection to data in the cloud, and sending sample files to protect the system from potential threats. 

You can disable them to lower system resources, but this will leave your system vulnerable. 

  1. Open Windows Defender.
  2. Select Virus and Threat Protection.
    virus and threat protection windows defender
  3. Under Virus & threat protection settings, click on Manage Settings.
    manage settings virus and threat protection
  4. Turn off Real-time protection, Cloud-delivered protection, Automatic sample submission, and Tamper Protection.
    disable virus and threat protection features
  5. Now open the Task Manager and check if it lowers memory usage.

Even if you turn off Real Time protection, Windows automatically enables it when you restart the system. However, you can permanently disable Real-time protection. 

Note: Permanently disabling Real-Time protection is not recommended as your system will not scan new files and folders.

Before you can disable Real-time protection permanently, make sure that Tamper Protection is disabled.

  1. Open Run.
  2. Type gpedit.msc and press Enter.
    open gpedit antimalware service
  3. Navigate to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
  4. Click on Real-time Protection.
  5. In the left panel, double-click on Turn off real-time protection.
    turn off real time protection antimalware service
  6. Check Enabled.
  7. Select Apply then OK.
    disable real time protection antimalware service
  8. To Enable Real-time protection, you can simply enable Tamper Protection.
Note: Group Policy Editor is only available on Pro or Enterprise Windows Edition.

Update Windows

MsMpEng.exe (Microsoft Malware Protection Engine) had a significant performance issue where it uses unreasonably high computation when the Real-time protection feature is active. This simultaneously causes high system resource usage, especially when using browsers like Firefox.

Fortunately, Microsoft pushed a patch update that fixed the mpengine.dll file in Security Intelligence update version 1.387.695.0 on April 4, 2023. You can install this update to fix the issue with Antimalware service executable high memory usage.

  1. Press Windows + I and select Windows Update.
  2. Click on Check for Updates or Install Updates.
    check for update antimalware service
  3. Restart your PC once the installation is complete.
  4. Open Task Manager and check if the high memory usage issue is fixed.

Add Exclusion

Users in numerous online forums have also reported that adding the MsMpEng.exe file to the exclusion list in Windows Defender fixed the issue for them. To add Microsoft Malware Protection Engine to exclusion,

  1. Open Windows Defender and click on Virus and threat protection.
    virus and threat protection windows defender
  2. Under Virus and threat protection settings, click on Manage Settings.
    manage settings virus and threat protection
  3. Scroll down and click on Add or Remove exclusions.
    add exclusion antimalware service
  4. Click on Add an Exclusion and select File.
    add an exclusion antimalware
  5. Navigate to C:\Program Files\Windows Defender.
  6. Select MsMpEng.exe and press Open.
    add msmpeng to exclusion
  7. Now, check if the Antimalware service is still causing the high memory issue.

Change Scheduled Scan Properties

Your system can automatically start the Windows Defender scan if the process is scheduled to run via the Task Scheduler. On top of that, Windows runs the scan with the highest priority. This enables Windows Defender services and background processes to use higher system resources. 

Tweaking Defender’s task scheduler properties allows the user to control when the system runs Windows Defender scheduled scan and even lower its priorities.

  1. Open Run.
  2. Type taskschd.msc and press Enter.
  3. On the left panel, navigate to Task Scheduler Library > Microsoft > Windows.
  4. Click on Windows Defender.
  5. On the middle panel, double-click on Windows Defender Scheduled Scan.
    task scheduled windows defender scan
  6. In the General tab, uncheck Run with the highest privileges.
    disable run with highest previlage scheduled scan
  7. Go to Conditions, and uncheck Start the task only if the computer is on AC power.
    disable conditions on windows defender
  8. Go to the Settings tab and uncheck everything.
    disable additional settings antimalware
  9. Finally, go to the Triggers tab and click on New.
    create new triggers defender scan
  10. Here, you can set a preferred date and time to run the scheduled scan. I recommend that you scan the PC at least once a week.
    create new task trigger antimalware service
  11. Once you set the triggers, click on OK.
  12. Again, select OK.
  13. Restart your PC and check the memory usage.

Disable Virus & Threat Protection

Finally, if none of the solutions work, you can try disabling the entire Virus and threat protection. When you disable Virus and threat protection, it will not use any background process or defender services such as the Antivirus Service.

  1. Press the Windows + R key.
  2. Type regedit and press Enter.
    open regedit antimalware service
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  4. On the right panel, right-click and select New.
  5. Click on DWORD (32-Bit) Value.
    create d word value antimalware service
  6. Name it DisableAntiSpyware.
  7. Double-click on it and set the Value Data to 1.
    disable anti spyware regedit key
  8. Click OK.
  9. Restart your PC and open Windows Defender.
  10. Check if the Antimalware Service Executable still runs.

Disabling the Virus and Threat Protection makes your entire system vulnerable to malware attacks. So make sure that you install a separate antivirus application once you disable Windows Defender.

If you are installing a third-party application, the OS will automatically disable Virus and Threat protection feature and use the installed antivirus application.

Note: Third party antivirus application may also use high resource usage when performing a scan.

Deep Shrestha works as a computer hardware writer at TechNewsToday with several hardware and programming certifications. Although he has been writing technical content for more than a year, his interest in hardware components started at a very young age ever since he heard about PC building. Pursuing his passion, he has assembled several desktop computers. Besides building desktop PCs, Deep also has hands-on experience fixing software and hardware issues on laptops and desktop computers. Using all this knowledge and skills about computer hardware, he's on a quest to make content that's easy to read and understand for everyone. You can contact him at deep@technewstoday.com

Related Posts

Add A Comment

Leave A Reply