Windows Defender | Anitmalware Service Executable high CPU use

Are you a registered Windows Insider and if so, is an Insider Preview build installed?

Benefits & Risks of P2P file sharing (e.g., qBittorrent)  

  • [http://blogs.technet.com/mmpc/archive/2008/10/06/the-cost-of-free-software.aspx](http://blogs.technet.com/mmpc/archive/2008/10/06/the-cost-of-free-software.aspx)

  • [http://www.us-cert.gov/cas/tips/ST05-007.html](http://www.us-cert.gov/cas/tips/ST05-007.html)

  • [http://krebsonsecurity.com/2011/06/software-cracks-a-great-way-to-infect-your-pc/](http://krebsonsecurity.com/2011/06/software-cracks-a-great-way-to-infect-your-pc/)

  • [http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=3297086](http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=3297086)

You’ll have to compare the date on your Reddit source with Tadasha Mishra’s reply in this thread: 

http://answers.microsoft.com/en-us/protect/forum/protect\_defender-protect\_scanning/can-one-prevent-antimalware-executable-to-start/14d43f26-c682-4b3d-80b6-59ae754b8649

This is such an absurd and outrageous reply that it’s hard to believe that it could have originated independently from any other source, and of course anything that gets upvoted here is likely to get copycatted by one of the dim-bulb bloggers that mine this site for material.

AV apps are evolving so rapidly these days that it’s really not reasonable to base your evaluations on old experiences. And if you reject the third-party AV solution, then you’re putting yourself in a real bind, because tracking down the source of the excessive CPU utilization can mean a lot of work with process-monitoring utilities and third-party on-demand malware-removal tools. One of the common causes of this issue is a third-party AV app or a leftover component thereof, but it sounds like we can rule that one out in your case.

Another common source would be undetected or un-remediated malware, and going after this requires the use of third-party malware-removal apps. Note that periodically scanning with one or more of these tools is also generally recommended as a means of supplementing the protection provided by your real-time AV app:

Kaspersky Virus Removal Tool:

http://www.kaspersky.com/antivirus-removal-tool?form=1

Emsisoft Emergency Kit:

http://www.emsisoft.com/en/software/eek/

Malwarebytes Anti-Malware (free version only):

https://www.malwarebytes.org/antimalware/

Eset Online Scanner:

http://www.eset.com/us/online-scanner/

There’s a longer list of trusted third-party scanners here:

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2413189

Another thing that you might want to try is creating path and process exclusions for the Antimalware Service Executable (MsMpEng.exe) and for any other process that appears to be consuming high resources at the same time as the Antimalware Engine. You can use the Windows Resource Monitor (or even Task Manager) for this if you’re not familiar with the third-party process-monitoring utilities.

But pinning down the specific process that’s overworking the Antimalware Engine can frequently be frustrating, and since it often appears that the Antimalware Engine’s CPU activity is an artifact of the scanning engine itself, or sometimes of the specific set of definitions that are loaded – the issue can often be resolved without going through all the work of tracking down the offending process – just by switching to a free third-party AV app:

http://answers.microsoft.com/en-us/protect/forum/protect\_defender-protect\_scanning/how-to-stop-antimalware-service-executable-from/a3a57d31-4687-43c0-b274-261da7d89245

But of course if you’d rather avoid all of this work, and you really don’t want to switch, then option 1 sure sounds like a fine (and green) solution to me:

1. turn computer off when not using, the problem does not arise from a fresh boot

GreginMich