There’s a potential confusion in your instructions for setting up an exclusion for MsMpEng.exe,
rkcreationzzz. This file should only be excluded with a
process exclusion. A process exclusion prevents Defender from scanning a file every time it’s accessed by the excluded process and thus reduces the workload and resolves the resource overhead issue for the Antimalware Engine. These are the choices
that we’re presented with in Windows 10, and the proper choice would be Process:
The idea of setting up a process exclusion
in order to prevent the Antimalware Engine from tracking itself goes back to 2007, when it was first posted by Coleman:
http://geekswithblogs.net/Coleman/archive/2007/03/26/109906.aspx
Obviously, people are still looking for a simple answer for this issue, and assuming that the issue is just with the Antimalware Engine tracking itself makes the answer a whole lot easier than it would be if we had to use Task Manager, or the Windows
Resource Monitor, or the Sysinternals Process Monitor to actually hunt down the process responsible for Defender’s aggravated state.
Now, a process exclusion for the Antimalware Engine isn’t likely to help with the current version of Windows Defender, but it certainly won’t hurt to try. And this might just set folks on the right track – because using a
process exclusion is precisely how we prevent the Antimalware Engine from chasing the read/write operations of any problematic process. These days Defender would more likely be chasing some malicious or overactive third-party application process, or
maybe even an errant system process; rather than just chasing its own tail.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
And it’s not really surprising to see that unchecking the items in the Conditions tab of the
Windows Defender Scheduled Scan task has now gone viral – because it certainly does have the virtue of simplicity – but on the downside, it’s sad to see that so many of today’s Windows users don’t have a clue about how Windows Automatic Maintenance
works, or even about how Task Scheduler works, and that they’re so easily led astray. It looks like it’s now mandatory for all derived tutorials on this topic to include these bogus steps for fixing the
Windows Defender Scheduled Scan task, e.g.:
https://windowsreport.com/msmpeng-exe-high-cpu-usage/
And we even see these steps repeated in blogs by people who really should know better:
https://blog.emsisoft.com/en/28620/antimalware-service-executable/
And of course the credit for this mountain of misinformation really goes back to Tadasha Mishra’s reply in this classic Answers Forum thread:
https://answers.microsoft.com/en-us/windows/forum/windows_8-performance/can-one-prevent-antimalware-executable-to-start/14d43f26-c682-4b3d-80b6-59ae754b8649
I protested until a Community Moderator finally removed the reply's “answer” credit, but the damage had already been done – and now there are a thousand and one derived tutorials out there that all parrot these same contrived steps (or variations thereof).
GreginMich
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
