Share via

High CPU usage of Windows Defender (Antimalware Service Executable)

KeYaMa-8208 31 Reputation points
2022-12-29T09:23:06.907+00:00

*Sorry for It's not exact English because it's a machine translation.

Hi Experts

It is not clear when this phenomenon occurred, but in the following environment
Antimalware Service Executable process (MsMpEng.exe) CPU usage is constantly high.

【environment】
OS: Windows 10 Pro (21H2)
Domain: AD joined (user has Domain Users authority)
Windows update: Apply the latest version up to 2023/12/28 (only recommended and automatically applied, WSUS not used)
Security: Windows firewall is on, security software other than Windows Defender is not installed, virus full scan does not detect virus

【symptoms】

  1. When connected to the company network (wireless LAN), the CPU usage rate of the Antimalware Service Executable process is always around 0-10%.
  2. The CPU usage of the Antimalware Service Executable process is always 50-80% when connected to my home(wireless LAN) or public network(e.g. Free Wifi) .
    *1 Usage rate is when virus scanning is not performed.
    *2 The CPU usage rate will be as shown above after about 5 minutes have passed since Windows started.
    *3 The CPU usage rate of the Antimalware Service Executable process does not change significantly from the state of 1. and 2. even if you use applications such as Outlook, Word, Excel, etc.

【Question】

I would like to take measures to reduce the constantly high CPU usage rate because the battery consumption is high when I am out and about.
As a countermeasure, we have implemented the following content introduced on the Internet, but there is no particular change.

(1)Exclude MsMpEng.exe folder from virus scan (exclude C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0 as of 2022/12/29)
(2)Turn off Run with highest privilege in Windows Defender item in Task Scheduler (Windows Defender Cache Maintenance, etc.)
(3)Add exclusion settings with the following command from Power Shell
Add-MpPreference -ExclusionPath "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0"
Set-MpPreference -ExclusionPath "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0"

I'm also curious about the differences in behavior inside and outside the company, but I couldn't find any information on the internet.

Is there anyone who has the same symptoms and solved the problem?
I would appreciate it if you could help me if you have any information.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,798 questions
Accepted answer
  1. Wesley Li-MSFT 4,386 Reputation points Microsoft Vendor
    2022-12-30T03:15:15.76+00:00

    Hello

    Thank you for posting in our Q&A forum.

    If we want to find the root cause of the problem, we need to know which application or service is hogging the MsMpEng.exe process.

    We can try to download Process Explorer to check which one is causing high CPU.
    https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

    Meanwhile, for high CPU issues, we can try to use the WPR tool (Windows Performance Recorder) to capture traces when the issue occurs.
    https://learn.microsoft.com/en-us/windows-hardware/test/wpt/windows-performance-recorder

    Best Regards,
    Wesley Li

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mark Derouen 5 Reputation points
    2023-08-24T16:08:01.5266667+00:00

    run this when the cpu is high to capture the offending item.

    (Get-MpPerformanceReport -Path c:\temp\Defender-scans.etl -Topscans 100).TopScans | Export-CSV -Path c:\temp\Defender-Topscans.csv -Encoding UTF8 -NoTypeInformation

    0 comments