Share via

msmpeng.exe causing hdd usage to 100% on configuration manager clients

Rajiv Jindal 1 Reputation point
2022-01-25T17:52:54.943+00:00

We have 5400 SCCM computers which includes desktops and laptops in our school district. For last few months we have noticed our staff desktop running really slow. After some troubleshooting we have found most of time when desktop is slow MsMpENG.exe is running and disk utilization is at 100%. Full antimalware scan is scheduled to run at 10pm every Thursday. I have excluded MsMpENG.exe in Antimalware policy but it is not helping either. MsMpEng.exe still runs during the day on random computers and cause 100% disk usage.

Time being fix for specific machine would be to kill Windows Defender Scheduled Scan task in Task scheduler. Sometime Windows Defender Scheduled Scan is not even running but MsMpEng.exe still causing disk utilization of 100%. I have changed scheduled scan for different times but it didn't help. I have searched online and add exclusions as per suggested in custom antimalware policies.

168451-image.png

Need help or ideas to fix this issue or check a log where I can see if a file or process on conflict during scan.

I couldn't find problem specific tags so have to add Windows 10-network.

RJ

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,926 Reputation points
    2022-01-26T09:43:43.867+00:00

    Hello RajivJindal

    It is quite possible that other of the tasks related to Defender is involved. My recommendation would be ti configure the scheduled task out of working hours for Cache Maintenance, CleanUp and Verification Task.

    Another setting to try is to configure in the "Conditions" tab of the Task, to "Start only if the computer is idle for X minutes" so you can ensure that the user is not working at that moment.

    And about cleaning up some potential bad updates (corrupt signature in the repository, for instance) you can try the next in a test computer:

    From an elevated command prompt:

    Type in the following command and press “Enter”
    "%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -RemoveDefinitions -All
    Note: Keep the commas in the command

    After that, type in the following command and press “Enter”
    "%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -SignatureUpdate

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.