Forum Discussion

philippwree's avatar
philippwree
Copper Contributor
Jul 09, 2020

Limit Windows Defender CPU Usage

I have the problem that our Clients use too much CPU during a FullScan. Actually, the usage is limited to 20%, but the setting seems to have no effect. Whether I set it via Configuration Manager or G...
mongrel15's avatar
mongrel15
Copper Contributor
Oct 14, 2020

Daniel_Larsson In your antimalware policy under “Scheduled Scans”, switch the option “Start a scheduled scan only when the computer is idle” to no. That solved the problem for us.
It seems that the check by Microsoft is flawed. If Endpoint thinks the system is idle, he ignores the CPU limit.

 

AJP123's avatar
AJP123
Copper Contributor
Jan 15, 2021

mongrel15 

Changing the following setting to NO doesn't make any difference for us -  "Start a scheduled scan only when the computer is idle” / "“ScanOnlyIfIdle”  doesn't make any difference for us.

 

I tried setting "AvgCPULoadFactor"n in the registry to 1% and it would still hit up to 68%.

 

  • Salbert89's avatar
    Salbert89
    Copper Contributor
    Apr 13, 2021

    AJP123 

    Hey,

    based on the docs article for Set-MpPreference, its not a hard limit, see text below.

     

    https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2019-ps&viewFallbackFrom=win10-ps

     

    -ScanAvgCPULoadFactor

    Specifies the maximum percentage CPU usage for a scan. The acceptable values for this parameter are: integers from 5 through 100, and the value 0, which disables CPU throttling. Windows Defender does not exceed the percentage of CPU usage that you specify. The default value is 50.

    Note: This is not a hard limit but rather a guidance for the scanning engine to not exceed this maximum on average.

    • Daniel_Larsson's avatar
      Daniel_Larsson
      Copper Contributor
      Apr 13, 2021

      Salbert89  It really should be a hard limit though... 

       

      I have a bunch of HP computers that completely ignores it and becomes useless everytime they run a fullscan. It's not model specific, OS specific or anything else from what we can tell, its like 1 in 50 machines just does not give a ****. We can tell they have all the settings, but it just goes to 99% CPU and stays there... leaving the users to get angry and restarts the computers to be able to continue working.

       

      I have looked all over the internet for a solution to this, and tried them all, Nothing works.

       

      • MAlv68's avatar
        MAlv68
        Copper Contributor
        May 05, 2021
        I also have the same issue. I understand that the value set in -ScanAvgCPULoadFactor is not a "hard value" but is used as an average for the duration of the scan. (-ScanAvgCPULoadFactor Specifies the maximum percentage CPU usage for a scan. The acceptable values for this parameter are: integers from 5 through 100, and the value 0, which disables CPU throttling. Windows Defender does not exceed the percentage of CPU usage that you specify. The default value is 50.

        Note: This is not a hard limit but rather a guidance for the scanning engine to not exceed this maximum on average.)

        However, when the process utilizes 90% and above for several minutes, I find it hard to believe that the average will fall below my customized threshold of 30%. Is there a performance log that can be checked after a scan completes?

        Thanks!
    • AJP_UK's avatar
      AJP_UK
      Brass Contributor
      Apr 13, 2021

      Salbert89 Thanks, yes. There were two microsoft docs related to this setting. One said it was a hard limit and one said it was not. I contributed to both docs about the difference and they changed the one that said it was a hard limit to say it wasn't.

Resources