Forum Discussion
High CPU usage by Antimalware Service Executable (Windows Defender) on every login
Hello,
I am experiencing a persistent issue with Windows Defender. The background process Antimalware Service Executable (MsMpEng.exe) consumes extremely high CPU usage every time I log in, making the system nearly unusable.
The only temporary workaround I have found is disabling real-time protection, which immediately stops the high CPU usage. However, I do not want to permanently disable protection for security reasons.
Here is what I have already tried and what did not help:
Reducing Windows Defender CPU usage from 20 percent to 5 percent did not help, the process still uses most of the CPU.
Excluding my drives from scanning did not help, I excluded both drives I use but Defender still appears to be scanning something in the background.
Removing Windows Defender entirely seems like the only effective solution, but I understand this is not recommended since it is a built-in system component and could cause system issues.
For several months now, my routine has been logging in and manually turning off real-time protection just to be able to use my system, which is not a sustainable or secure solution.
Is there any way to resolve this issue while keeping Windows Defender enabled? Any guidance or recommended troubleshooting steps would be greatly appreciated.
2 Replies
Hello,
See if this fix helps you:
https://www.kapilarya.com/fix-antimalware-service-executable-msmpeng-exe-high-cpu-usage
Let us know if this helps!
Note: Included link in this reply refers to blog post by a trusted Microsoft MVP.
I’m assuming you’re on Windows 10, based on the tag. This is a known issue where Microsoft Defender can run a scheduled scan or get stuck rebuilding its scan cache right after login, which can cause MsMpEng.exe to use very high CPU even if exclusions and limits are already set. Microsoft has documented this behavior, especially after Defender updates.
A commonly recommended fix is to reset Defender’s scan cache. Stop the Microsoft Defender Antivirus Service, delete the contents of C:\ProgramData\Microsoft\Windows Defender\Scans, then start the service again and reboot. If that helps, you’ve likely found the cause. You can also temporarily disable the Windows Defender Scheduled Scan task to confirm it’s a scan running at logon, while keeping real-time protection enabled.
