Forum Discussion

Copper Contributor

Nov 16, 2022

antimalware Service Executable High CPU Usage

Hi, Recently we are experiencing that this process is causing high CPU. On several portals I read that this is quite normal and even worse some suggestions goes to disable Defender. However, we u...

microsoft defender for endpoint

Copper Contributor

Nov 16, 2022

How high is this high CPU usage? higher than normal usage is to be expected whenever a scan is being performed

yongrheemsft
Microsoft
Nov 16, 2022
davordmitric, as henryjs mentioned, it depends on when the high cpu usage occurs. If it's during a 'scheduled scan' (quick or full scan), then it would be expected. If it's not during a 'scheduled scan' or 'on-demand' scan, then there might be either an app compatibility where the app/script is doing something that MDE's AV (msmpeng.exe, Antimalware Service Executable, Microsoft Defender Antivirus Service, WInDefend) is observing. The Perf Analyzer for MDAV is the easiest way to figure out what's causing the high cpu usage. And where you could find what process/patch/extension you can add to provide relief.

The MDAV Perf Analyzer info is located here:
Announcing performance analyzer for Microsoft Defender Antivirus
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-performance-analyzer-for-microsoft-defender-antivirus/ba-p/2713911

Performance analyzer for Microsoft Defender Antivirus
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

Thanks,
Yong - MSFT
- davordmitric
  Copper Contributor
  Nov 17, 2022
  Thank you both, henryj and Yong for reply.
  I have to say it did happen outside scheduled scan period hence raising question about CPU usage, which was in that time almost 50%. However, MDAV Pref Analyser should possibly give us more insight.

Resources