Antimalware Service Executable (MsMpEng.exe) is the background process behind Windows Defender, your built-in antivirus. It's supposed to run quietly, but on some PCs it uses an excessive amount of CPU and memory, especially during scans. The good news is you can bring it back to earth without turning off your protection.

Understand Why It Happens

MsMpEng.exe spikes for a few reasons: it's running a scheduled scan, it's scanning its own folder (a known inefficiency), or it's processing files after a Windows Update. Short spikes are normal. If it's been running at high CPU for more than 30 minutes, that warrants action.

Exclude the MsMpEng.exe Process From Its Own Scanning

Windows Defender historically scanned its own files, creating a feedback loop. Fixing this is the single most effective step:

  1. Open Windows Security from the Start menu.
  2. Go to Virus & threat protection > Manage settings.
  3. Scroll down to Exclusions and click Add or remove exclusions.
  4. Click Add an exclusion > Process.
  5. Type MsMpEng.exe and click Add.

Reschedule the Full Scan to Off-Peak Hours

A full system scan is intensive by nature. Scheduling it for when you're not using the PC makes a big difference.

  1. Search for Task Scheduler in the Start menu and open it.
  2. Navigate to Task Scheduler Library > Microsoft > Windows > Windows Defender.
  3. Double-click Windows Defender Scheduled Scan.
  4. Go to the Triggers tab, select the existing trigger, click Edit, and change the time to 2:00 AM or another time when your PC is on but not in active use.

Adjust Real-Time Protection Scan Settings

If real-time protection is causing sustained CPU usage (not just during a scheduled scan):

  1. Open Windows Security > Virus & threat protection > Manage settings.
  2. Make sure Cloud-delivered protection is on — this reduces the amount of local processing needed because suspicious files are checked in the cloud rather than entirely on your CPU.

Check for Malware

Ironically, actual malware on your PC can cause Defender to work overtime. Run a full scan manually: Windows Security > Virus & threat protection > Scan options > Full scan. Let it finish and remove anything it finds.