It is not recommended to permanently end Antimalware Service Executable — it is Microsoft Defender’s core real-time protection process. The safer route is reducing its resource impact through process exclusions and schedule tweaks that stop the CPU spikes without leaving your PC unprotected.
A Windows PC that suddenly sounds like a jet engine at idle. You open Task Manager and there it is: Antimalware Service Executable sitting at 30, 40, sometimes 90 percent CPU. It is the single most common performance complaint across Windows 10 and 11, and the first instinct is to end the process and be done with it. That instinct is wrong — but the frustration is completely reasonable. The fix is not killing Defender. The fix is making it behave.
What Is Antimalware Service Executable And Why Is It Using So Much CPU?
Antimalware Service Executable (process name MsMpEng.exe) is the background engine that runs Microsoft Defender Antivirus. It is responsible for real-time scanning of files, downloads, and running programs. When the system is idle, Defender runs scheduled scans and updates, which can spike CPU usage to 50 percent or higher. The process is aggressive by design — it trades a few seconds of fan noise for continuous protection — but on older hardware or during active use, that trade becomes a problem.
Three things typically trigger the high-usage state: a scheduled scan kicking off at login, Real-time protection scanning every file the system touches, or a corrupted Defender engine that gets stuck in a loop. Each has a different fix, and none requires disabling the antivirus permanently.
Can You Safely End Antimalware Service Executable?
No — and attempting to is a losing fight anyway. Ending the task in Task Manager works for about five seconds. Defender treats its own process as critical and restarts it almost immediately. Registry or Group Policy hacks that disable the service permanently are possible, but they leave the PC completely unprotected against new threats as they arrive. Microsoft does not support, recommend, or document permanent disablement as a solution for performance issues. The supported path is managing how and when Defender uses resources, not stopping it entirely.
How To Reduce Antimalware Service Executable’s Resource Usage
These three methods address the most common causes of high CPU usage. Start with the first one — it covers the widest range of scenarios — and move down only if the spike persists.
Method 1: Add MsMpEng.exe As A Process Exclusion
Adding an exclusion tells Defender to skip scanning its own engine file, which stops the recursive checking that often causes high CPU. Open Windows Security → Virus & threat protection → Virus & threat protection settings → Manage settings. Under Exclusions, click Add or remove exclusions → Add an exclusion → Process. Type MsMpEng.exe and confirm.
What you will see: the process appears in the exclusion list with a file icon and the name MsMpEng.exe. CPU usage from Defender usually drops within a minute as the scan loop stops. Note that this reduces scanning coverage for the Defender executable itself — a small security trade — but keeps Defender scanning everything else normally.
Method 2: Adjust The Scheduled Scan In Task Scheduler
The default scan schedule often triggers at system startup or during active hours, causing the 100 percent CPU spike many users describe. To move it to idle time: open Task Scheduler (search for it in the Start menu). Navigate to Task Scheduler Library → Microsoft → Windows → Windows Defender. Double-click Windows Defender Scheduled Scan. Under the Conditions tab, check Start the task only if the computer is idle for and set it to 15 minutes. Under the Triggers tab, you can also change the schedule to a time you are typically not using the PC.
What you will see: the scheduled scan now waits until the system is idle before launching. The login CPU spike stops immediately after the next reboot.
Method 3: Temporarily Disable Real-Time Protection
For gaming sessions, video rendering, or other CPU-intensive tasks, turning off Real-time protection for the duration of the session stops all Defender CPU activity. Open Windows Security → Virus & threat protection → Manage settings. Set Real-time protection to Off.
Critical gate: Windows automatically turns Real-time protection back on after a short period or on the next restart. This is not a permanent disable — it is a temporary pause for performance-sensitive tasks. The PC is unprotected while it is off, so only do this when you are running trusted software and re-enable it afterward.
What you will see: the toggle changes to gray, and CPU usage from Antimalware Service Executable drops to zero within seconds. When you return, Windows will prompt you to turn protection back on.
Below is a full comparison of every practical method for handling Antimalware Service Executable CPU usage, ranked by effectiveness and security impact.
| Method | How It Works | Best For |
|---|---|---|
| Add MsMpEng.exe Process Exclusion | Skips scanning Defender’s own engine file — stops recursive CPU loop | Ongoing 20–30% CPU drain that never drops |
| Adjust Scheduled Scan (Task Scheduler) | Moves scan to idle conditions; prevents startup CPU spike | 100% CPU at login or during active use |
| Temporarily Disable Real-Time Protection | Suspends live scanning for the current session | Gaming, rendering, or other CPU-intensive tasks |
| Run Full Offline Scan | Boots into recovery environment and clears hidden infections | CPU high after a known infection or suspicious file |
| Update Microsoft Defender Signatures | Ensures the engine is not stuck on outdated definitions | CPU spike after a Windows update |
| Repair System Files (SFC) | Fixes corrupted Windows files that can cause Defender loops | Spikes accompanied by other system instability |
| Group Policy / Registry Permanent Disable | Disables Defender entirely via policy or registry entry | Only when a third-party antivirus is already installed |
Microsoft’s official guidance emphasizes that exclusions and scan scheduling are the correct tools for managing this process, and that permanently disabling Defender is not recommended. The Microsoft Answers thread on high CPU usage walks through the exclusion steps in detail and confirms that the process should remain active for system security.
Methods That Do Not Work (Or Backfire)
Ending the task in Task Manager — the most common first move — does not work. The process re-spawns within seconds because Defender monitors its own service health. Uninstalling Microsoft Defender is not possible on standard Windows installations; it is an integrated component that Windows automatically reinstalls. Disabling the Windows Defender service in services.msc triggers a repair on the next system restart, and Windows re-enables it. Each of these routes either fails immediately or creates a protection gap that a single malicious download can exploit.
What To Do For Your Specific CPU Scenario
The right fix depends on when and how the CPU spike hits. Use the table below to match your situation to the method that will stop it fastest.
| What You Are Seeing | Most Likely Cause | Try This First |
|---|---|---|
| 100% CPU at every startup | Scheduled scan launching at boot | Adjust the scan in Task Scheduler (Method 2) |
| Constant 20–30% CPU that never drops | Defender scanning its own engine repeatedly | Add MsMpEng.exe as a process exclusion (Method 1) |
| CPU spikes only during gaming or video work | Real-time protection scanning every asset | Temporarily disable Real-time protection (Method 3) |
| High memory usage that builds over days | Defender stuck after an incomplete scan | Run a full offline scan from Windows Security |
| Process restarts immediately after ending it | Defender auto-recovery — normal behavior | Stop trying; use exclusions instead |
| CPU high after a Windows feature update | Engine reconfiguration or signature update | Update Defender signatures manually |
| Spikes on an old PC with 4 GB RAM or less | Defender competing with low system resources | Add process exclusion and limit scheduled scans to idle |
References & Sources
- Microsoft Answers. “High CPU usage because of Antimalware Service Executable” Official Microsoft forum response detailing exclusion steps and guidance.