ead_017

Revisiting MsMpEng.exe Antimalware service executable high resource usage

MsMpEng.exe – Antimalware service executable

I generally do not have any issues with Microsoft Security Essentials. It just works, and does its job quite well.  From time to time I notice some weird issues on my client computers, where MsMpEng.exe (Antimalware service executable) is using way too many and high resources and cpu time. (extra large amounts of memory and cpu time may even be 100%)

I had an original post here which may solve your issue as well:
http://www.1stbyte.com/2010/02/01/microsoft-security-essentials-msmpeng-exe-using-high-cpu-time/

That post says to exclude some directories from your scanning.  I have since found that, in the newer version of Microsoft Security Essentials, there are some options that have also helped.  We mainly want to tell MSSE that we only want to scan if the computer is not in use.  I also set to Limut CPU usage.

Check this option in the MSSE Settings tab, under Scheduled Scan:

“Start the scheduled scan only when my computer is on but not in use”

Open Microsoft Security Essentials and go to the Settings tab (shown below):

Next, in the Scheduled Scan settings on the left menu, look at the right side options and check the option box to only scan when my computer is not in use:

Security Essentials Settings – Make sure to Check this box

And last, save your changes:

Save your changes in Security Essentials

Save your changes in Security Essentials

I have tried this setting, and it does help.  But read my other post too, if this doesn’t help, maybe give that other option a shot.  Good luck!

 

  • Debbie

    What do you limit your CPU usage to?  I’m so annoyed by the MsMpEng resource hogging that I’m tempted to put it at 10%.  I just applied your original fix, so we’ll see how that works.  Thanks for the advice!

    • Anonymous

      I have mine set to 40%. Most of the time I don’t see it hogging resources anymore. I do see it on other people’s computers using more resources, Windows XP seems to be worse off than Windows 7, but I can’t say that with certainty, only my opinion.

      That limit is only for scanning, not real-time monitoring, as far as I know. And honestly, I can’t expect any antivirus product to be resource free, they’ve got a lot of work to do. But when they eat up 80 – 100% of your system, that’s stupid! My guess is that you’ve got something updating and MsMpEng is watching file changes and then checking them. Like a backup program? Or other software that is updating files a lot.

  • skinorth

    OK!  This is great if it works, and others report it does.

    But this seems rather unselective.  Does this not create a security hole as now the specified directories will not be scanned, and malware files can shelter in those locations?

  • Gracegrace55

    I have went everywhere and looked through everything before coming across your solutions…GOD BLESS YOU!!!
    It was not until I purchased and downloaded iolo System Mechanic that I realized there was an issue within the CPU usage and connected it to MSE.
    System Mechanic would take forever to load, if it loaded at all, then freeze continually, as did other programs. I would have to open task manager and click the option to reveal processes and alternate between windows there for it to unhang momentarily. NIGHTMARE!!!
    I also have a Dell Dimension 9100 that we custom ordered that keeps crashing. I am now wondering if it is not due to this issue. I am off to try this fix there and await the prognosis..lol.
    Thank you for sharing your wisdom and expertise with all of us who are not so gifted in this area. Clearly you have the heart of a teacher, but also that of a leader, ready to lead the way for those like myself who are in the dark concerning the deeper knowledge of computers.

  • Michel Merlin

    Find “Microsoft Antimalware” and exclude the 3 sub-folders

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-

    Greg, I just found your solution and applied it; I look forward to its
    result, which I think will be positive.

     

    However I spent some time finding the exact paths to exclude, so I suggest
    an improvement in your writing.

     

    Your previous post http://www.1stbyte.com/2010/02/01/microsoft-security-essentials-msmpeng-exe-using-high-cpu-time
    tells to open:

     

    C:ProgramDataMicrosoftMicrosoft
    AntimalwareC:ProgramDataMicrosoftMicrosoft Security
    EssentialsC:Program FilesMicrosoft Security Essentials

     

    but I found NO “C:ProgramData”, and was salvaged only after spending more
    time and stumbling on the precision posted by “asshole” http://www.1stbyte.com/2010/02/01/microsoft-security-essentials-msmpeng-exe-using-high-cpu-time#dsq-comment-154722653 on
    Sat 10 Apr 2010 01:04:

     

       by “c:programdata” do you mean “C:Documents and SettingsAll
    UsersApplication DataMicrosoft”? i run winxp and this is the only location i
    have “microsoft antimalware”.

     

    More replies suggest that these 3 sub-folders, “Microsoft Antimalware”,
    “Microsoft Security Essentials”, “Microsoft Security Essentials”, can be in a
    couple different locations depending on the OS (Windows XP or 7), version (Home,
    Professional, Ultimate), and on the security item involved (OneCare, Windows
    Defender, Microsoft Security Essentials, or possibly others).

     

    So I suggest you further improve your great advice by rewriting the
    following part:

     

    - Check your settings to have all items shown, none hidden

    - Search your system for a “Microsoft Antimalware” folder; there you should
    find the 3 involved sub-folders (“Microsoft Antimalware”, “Microsoft Security
    Essentials”, “Microsoft Security Essentials”)

    - In your Microsoft security item, find the relevant settings and change
    them to exclude from scanning the 3 sub-folders at stake.

     

    Versailles, Fri 05 Aug 2011 13:09:25 +0200

    • Anonymous

      Michel, thank you for taking the time to write up your suggestions. I don’t always think of everything and the fact that XP is different in many ways. I did update my post with some further instruction, which hopefully will save someone else the the extra hassle. Thanks again!

    • Michel Merlin

      Also exclude «Microsoft Security Client» (from Microsoft Security or Antimalware scan)
      ~–~–~–~–~–~–~–~- ~–~–~–~–~–~–~–~- ~–~–~–~–~–~–~–~- ~–~–~–~–~-
      Sorry for my error (that neither I nor anyone else has apparently noticed in 2 years). The above should read:

      « …find the 3 involved sub-folders (“Microsoft Antimalware”, “Microsoft Security Essentials”, “Microsoft Security Client”) »

      In addition the “Antimalware” parent folder is not always existing.

      Versailles, Mon 04 Nov 2013 17:19:00 +0100

  • http://about.me/DARKFiB3R DARKFiB3R

    Thanks for the info, none of that worked for me though :(

    What did work was changing a “Real-time protection” setting.

    Change the setting for “Monitor file and program activity on your computer” to “Monitor only outgoing files”.

    Instant drop from 50% cpu usage to 0%

    Not sure how much of a good idea it is to change that setting, but it works, and now my system is usable again. :)

  • Alan

    Thanks for the info, but I’m afraid on my Vista SP2 machine excluding the 3 directories you mention I still had one (of 2) CPU busy monitoring background activity.
    I used Sysinternals Process Explorer to see what the MsMpEng.exe process was killing itself over and the answer was to exclude a few other directories:
      C:WindowsPrefetch
      C:ProgramDataMicrosoftSearchDataApplicationsWindowsProjectsSystemIndexIndexer

      C:UsersuserAppDataLocalMicrosoftWindowsHistoryHistory.IE5

    Get Process Explorer here: http://download.sysinternals.com/files/ProcessExplorer.zip
    Be sure to Show Lower Pane (from View menu)

  • http://www.facebook.com/Reticuli Benjamin Goulart

    Doesn’t seem to help since Microsoft Antimalware Service will do stuff in the background even if Security Essentials isn’t running a scan.  Sometimes the only way to fix this is to go into Services and restart MAS.  If you have cpu usage significantly and continuously above 0% when all programs are closed and Security Essentials isn’t running a scan, then restart MAS under Services.msc.

  • http://www.facebook.com/Reticuli Benjamin Goulart

    If Security Essentials isn’t running a scan, all programs are closed, but you still have significant cpu usage, then Microsoft Antimalware Service may be stuck in a loop or doing something it shouldn’t.  Go into Services.msc and restart it.  That tends to fix the problem for me.  Before you do this, go into Processes under Task Manager and make sure something else like Word, Foobar, or Internet Explorer isn’t stuck and not shut off first.

  • Martin6

    I am running a Vista 64 bit machine. I was having 20% CPU usage while the machine was sitting idle and it was the MsMpEng.exe that was running. I went into MSSE under settings, excluded processes and and excluded it from scanning C:programfiles(x86)windows security client.exe. The machine went back to normal(0-2) cpu usage when resting and everything else appears normal. By doing this did I create other problems in the system, etc?

  • Hendrik

    It seems to be important to remove all remnants of previous anti-malware software as stated here http://experts.windows.com/w/experts_wiki/89.aspx
    Even after a clean installation of MSE and excluding files and processes as described in this blog, the MsMpEng.exe kept consuming up to 50% CPU. It was only after I had MSE do a full scan (took some hours) that this came down to normal (0 – 25%). I really hope it stays this way.
    Greetings from Germany