Has your CPU been overworked or do you notice spikes in your PC’s temperature lately? If you’re not doing heavy computing or resource-intensive tasks on your computer when these issues happen, there is something wrong with your computer. What you can do is go to Task Manager and look at what processes are running on your computer.
One of the processes known for eating up all your available CPU is the msmpeng.exe process. According to user reports, the process can consume up to 100% of the CPU’s computing power, making the affected devices extremely slow, which heats up in return. This leads people into thinking that MsMpEng.exe is a malware that should be removed as soon as possible.
But is it really a malware? Or is MsMpEng.exe a safe file? This article will shed light on the MsMpEng.exe process which is often mistaken as a malicious process. You can read here information on what the process is about, why it is eating up your computer resources, and how to remove it from your computer, if necessary.
What is MsMpEng.exe?
MsMpEng.exe, also known as antimalware service executable, is a built-in antivirus, anti-malware, and spyware software in Windows 10/11. It is a core process of Windows Defender, an anti-spyware utility designed by Microsoft. It usually runs in the background and regularly scans for any suspicious virus. It also scans downloaded files and apps for the presence of malware.
Once suspicious items are detected, Windows Defender takes active steps to stop them from further infecting the entire system. It can either quarantine the infected items or remove them if they have been completely corrupted. MsMpEng.exe also implements measures to actively prevent malware infections by scanning the system for known viruses, worms, and Trojans.
Because it is running in the background, MsMpEng.exe can also be resource-hungry, which is why it is hogging so much of your CPU power, further causing computer slowdown, lags, freezes, and overheating. Unfortunately, terminating the MsMpEng.exe process will compromise your computer’s system security because Windows Defender plays a very crucial role in warding off malicious entities. You may only safely disable Windows Defender and MsMpEng.exe if a third-party security program is installed, in which case, Windows Defender turns off automatically.
Is MsMpEng.exe a Safe File?
The primary location of the MsMpEng.exe file is a subfolder under C:\Program Files, which is the C:\Program Files\Microsoft Security Client\ folder. Since it is a genuine file associated with Windows Defender, it should be a safe file. It is ironic how some users consider it as malicious when it is, in fact, a part of Windows’ built-in security client.
The reason that it is running in the background is because it is continuously scanning for threats on your computer. And once there are malicious items detected, the software acts automatically to contain or remove them. This is why MsMpEng.exe seems to be consuming a lot of your resources even when you’re not doing anything on your computer. This has made people think of it as a virus.
However, if you have Windows Defender running on your computer, then you don’t have to worry about this MsMpEng.exe process running in the background. But if you are not using Windows Defender and you see this app running under Task Manager, then you will need to investigate more to know whether this is malware or not.
How to Know If MsMpEng.exe is Not a Virus
Removing MsMpEng.exe immediately without identifying whether it is a virus or not can bring more damage to your computer. Keep in mind that MsMpEng.exe is a core process necessary for the proper functioning of Windows Defender, and deleting it hastily will lead to performance issues. If Windows Defender is currently running, the program will not work properly and you will encounter errors.
So how do you know whether the MsMpEng.exe process running on your computer is a virus or not? Your first clue would be Windows Defender. If Windows Defender is operating, then it is normal for the MsMpEng.exe process to be running. But if you’re using a third-party security software that does not use MsMpEng.exe, then you probably have malware on your computer.
The second clue is the location of the file. As mentioned earlier, the legitimate MsMpEng.exe file is located in the C:\Program Files\Microsoft Security Client\ folder. To know where the running MsMpEng.exe process is located, go to Task Manager, right-click on the MsMpEng.exe process, then choose Open file location. If the window that opens is different from the folder where the legitimate file is located, then that process is malicious.
Other factors you need to consider that might suggest that the MsMpEng.exe process is a virus, include:
- Ads popping up everywhere whenever the process is running
- Unusually slow computer
- Suspicious browser extensions installed or unauthorized changes to the default homepage and search engine
- Unfamiliar apps that got installed on your computer out of nowhere
When you get any of these symptoms when the MsMpEng.exe is running, then the process might be malicious and you need to get rid of it as soon as you can.
Should MsMpEng.exe Be Removed?
If the MsMpEng.exe on your computer is legitimate and it is being used by Windows Defender, then there should be no need to remove this process.
However, even the legitimate MsMpEng.exe process can still cause problems. If you think the process is giving you more trouble than it’s worth, there are several ways to prevent this process from consuming too much resources.
Here are some ways to troubleshoot a misbehaving MsMpEng.exe process:
Solution #1: Stop Windows Defender from Checking its Own Folder.
The more folders or directories Windows Defender has to scan, the longer the process will be and the more resources it will consume. Since the Windows Defender should be a safe folder, you don’t need to scan it again and again. To do this:
- Press the Windows key on your keyboard, then type in Virus & threat protection into the search box and click on Virus & threat protection from the search results.
- In the Windows Defender Security Center, click on Virus & threat protection settings.
- Scroll down and click Add or remove exclusions.
- Click on Add an exclusion > Folder.
- Copy this path into the field: C:\Program Files\Windows Defender into the box.
- Click Select Folder. This should exclude the Windows Defender folder from being scanned.
Close the window and see if the MsMpEng.exe process is still eating up a lot of your CPU resources.
Solution #2: Turn Off Real-Time Protection.
The reason why MsMpEng.exe is running in the background is because of the real-time protection feature. Here are the steps to turn it off:
- Open the Run dialog by pressing Windows + R, then type in taskschd.msc into the box.
- Press Enter.
- Navigate to Task Schedule Library > Microsoft > Windows.
- Scroll down to the bottom, then double-click on Windows Defender
- Right-click on Windows Defender Scheduled Scan, then choose Properties.
- Click on the General tab, uncheck Run with highest privileges.
- Click on the Conditions tab and uncheck all boxes.
- Click on the Triggers tab > New, then schedule your preferred Windows Defender scan.
Restart your computer and check if MsMpEng.exe is still causing you trouble.
Solution #3: Turn Off Windows Defender Using the Local Group Policy Editor.
If you’re not using Windows Defender or you want to use a different anti-malware software, you can disable it using the Local Group Policy Editor. Windows Defender is a pre-installed Windows feature so there is no way to directly uninstall or remove it from your computer.
To turn off Windows Defender, follow the steps below:
- On your keyboard, press Windows + R to open the Run dialog, then type gpedit.msc into the box.
- Press Enter.
- Navigate to Computer Configuration > Administrative Templates > Windows Components.
- Double-click Windows Defender Antivirus.
- Double-click Turn off Windows Defender Antivirus.
- Select Enabled > Apply > OK.
Restart your PC and see if it runs normally now.
MsMpEng.exe is not a virus but is actually a component of Windows Defender. But even though it is a legitimate process, it can cause some trouble for your computer because it can hog your computer resources. You can follow the solutions above to prevent it from consuming a lot of resources and resolve other performance issues it might cause. But if this process gives you more problems than benefits, you can turn it off completely and switch to a different security software. Make sure to delete all files associated with it using a PC cleaner to prevent incompatibility issues with the other antivirus program.