FixHub
Windows

Antimalware Service Executable (MsMpEng.exe) High CPU? Fix It Without Disabling Defender

Published June 10, 2026 · by The FixHub Team

Antimalware Service Executable (MsMpEng.exe) — the Microsoft Defender Antivirus engine — is eating CPU (and sometimes RAM), making the PC sluggish, especially during file-heavy work.

Why the popular advice is a terrible idea: the top results tell you to permanently disable Defender, delete MsMpEng.exe, or kill its scan tasks. That leaves the machine unprotected — and on most PCs Defender is the only real-time protection there is. You don’t need to disable it; you need to find what it’s scanning so hard.

The right tool: Defender’s built-in Performance Analyzer. It records a scan session and tells you the exact files, file extensions, and processes driving the load — so you can add a few targeted exclusions instead of switching protection off.

Fix 1: Find the real culprit with Performance Analyzer

In admin PowerShell:

New-MpPerformanceRecording -RecordTo .\defender.etl

Reproduce the slowdown (or just let it run a couple of minutes during normal work), press Enter to stop, then read the top offenders:

Get-MpPerformanceReport -Path .\defender.etl -TopFiles 20 -TopExtensions 10 -TopProcesses 10

This names the worst paths/processes — usually a dev folder, a database, a backup target, or a VM disk being scanned repeatedly.

Fix 2: Add targeted exclusions (not a blanket off-switch)

For the specific trusted items Performance Analyzer flagged:

  • Settings → Privacy & security → Windows Security → Virus & threat protection → Manage settings → Exclusions → Add an exclusion.
  • Add the offending folder (e.g., your code repo, VM, or database directory), file type, or process — only ones you trust.

This keeps real-time protection on everywhere else while removing the hot path.

Fix 3: Let the initial/scheduled scan finish, and reschedule it

A brand-new PC (or one after a big update) runs a heavy first scan — let it complete once. To stop scans hammering you at the wrong time:

  • Task Scheduler → Microsoft → Windows → Windows Defender → Windows Defender Scheduled Scan → set a convenient time and untick “Wake the computer to run.”

Fix 4: The legitimate “exclude itself” tweak

If MsMpEng.exe shows up scanning its own activity in a loop, adding MsMpEng.exe as a process exclusion is a recognized, safe reduction (it doesn’t disable protection). Reboot afterward.

FAQ

Isn’t it easier to just turn Defender off? Easier, but it leaves you exposed, and Windows re-enables real-time protection automatically if no other AV is installed — so the “fix” doesn’t even stick. Exclusions are the supported answer.

High CPU only at certain times? That’s the scheduled scan — reschedule it (Fix 3). Constant high CPU points to a specific path Performance Analyzer will name (Fix 1).

Related: 100% disk, not CPU? If it’s disk usage pinned at 100% rather than Defender CPU, see Windows 11 stuck at 100% disk usage.

Sources: Microsoft Learn — Performance analyzer for Microsoft Defender Antivirus