如果您在任务管理器(Task Manager)中看到了“ Antimalware Service Executable ”程序,请不要担心。它不是第三方服务或模仿防病毒软件的病毒。它是来自Windows的官方程序,可确保保护您的Windows PC。在这里,我们回答您对问题的所有疑问 - 什么是反恶意软件服务可执行文件(Antimalware Service Executable)( msmpeng.exe ) 以及为什么它在Windows 11/10CPU、磁盘(Disk)或内存(Memory)使用率?是病毒吗?我需要禁用它吗?在这篇文章中找到这些问题的所有答案。
Antimalware Service Executable进程在Windows 11/10Windows Defender防病毒中发挥着重要作用。据报道,此Antimalware Service Executable有时消耗的(Antimalware Service Executable)CPU处理能力远远超过其公平份额,甚至会影响您的计算机速度,使其达到蜗牛的速度。
什么是反恶意软件服务可执行文件(Antimalware Service Executable)(msmpeng.exe)
Windows 11/10 和Windows Defender现在集成在操作系统的核心中,并作为Windows Defender 防病毒系统(Windows Defender Antivirus System)启动,已经走过了漫长的道路。与许多其他需要在后台连续运行的程序一样,WDAS也在后台运行,名称为 Antimalware Service Executable ( MsMpEng.exe )。此过程有助于提供针对恶意软件和其他潜在威胁的实时保护。
如果由于某种原因,您在任务管理器中看到它比以往更消耗内存和 CPU(Task Manager consuming memory, and CPU more),请不要担心。很多时候,防病毒程序需要在后台运行计划扫描、检查文件是否存在恶意软件、运行时软件安装,并持续监控文件的更改。
交叉检查的最佳方法是在任务管理器(Task Manager)中右键单击程序名称,然后打开其文件位置。您会注意到它在C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0。您也可以手动调用Defender程序来执行扫描,这会增加CPU和内存(Memory)使用率。
Antimalware Service Executable 高 CPU(Antimalware Service Executable High CPU)、内存(Memory)、磁盘(Disk)使用率
我看到这个程序坐在后台,什么都不做。有时,我看到它消耗了 30% 的CPU使用率。如果您看到它占用了较高的CPU部分,则很可能是它正在后台扫描您的文件。这是为了确保潜在的病毒或恶意软件。
您会注意到这些类型的激增发生在某些事件中。当您的 PC 启动时,软件安装正在进行中,当您从 Internet 下载文件或在Outlook中查看带有附件的电子邮件时。
这个Antimalware Service Executable(Antimalware Service Executable)或Windows Defender最好的部分是它只 在您的 PC 空闲时进行后台扫描。这可确保您的 PC 在工作时不会变慢,并且在空闲阶段运行扫描可为程序提供使用更多 CPU 资源的优势。
如果您遇到这种CPU、磁盘或内存使用率过高的(high CPU, Disk, or Memory usage)问题,您可以尝试以下我们推荐的解决方案(不分先后顺序),看看这是否有助于解决CPU使用率过高的问题。
- 检查恶意软件感染
- 更改Windows Defender计划选项
- 将 Antimalware Service Executable 添加(Add Antimalware Service Executable)到 Windows Defender 的排除列表
- 运行系统文件检查器
- 禁用Windows Defender(不推荐)
让我们看一下关于列出的每个解决方案所涉及的过程的描述。
1]检查恶意软件感染
您的 PC 可能存在恶意软件感染案例,这会导致Windows Defender破坏您的计算机性能。在这种情况下,请使用任何 独立的按需 AV 扫描仪(standalone on-demand AV scanners)运行完整的系统扫描。您可能希望在启动时运行 Windows Defender 脱机扫描(run Windows Defender Offline Scan at boot time)或 使用可启动的 AntiVirus Rescue Media(use bootable AntiVirus Rescue Media)侵入性地清理您的系统。
 2]更改 Windows Defender(Change Windows Defender)计划选项
在某些情况下,由Antimalware Service Executable引起的高内存使用通常发生在Windows Defender运行完整扫描时。您可以配置作为计划任务运行的此扫描,在您不太可能感到CPU(CPU)耗尽的时候进行。
请执行下列操作:
- 按 Windows key + R调用“运行”对话框。
- 在“运行”对话框中,键入
taskschd.msc并按 Enter 以打开“任务计划程序(open Task Scheduler)” 。 - 在左侧窗格中,导航到以下路径:
Task Scheduler Library > Microsoft > Windows > Windows Defender
- 现在,在中间窗格中,双击Windows Defender 预设扫描(Windows Defender Scheduled Scan )条目。
- 在常规(General)选项卡上,取消选中以最高权限运行(Run with highest privileges )选项。
- 接下来,单击条件(Conditions)选项卡并取消选中该部分中的所有项目。
- 单击确定(OK )以清除您的计划扫描。
为了保护您的计算机,安排/创建一些新的扫描非常重要,但我们可以这样做,以减少对您系统性能的影响。
请执行下列操作:
- 双击 Windows Defender 预设扫描(Windows Defender Scheduled Scan )条目。
- 选择触发器( Triggers )选项卡。
- 单击新建( New )按钮。
您现在可以创建适合您需求的新扫描计划 - 选择在保护和系统效率之间取得平衡的选项。作为指导,我们建议(至少)在您不太可能注意到CPU使用率增加的时候每周扫描一次。
- 完成后单击确定(OK)。
- 对中间窗格中的其余三个服务(Windows Defender 缓存维护(Windows Defender Cache Maintenance)、Windows Defender 清理(Windows Defender Cleanup)、Windows Defender 验证)重复该过程。(Windows Defender Verification)
如果在您尝试此解决方案后问题仍然存在,请继续下一步。
3]将 Antimalware Service Executable 添加(Add Antimalware Service Executable)到Windows Defender排除列表
在扫描过程中,Windows Defender会检查您计算机上的每个文件——包括它自己。这有时会导致系统滞后。在这种情况下,您可以将Antimalware Service Executable添加到 Windows Defender 排除列表(add Antimalware Service Executable to Windows Defender exclusion list)。方法如下:
- 按 Windows key + R调用“运行”对话框。
- 在“运行”对话框中,键入
windowsdefender:Â 并按 Enter打开 Windows 安全中心(open Windows Security Center)。 - 单击左侧导航(Navigation)菜单上的病毒和威胁防护设置。(Virus & threat protection settings)(Virus & threat protection settings)
- 在病毒(Virus)和威胁防护设置页面中,向下滚动到排除(Exclusions)部分。
- 单击添加或删除排除项(Add or remove exclusions)链接。
- 在排除页面中,单击+ Add an exclusion按钮。
- 从菜单中选择处理。(Process)
- 在输入进程名称(Enter process name)字段中,键入Antimalware Service Executable。
- 单击添加(Add)按钮。
4]Â运行系统文件检查器
运行系统文件检查器可能有助于替换可能损坏的Defender文件。
相关(Related):修复 COM Surrogate 高 CPU 或磁盘使用率(Fix COM Surrogate high CPU or Disk usage)。
5]禁用Windows Defender(不推荐)
作为最后的手段,如果上述解决方案都没有产生任何积极的结果,您可以完全禁用Windows Defender。请记住,这样做会使您容易受到一系列网络攻击,因此在禁用 Windows Defender之前,您必须在 Windows 10 计算机上安装信誉良好且轻量级的第三方安全软件(third-party security software)。
禁用Antimalware Service Executable是否安全?
如上所述,我们不建议全部使用。我们支持的最大原因是它与第三方防病毒解决方案一起工作。它作为后台进程运行,并为您的系统提供坚实的保护层。在扫描文件时,它可以检测到恶意文件并立即通知您。这给了您足够的理由不禁用 Windows Defender。
当您安装第三方防病毒软件时,Windows Defender会自动禁用它。(Defender)
还有很多原因。Windows Defender是您在勒索(ransomware)软件方面获得的最后保护,它可以锁定您的文件。Microsoft已通过(Microsoft)OneDrive实现此功能,以确保您的文件安全且可以恢复。
如何阻止反恶意软件服务可执行文件使用高内存、CPU、磁盘使用(Disk Usage)?
但是,如果您觉得它占用了太多资源,您可以关闭实时保护。
转到Settings > Update和Security > Virus和威胁防护> Virus和威胁防护设置并禁用实时防护。当它没有找到您的 PC 上安装的任何防病毒(AntiVirus)软件时,它将自动启用它。
正如我所说,Windows Defender可与其他防病毒解决方案一起使用。即使它会自行禁用,它也会不时扫描您的 PC。它将找出您的主要防病毒解决方案可能遗漏的风险。
我希望这能解释什么是反恶意软件服务可执行文件(Antimalware Service Executable)。
阅读下一篇(Read next):服务和控制器应用程序 CPU 使用率高(Services and Controller app High CPU usage)。
Antimalware Service Executable High CPU, Memory, Disk usage
If yоu haνe seen the program “Antimalware Service Executable” in the Task Manager, don’t be worried. It’s not a third-party service or a virus mimicking an antivirus. It’s an official program from Windows which makes sure to secure your Windows PC. Here we answer all your queries for the question – What is Antimalware Service Executable (msmpeng.exe) and why does it show high CPU, Disk or Memory usage in Windows 11/10? Is it a virus? Do I need to disable it? Find all your answers to these questions in this post.
The Antimalware Service Executable process plays an important role in the Windows Defender antivirus that is native to Windows 11/10. This Antimalware Service Executable has been reported, at times, to be consuming far more than its fair share of CPU processing power, and can even impact your computer’s speed to a snail’s speed.
What is Antimalware Service Executable (msmpeng.exe)
Windows 11/10 and Windows Defender, now integrated within the core of OS, and primed as Windows Defender Antivirus System, has come a long way. Like many other programs that need to run continuously in the background, WDAS also runs in the background with the name of Antimalware Service Executable (MsMpEng.exe). This process helps offer real-time protection against malware and other potential threats.
If for some reason, you have seen it listed in the Task Manager consuming memory, and CPU more than ever, don’t be worried. Many a time the antivirus program needs to run the background with scheduled scanning, checking files for malware, runtime software installation, and continuously monitor files for changes.
The best way to cross-check is to right-click on the program name, when in Task Manager, and open its file location. You will notice that it’s available under C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0. You can also invoke the Defender program manually to perform the scan, and this will increase the CPU and Memory usage.
Antimalware Service Executable High CPU, Memory, Disk usage
I have seen this program sitting in the background, and doing nothing. At times, I have seen it consuming 30% CPU usage. If you have seen it taking a high CPU portion, the chances are that it is scanning your files in the background. This is to make sure of a potential virus or malware.
You will notice these types of surges happen at certain events. When your PC boots, software installation is in progress, when you download the file from the internet or check your emails in Outlook with attachments.
The best part of this Antimalware Service Executable or Windows Defender is that it only does background scans when your PC is sitting idle. This makes sure that your PC is not slow when you are working, and running scans in the idle stage gives the program advantage of using more CPU resources.
If you’re faced with this high CPU, Disk, or Memory usage issue, you can try our recommended solutions below in no particular order and see if that helps to resolve the high CPU usage issue.
- Check for malware infections
- Change Windows Defender scheduling options
- Add Antimalware Service Executable to Windows Defender’s exclusion list
- Run System File Checker
- Disable Windows Defender (not recommended)
Let’s take a look at the description of the process involved concerning each of the listed solutions.
1] Check for malware infections
It’s possible that your PC has a case of malware infection which is causing Windows Defender to disrupt your computer’s performance. In this case, run a full system scan using any standalone on-demand AV scanners. You may want to run Windows Defender Offline Scan at boot time or use bootable AntiVirus Rescue Media to invasively clean your system.
2] Change Windows Defender scheduling options
In some cases, the high memory usage caused by Antimalware Service Executable typically happens when Windows Defender is running a full scan. You can configure this scan that is run as a scheduled task, to take place at a time when you’re less likely to feel the drain on your CPU.
Do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog, type
taskschd.msc and hit Enter to open Task Scheduler. - On the left pane, navigate to the path below:
Task Scheduler Library > Microsoft > Windows > Windows Defender
- Now, in the middle pane, double-click the Windows Defender Scheduled Scan entry.
- On the General tab, uncheck Run with highest privileges option.
- Next, click the Conditions tab and uncheck all the items in the section.
- Click OK to clear your scheduled scans.
To protect your computer, it is important to schedule/create some new scans, but we can do this in a way that will reduce the impact on your system’s performance.
Do the following:
- Double-click Windows Defender Scheduled Scan entry.
- Select the Triggers tab.
- Click the New button.
You can now create a new scan schedule that suits your needs – selecting options that strike the balance between protection and system efficiency. As a guideline, we recommend (at minimum) weekly scans at a time when you’ll be unlikely to notice the increased CPU usage.
- Click OK when done.
- Repeat the process for the three remaining services (Windows Defender Cache Maintenance, Windows Defender Cleanup, Windows Defender Verification) in the middle pane.
If the issue still persists after you have tried this solution, proceed with the next.
3] Add Antimalware Service Executable to Windows Defender exclusion list
During its scans, Windows Defender checks every single file on your computer – including itself. This can occasionally result in system lag. In this case, you can add Antimalware Service Executable to Windows Defender exclusion list. Here’s how:
- Press Windows key + R to invoke the Run dialog box.
- In the Run dialog box, type
windowsdefender: and hit Enter to open Windows Security Center. - Click Virus & threat protection settings on the Navigation menu on the left.
- In the Virus & threat protection settings page, scroll down to the Exclusions section.
- Click the Add or remove exclusions link.
- In the Exclusions page, click the + Add an exclusion button.
- Select Process from the menu.
- In the Enter process name field, type Antimalware Service Executable.
- Click the Add button.
4] Run System File Checker
Running System File Checker may help replace potentially corrupted Defender files.
Related: Fix COM Surrogate high CPU or Disk usage.
5] Disable Windows Defender (not recommended)
As a last resort, if none of the above solutions yielded any positive result, you can disable Windows Defender altogether. Keep in mind that doing so leaves you vulnerable to a range of cyberattacks, so it’s critical that you install a reputable and lightweight third-party security software on your Windows 10 computer before disabling Windows Defender.
Is it safe to disable Antimalware Service Executable?
We do not recommend that all, as mentioned above. The biggest reason that goes into our support is that it works along with a third-party antivirus solution. It runs as a background process and offers your system a solid layer of protection. While scanning files it can detect a malicious file and immediately inform you about it. This gives you enough reason not to disable Windows Defender.
Windows Defender disables it automatically when you install a third-party antivirus.
There are many more reasons. Windows Defender is the last protection you have got when it comes to ransomware which can lock down your files. Microsoft has implemented this feature with OneDrive to make sure your files are safe and can be recovered back.
How do I stop antimalware service executable from using high memory, CPU, Disk Usage?
However, if you feel like it’s taking too much resources, you can turn off the real-time protection.
Go to Settings > Update & Security > Virus & threat protection > Virus & threat protection settings and disable Real-time protection. It will automatically enable it when it doesn’t find any AntiVirus software installed on your PC.
As I said, Windows Defender works along with other antivirus solutions. Even though it disables itself, from time to time, it will scan your PC. It will figure out risks that could have been missed by your primary antivirus solution.
I hope this explains what the Antimalware Service Executable is.
Read next: Services and Controller app High CPU usage.
