Windows 10 includes built-in Microsoft Defender Antivirus, formerly known as Windows Defender. The “Antimalware Service Executable” process is Microsoft Defender’s background process. This program is also known as MsMpEng.exe, and is part of the Windows operating system.
This article is part of our ongoing series explaining various processes found in Task Manager, like Runtime Broker, svchost.exe, dwm.exe, ctfmon.exe, rundll32.exe, Adobe_Updater.exe, and many others. Don’t know what those services are? Better start reading!
What Is Antimalware Service Executable?
Microsoft Defender, formerly known as Windows Defender, is part of Windows 10 and is the successor to the free Microsoft Security Essentials antivirus for Windows 7. This ensures that all Windows 10 users always have an antivirus program installed and running, even if they haven’t chosen to install one. If you have an out-of-date antivirus application installed, Windows 10 will deactivate it and activate Microsoft Defender for you. Windows 11 includes the same Microsoft Defender antivirus software, too.
The Antimalware Service Executable process is Microsoft Defender’s background service, and it always remains running in the background. It’s responsible for checking files for malware when you access them, performing background system scans to check for dangerous software, installing antivirus definition updates, and anything else a security application like Defender needs to do.
While the process is named Antimalware Service Executable on the Processes tab in Task Manager, its file name is MsMpEng.exe, and you’ll see this on the Details tab.
You can configure Microsoft Defender, perform scans, and check its scan history from the Windows Security application included with Windows 10 and Windows 11. This application was formerly named the “Windows Defender Security Center.”
To launch it, use the “Windows Security” shortcut in the Start menu. You can also right-click the shield icon in the notification area on your taskbar and select “View Security Dashboard,” or head to Settings > Update & Security > Windows Security > Open Windows Security.
Why Is It Using So Much CPU?
If you see the Antimalware Service Executable process using a large amount of CPU or disk resources, it’s likely scanning your computer for malware. Like other antivirus tools, Microsoft Defender performs regular background scans of the files on your computer.
It also scans files when you open them, and regularly installs updates with information about new malware. This CPU usage could also indicate that it’s installing an update, or that you just opened a particularly large file Microsoft Defender needs some extra time to analyze.
Microsoft Defender generally performs background scans only when your computer is idle and isn’t being used. However, it may still use CPU resources performing updates or scanning files as you open them, even while you use your computer. But the background scans shouldn’t run while you’re using your PC.
This is all normal with any antivirus program, all of which need to use some system resources to check your PC and keep you protected.
Can I Disable It?
We do not recommend disabling the Microsoft Defender antivirus tool if you don’t have any other antivirus software installed. In fact, you can’t disable it permanently. You can open the Windows Security application from your Start menu, select “Virus & Threat Protection,” click “Manage Settings” under Virus & Threat protection settings, and disable “Real-Time Protection.” However, this is just temporary, and Microsoft Defender will re-enable itself after a short period of time if it doesn’t detect other antivirus apps installed.
Despite some misleading advice you’ll see online, Defender performs its scans as a system maintenance task you can’t disable. Disabling its tasks in the Task Scheduler won’t help. It will only permanently stop if you install another antivirus program to take its place.
If you do have another antivirus program installed (like Avira or BitDefender), Microsoft Defender will automatically disable itself and get out of your way. If you head to Windows Security > Virus & threat protection, you’ll see a message saying “You’re using other antivirus providers” if you have another antivirus program installed and activated. This means that Windows Defender is disabled. The process may run in the background, but it shouldn’t use CPU or disk resources attempting to scan your system.
However, there is a way to use both your antivirus program of choice and Microsoft Defender. On this same screen, you can expand “Microsoft Defender Antivirus options” and enable “Periodic scanning.” Defender will then perform regular background scans even while you’re using another antivirus program, providing a second opinion and potentially catching things your main antivirus might miss.
If you see Microsoft Defender using CPU even while you have other antivirus tools installed and want to stop it, head here and ensure the Periodic scanning feature is set to “Off.” If it doesn’t bother you, feel free to enable Periodic scanning—it’s another layer of protection and additional security. However, this feature is off by default.
Is It a Virus?
We haven’t seen any reports of viruses pretending to imitate the Antimalware Service Executable process. Microsoft Defender is itself an antivirus, so it should ideally stop any malware attempting to do this in its tracks. As long as you’re using Windows and have Microsoft Defender enabled, it’s normal for it to be running.
If you’re really concerned, you can always run a scan with another antivirus application to confirm nothing malicious is running on your PC.