A finger pressing a backlit Windows key on a PC keyboard.
Antimalware service executable is a part of the Microsoft Defender antivirus included with Windows. It scans files and processes in the background and updates virus definitions. You can disable it completely if you install another antivirus program to replace Microsoft Defender.

Windows 10 includes built-in Microsoft Defender Antivirus, formerly known as Windows Defender. The “Antimalware Service Executable” process is Microsoft Defender’s background process. This program is also known as MsMpEng.exe, and is part of the Windows operating system.

RELATED: What Is This Process and Why Is It Running on My PC?

This article is part of our ongoing series explaining various processes found in Task Manager, like Runtime Brokersvchost.exedwm.exectfmon.exerundll32.exeAdobe_Updater.exe, and many others. Don’t know what those services are? Better start reading!

What Is Antimalware Service Executable?

Microsoft Defender, formerly known as Windows Defender, is part of Windows 10 and is the successor to the free Microsoft Security Essentials antivirus for Windows 7. This ensures that all Windows 10 users always have an antivirus program installed and running, even if they haven’t chosen to install one. If you have an out-of-date antivirus application installed, Windows 10 will deactivate it and activate Microsoft Defender for you. Windows 11 includes the same Microsoft Defender antivirus software, too.

The Antimalware Service Executable process is Microsoft Defender’s background service, and it always remains running in the background. It’s responsible for checking files for malware when you access them, performing background system scans to check for dangerous software, installing antivirus definition updates, and anything else a security application like Defender needs to do.

The Antimalware Service Executable process using CPU resources in Windows 10's Task Manager.

While the process is named Antimalware Service Executable on the Processes tab in Task Manager, its file name is MsMpEng.exe, and you’ll see this on the Details tab.

You can configure Microsoft Defender, perform scans, and check its scan history from the Windows Security application included with Windows 10 and Windows 11. This application was formerly named the “Windows Defender Security Center.”

To launch it, use the “Windows Security” shortcut in the Start menu. You can also right-click the shield icon in the notification area on your taskbar and select “View Security Dashboard,” or head to Settings > Update & Security > Windows Security > Open Windows Security.

The Windows Security application showing Microsoft Defender's status.

RELATED: How to Use the Built-in Windows Defender Antivirus on Windows 10

Why Is It Using So Much CPU?

If you see the Antimalware Service Executable process using a large amount of CPU or disk resources, it’s likely scanning your computer for malware. Like other antivirus tools, Microsoft Defender performs regular background scans of the files on your computer.

It also scans files when you open them, and regularly installs updates with information about new malware. This CPU usage could also indicate that it’s installing an update, or that you just opened a particularly large file Microsoft Defender needs some extra time to analyze.

Microsoft Defender generally performs background scans only when your computer is idle and isn’t being used. However, it may still use CPU resources performing updates or scanning files as you open them, even while you use your computer. But the background scans shouldn’t run while you’re using your PC.

This is all normal with any antivirus program, all of which need to use some system resources to check your PC and keep you protected.

Can I Disable It?

We do not recommend disabling the Microsoft Defender antivirus tool if you don’t have any other antivirus software installed. In fact, you can’t disable it permanently. You can open the Windows Security application from your Start menu, select “Virus & Threat Protection,” click “Manage Settings” under Virus & Threat protection settings, and disable “Real-Time Protection.” However, this is just temporary, and Microsoft Defender will re-enable itself after a short period of time if it doesn’t detect other antivirus apps installed.

Despite some misleading advice you’ll see online, Defender performs its scans as a system maintenance task you can’t disable. Disabling its tasks in the Task Scheduler won’t help. It will only permanently stop if you install another antivirus program to take its place.

The "Real-time protection" option in Windows Security.

If you do have another antivirus program installed (like Avira or BitDefender), Microsoft Defender will automatically disable itself and get out of your way. If you head to Windows Security > Virus & threat protection, you’ll see a message saying “You’re using other antivirus providers” if you have another antivirus program installed and activated. This means that Windows Defender is disabled. The process may run in the background, but it shouldn’t use CPU or disk resources attempting to scan your system.

RELATED: How to Periodically Scan Your Computer With Windows Defender While Using Another Antivirus

However, there is a way to use both your antivirus program of choice and Microsoft Defender. On this same screen, you can expand “Microsoft Defender Antivirus options” and enable “Periodic scanning.” Defender will then perform regular background scans even while you’re using another antivirus program, providing a second opinion and potentially catching things your main antivirus might miss.

If you see Microsoft Defender using CPU even while you have other antivirus tools installed and want to stop it, head here and ensure the Periodic scanning feature is set to “Off.” If it doesn’t bother you, feel free to enable Periodic scanning—it’s another layer of protection and additional security. However, this feature is off by default.

The "Periodic scanning" option for Microsoft Defender Antivirus in Windows Security.

Is It a Virus?

We haven’t seen any reports of viruses pretending to imitate the Antimalware Service Executable process. Microsoft Defender is itself an antivirus, so it should ideally stop any malware attempting to do this in its tracks. As long as you’re using Windows and have Microsoft Defender enabled, it’s normal for it to be running.

If you’re really concerned, you can always run a scan with another antivirus application to confirm nothing malicious is running on your PC.

Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »