How to Disable Antimalware Service Executable (MsMpEng.exe) on Windows

If your PC is running slow and Task Manager shows Antimalware Service Executable hogging your CPU or RAM, you're not imagining things. This process is real, it's built into Windows, and it can genuinely impact performance — especially on older or lower-spec hardware. Here's what it actually is, why it behaves the way it does, and what your options are.

What Is Antimalware Service Executable?

Antimalware Service Executable (technically MsMpEng.exe) is the background process that powers Windows Defender — Microsoft's built-in antivirus and antimalware tool included in Windows 10 and Windows 11.

It handles:

• Real-time protection — scanning files as you open, download, or modify them
• Scheduled scans — periodic full or partial system scans
• Threat definitions updates — keeping malware signatures current

It's a legitimate Windows system process. If you see it in Task Manager, your system isn't infected — it is your security software.

Why Does It Use So Much CPU and RAM?

High resource usage from MsMpEng.exe is most noticeable in a few specific situations:

• During scheduled scans — Defender runs deep scans in the background, often defaulting to times when the system is "idle," which doesn't always match when you're actually away from the machine
• Scanning its own folder — A known Windows quirk where Defender scans itself unless excluded, creating a minor feedback loop
• On HDDs or slower storage — Read-intensive scanning hits mechanical drives much harder than SSDs
• Low RAM systems (4GB or under) — Real-time protection competes directly with open applications for memory
• After Windows updates — Definition file updates trigger additional scanning activity

Methods to Reduce or Disable Antimalware Service Executable

1. Exclude the Defender Folder from Scanning ⚙️

This is the lowest-risk fix and often resolves the self-scanning loop:

1. Open Windows Security → Virus & threat protection
2. Scroll to Virus & threat protection settings → Manage settings
3. Scroll to Exclusions → Add or remove exclusions
4. Add the folder: C:Program FilesWindows Defender

This won't disable protection — it just stops Defender from repeatedly scanning its own files.

2. Reschedule Automatic Scans

If the CPU spike happens at predictable times, the scheduled scan is likely the cause:

1. Open Task Scheduler (search it in the Start menu)
2. Navigate to: Task Scheduler Library > Microsoft > Windows > Windows Defender
3. Open Windows Defender Scheduled Scan
4. Under Conditions, uncheck Start the task only if the computer is idle
5. Under Triggers, modify the schedule to a time that works for you — late night, for example

This keeps protection active while moving the heavy lifting to off-hours.

3. Disable Real-Time Protection Temporarily

You can turn off real-time scanning through Windows Security:

1. Go to Windows Security → Virus & threat protection → Manage settings
2. Toggle Real-time protection to Off

Important: Windows 10 and 11 will automatically re-enable this after a period of time or on reboot. This is by design — Microsoft intentionally makes permanent disabling difficult through the standard UI.

4. Disable Windows Defender Permanently via Group Policy (Windows Pro/Enterprise Only)

On Windows 10/11 Pro or Enterprise, you can use the Local Group Policy Editor:

1. Press Win + R, type gpedit.msc, press Enter
2. Navigate to: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
3. Open Turn off Microsoft Defender Antivirus
4. Set it to Enabled (counterintuitively, "enabling" this policy disables Defender)
5. Restart your PC

This is not available on Windows Home editions.

5. Disable via Registry Editor (All Windows Editions)

For Home users without Group Policy access:

1. Press Win + R, type regedit, press Enter
2. Navigate to: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender
3. Right-click the right pane → New → DWORD (32-bit) Value
4. Name it DisableAntiSpyware and set the value to 1
5. Restart your PC

⚠️ Registry edits carry risk. An incorrect change can cause system instability. Back up the registry before making changes (File > Export in Registry Editor).

6. Install a Third-Party Antivirus

When you install a reputable third-party antivirus (such as those from well-known security vendors), Windows will automatically detect it and disable Windows Defender's real-time protection to avoid conflicts. The Antimalware Service Executable process will remain but run in a passive monitoring state with minimal resource impact.

This is the approach many users take when Defender's performance overhead is the core concern — it replaces the function rather than simply removing it.

What You Give Up by Disabling It

Disabling Defender entirely leaves your system without active protection unless a replacement is in place. On machines that are air-gapped, used offline, or already running dedicated security software, the calculus is different than on a daily-use machine connected to the internet.

The Variables That Determine the Right Approach 🖥️

Whether disabling or limiting Antimalware Service Executable makes sense depends on factors specific to your situation:

• Your hardware — the performance hit on a 2015 laptop with a spinning HDD and 4GB RAM is fundamentally different from the same process running on a modern machine with an NVMe SSD and 16GB RAM
• Your Windows edition — Home users don't have Group Policy access, which limits options
• Whether you have alternative protection — removing Defender without a replacement is a meaningful security decision
• Your use case — a development machine, a gaming rig, and a family browsing PC each carry different risk profiles and performance priorities
• How often and how severely the slowdown occurs — a brief spike during an idle scan is a different problem than constant CPU throttling during active use

The method that makes sense for one setup may be unnecessary, insufficient, or inappropriate for another.