Skip to content

What is msmpeng.exe and 5 Ways to Fix High CPU Disk Usage

msmpeng.exe is a Microsoft Emulator, and it is not recommended to use without any antivirus program on Windows.

msmpeng.exe is a legitimate Windows system process widely known to the general public because of the many computer problems it causes. A non-system process should start with a running program or a system startup script.

If msmpeng.exe can be seen running on your task manager at suspicious times, here's a step-by-step guide on what you should do next to fix this problem instantly and prevent it from happening again.

What is msmpeng.exe?

msmpeng exe overview

The MsMpEng.exe file is a Windows process that belongs to the Anti-malware service. It is the core process of Windows Defender's automatic protection service, included in the tool component of Microsoft AntiSpyware.

This file aims to detect and remove malicious software such as viruses, Trojans, worms, and rootkits. The application provides real-time protection against the installation of malware on your computer, scans all files when they are accessed, and enables you to schedule scans. The program's main goal is to protect your computer from outside threats, so it constantly runs in the background when you turn on your PC.

Can I Delete It?

This process is the default program of Microsoft's security software MSE and Windows Defender. It cannot be closed; you can only try to uninstall Microsoft security essentials to reduce its use. The memory occupied is between 20-100MB. It has become clear that msmpeng.exe will gradually reduce the memory occupied as the system runs, so you don't have to worry about it.

msmpeng.exe is a genuine Microsoft process that belongs to Microsoft Security Essentials (MSE). It is not a virus or spyware and should not be terminated unless suspected of causing problems on your PC or laptop computer.

Msmpeng stands for Microsoft Malware Protection Engine. The file runs in the background and protects your computer from malware by scanning files, emails, web pages, and instant messages for potential threats as they arrive on your computer or when requested.

Msmpeng.exe may cause problems such as high CPU usage and hard disk ejection. You can fix it by the following methods.

1. Perform a Security Scan

If you notice that the msmpeng.exe CPU usage rate is too high, it may run, and a virus has been found. First, use Windows Defender for a comprehensive check.

Use Windows Defender for a full scan.

Step 1: Open Windows Defender by clicking the Start button Picture of the Start button, clicking All Programs, and then clicking Windows Defender.

Windows Defender by clicking the Start button Picture

Step 2: In the left pane, click Quick Scan, and then click Scan Now.

In the left pane- click Quick Scan

Step 3: Follow the steps in the wizard to complete the scan process.

Follow the steps in the wizard

Step 4: If you receive a virus warning during scanning, pay more attention to it and remove it in time to avoid further damage to your computer.

2. Change Windows Defender Plan Settings.

Windows defenders can call the software of the msmpeng.exe process; closing defenders can reduce the use of msmpeng. But if you insist on doing this, it is recommended to install the three-party antivirus software first.

Step 1: On Windows, search and type Task Scheduler.

Search and type Task Scheduler

Step 2: Go to Task Scheduler Library in the left pane, expand the Microsoft folder, then the Windows folder, and click on the Windows Defender folder. Look for the Start Scan task in the middle pane.

Task Scheduler Library

Step 3: Double click on the Windows Defender Scheduled Scan from the windows defender folder in the middle pane.

Windows Defender Scheduled Scan

Windows defender schedule scan

Step 4: On the pop-up window, select the Condition tab. Uncheck all options and click OK. It will clear all the scheduled scans on your PC.

You can now schedule the windows defender scan. Here is how to:

Step 1: Double click the Windows Defender Scheduled Scan.

Windows defender schedule scan

Step 2: In the window that opens up, select Triggers and then New.

Select Triggers and then New

Step 3: Set it to run on the day you want and set the time to a period when you are not using your computer.

Set it to run on the day

Step 4: Click OK.

Step 5: Repeat these steps for the other two tasks: Windows Defender Cache Maintenance and Windows Defender Verification.

3. Disable Windows defender

You need to note that disabling your Windows Defender may leave you vulnerable to attacks from viruses and other malicious software if you do not have another antivirus program installed on your computer. It is not recommended for most users to leave their computers unprotected by an antivirus program.

To disable Windows Defender (through the registry editor):

Step 1: Press the Windows key + R to bring up the Run dialogue box

Step 2: Type Regedit, then press Enter on your keyboard.

Type Regedit- then press Enter

Step 3: You should see a User Account Control window asking permission to open the registry editor. Click Yes.

Step 4: In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.


Step 5: Double-click DisableAntiSpyware and set its value data to 1 (if a key by this name doesn't exist, right-click in the right pane and select New > DWORD (32-bit) Value and enter DisableAntiSpyware as the name)

Step 6: Close Registry Editor, restart your computer and check if the problem persists.

The defender list excludes msmpeng.exe.

Restart your computer

Windows Defender checks all the files – including itself when scanned – which is a common cause of system lag. You can exclude Windows defender from scanning itself by simply adding it to the exclusion list.

To exclude this file from the Windows Defender scan,

Step 1: Press Ctrl +Shift + Esc to open Task Manager.

Ctrl +Shift + Esc to open Task Manager

Step 2: Right-click on the Antimalware Service Executable. Select Open File Location.

Step 3: Copy the file name, Antimalware Service Executable, and add it to the exclusion list in windows defender settings.

Antimalware Service Executable

Step 4: Open the window start menu and search Windows Defender. Click on the top result to Launch Window Defender Security Center.

Open the window start menu

Step 5: Click on virus and threat protection settings and scroll to Exclusions. Click Add or remove exclusions and select add an exclusion and then file, folder, etc.

Click on virus

Step 6: Choose the file you want to exclude by copying the name of that file from the task manager as described above; here, it is Antimalware Service Executable.

Virus and Protection

4. Uninstall MSE

Default installation path: The default installation path is a system disk:\Program Files\Microsoft Security Essentials

Uninstall from Control Panel

Step 1: Click Start, click Control Panel, and then double-click Programs and Features.

Programs option in control panel

Step 2: Select Microsoft Security Essentials, and then click Uninstall.

Microsoft Security Essentials

Step 3: When prompted to confirm that you want to remove the program, click Yes.

5.  Remove the MSSE folder

Step 1: Click Start, and then click Computer or My Computer (Windows XP).

Computer or My Computer

Step 2: Open the C drive.

Step 3: Open the Program Files folder.

Open the Program Files folder

Step 4: If you see a folder named Microsoft Security Essentials, rename it as MSSEold or something similar to help you identify this folder as an older copy of MSE if you need it later on.

3. Remove the MSSE registry key

Step 1: Click Start, type Regedit in the Start Search box, and then press Enter

Regedit in the Star Search box

Step 2: Browse to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware

Disable Anti Spyware

Step 3: Right-click the Microsoft Antimalware key and select Delete


Opening a malicious attachment can be one of the most common ways to pick up malware—after all, it's how viruses like the notorious Melissa spread. msmpeng rips off this trick by masquerading itself as a harmless Microsoft Word document and hiding its true purpose under the file extension .docm. It then copies itself as msmpeng.exe and covertly launches it to infect your computer.

What's worse is that this virus also disables Windows Automatic Update, which means it will likely remain undetected for an extended period if you're not already running a well-protected system. And even with an updated operating system and security software, msmpeng can still do damage.