Windows Defender: Resolving high Hard Disk Drive and CPU usage during scans

Summary: This article resolves Windows Defender scans that use up to 100% of the systems HDD (Hard Disk Drive) and CPU (Central Processing Unit).

Article Content


Symptoms

The following article deals with resolving an issue where the system locks up. Because the Windows Defender scan causes up to a 100% usage of the systems HDD (Hard Disk Drive) and CPU (Central Processing Unit).


Table of Contents:

  1. Is your system locking up during Windows Defender scans?
  2. Why is this happening?

 

Is your system locking up during Windows Defender scans?

 

Does your system lock up during Windows Defender Scans? When you check the system performance on an application such as the Process Explorer, is MsMpEng.exe showing excessive usage of the system resources? Does this take from 80% to 100% of the system resources, causing the system to grind to a slow crawl or lock up?


Back to Top


 

Why is this happening?

 

In the following sections, we share the different methods Microsoft recommends fixing MxMpEng.exe from causing high HDD and CPU usage on your system.

  • MsMpEng.exe is the core process of the Windows Defender Antimalware Application.
  • Windows Defender comes pre-installed on Windows 10 but is an optional download on older Operating Systems like Windows 7 and 8.
  • This issue with MsMpEng.exe taking 100% of the HDD and CPU usually occurs when Windows Defender is scanning the system for malware. The Windows Defender scan is getting stuck on a few files while checking malware. When that is happening, it should be restricted/disabled to bring it back to normal use.


Back to Top


 

Method I: Ensure that no other Adware, Antimalware or Antivirus software is installed or not fully removed

 

MsMpEng.exe - Its role is to scan files for spyware, and quarantine or remove them if they are suspicious. It also scans your system for known worms, harmful software, viruses, and other such programs.

SLN308113_en_US__1icon Note: Best practice is to have only ONE anti- Malware/Virus/Spyware program on your PC at one time. Do Not have multiple programs running or installed simultaneously. These programs conflict and find each other as files to be quarantined and deleted.
 

Windows Defender comes default installed with Windows 10.

That means any additional software will have been installed after Windows Defender - Windows defender will keep them from installing or running correctly.

  1. Right-click on the Start Icon and choose Control Panel from the menu.

  2. Go to Programs and Features and remove any of these types of programs that are listed there.

Windows Defender does not come installed with Windows 7 and 8.

Any software installed after Windows Defender - Windows defender will keep them from installing or running correctly.

If Windows Defender was installed after these other types of software - these software programs will keep Windows Defender from installing correctly.

  1. Open the Control Panel from the Start menu.

  2. Go to Programs and Features and remove any of these types of programs that are listed there, including Windows Defender.

  3. Install the program that you want to use, going forward.


Back to Top


 

Method II: Prevent Windows Defender from scanning a specific folder on your system

 

One reason for the high load is MsMpEng.exe scanning its folder. If you have a known folder on your system that is causing Windows Defender an issue, you can get Windows Defender to ignore it.

 
  1. Click on the Start Icon and type Windows Defender. Double-click on the icon when it appears in the search list

  2. Click on Settings and select Add an exclusion from the bottom of the window

  3. Choose Exclude a folder and enter the path of the desired directory. In this case C:\program files\windows defender

SLN308113_en_US__2msmpeng_exclusion_windowsdefender_BK

(Figure.1 Add an Exclusion Settings Window)

  1. Open Windows Defender then Tools and then Advanced Options

  2. Open Excluded Files and Locations

  3. Enter the path of the desired directory. In this case C:\program files\windows defender


Back to Top


 

Method III: Slow the scan by lowering the set affinity of Windows Defender on your system

 

You can set the MsMpEng.exe file to use a specific processor in the system to avoid high CPU usage. However, it cuts the scan speed of Windows defender and make it run slower than usual. If slow scan speed is better for you than having high CPU usage. Apply the following steps to set the affinity in limited mode.

 
  1. Open Task Manager

    • Right-click on the taskbar and select Task Manager.

    • Right-click on the Start Icon, select Task Manager.

    • Click the Start Icon and type Task Manager, click on the task manager icon from results.

  2. Go to the Details tab

  3. Right-click on the process name msmpeng.exe and select Set affinity

SLN308113_en_US__3msmpeng_affinities_task-manager_BK

(Figure.2 Set Affinity in Task Manager Window)

  1. Choose the CPU limit that you allow the process to use

  1. Open Task Manager

    • Right-click on the taskbar and select Task Manager.

    • Ctrl/Alt/Del pressed together gives an onscreen menu, select Task Manager.

    • Search for Task Manager, click on icon from results.

  2. Go to the Processes tab

  3. Right-click on the process msmpeng.exe and select Set affinity

  4. Choose which cores of the CPU you allow the process to use

SLN308113_en_US__1icon Note: For normal CPU usage, select 50% for MsMpEng.exe (i.e. 1 core of a dual-core CPU, 2 cores of a quad-core CPU, etc.)


Back to Top


 

Method IV: Disabling Windows Defender through group policies on your system

 

Disabling Windows Defender is a severe answer that solves your issue that is related to high CPU usage.

SLN308113_en_US__1icon Note: Your Systems protection suffers without any anti-virus software installed. If you disable Windows Defender, make sure you have another Antimalware application to install in its place. This can be either free or paid, but make sure you have something that is installed in Windows Defenders place.
  1. Open a Run Window and type gpedit.msc

    • Press the Windows and R key together.

    • Open the start menu and select Run

  2. This opens the Group Policy Editor. (This is usually only available on Pro and Enterprise editions. There are ways to install it on Home editions, but this article does not cover them.)

SLN308113_en_US__6msmpeng_group-policy_windowsdefender_BK

(Figure.3 The Group Policy Editor)

  1. Scroll down the left-hand side tree structure until you get to Computer Configuration, open it and got to Administrative Templates, then Windows Components and finally Windows Defender anti-virus

  2. In the right-hand side pane, double-click on Turn off Windows Defender anti-virus

  3. A Properties window opens, choose Enabled and click on Apply and OK to save the change, then close all the windows.


Back to Top


Article Properties


Last Published Date

21 Feb 2021

Version

3

Article Type

Solution

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters