Microsoft Defender (aka Antimalware) using lots of CPU when machine becomes idle (via: MsMpEng.exe ISSUES! Using very high amounts of CPU, during scans – Microsoft Community)
Posted by jpluimers on 2015/06/08
When using Windows VMs on my MacBook Retina, often they’d start using excessive CPU after I switched back to my OS X screen.
This is very distracting, for instance during presentations, as it also starts humming the fans at close to 100 Hz (for non techies: nearly 6000 rpm).
When switching back to the VM, and going to Task Manager soon enough, I observed a MsMpEng+high+cpu+usage.
Since I knew this was caused by Windows Defender, I first tried to “Excluded files and locations” MsMpEng.exe, but that did not help.
My second thought was that it was caused by idle behaviour. Disabling that was indeed the cause. Since doing that was kind of hard to circumvent, here is how:
Circumventing immediate Idle scan (and high CPU usage) of Microsoft Defender
The standard settings screen of Microsoft Defender has no option to indicate its Idle behaviour, not even under the Advanced Settings:
No Idle settings in the Windows Defender Settings screen
Though Microsoft Security Essentials has an option for Scheduled Scan setting, that option seems to be gone in Windows Defender.
Luckily this got me going: MsMpEng.exe ISSUES! Using very high amounts of CPU, during scans – Microsoft Community.
- In Task Scheduler, go to Task Scheduler Library – Microsoft – Microsoft Antimalware
- Select MPIdleTask, right click and choose properties
- Go to the Conditions tab
- Change the drop-down for start the task only if the computer is idle for… to whatever you wish Ive changed mine to 1 hour so hopefully that’l mean itl end up checking the computer at night
I could verify this was probably the cause by entries like these in my "C:\Windows\Temp\MpCmdRun.log" file around the time of high CPU usage:
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\MpCmdRun.exe" Scan -ScheduleJob
Though the above steps are for Microsoft Security Essentials, it is close enough to Windows Defender for this to work:
- Run Task Scheduler through
"%windir%\system32\mmc.exe"%windir%\system32\taskschd.msc - Browse to
"Task Scheduler Library"->"Microsoft"->"Windows"->"Windows Defender" - Double click on
"Windows Defender Scheduled Scan" - Go to the
"Conditions"tab - Tick
"Start the task only if the computer is idle for"and give it a reasonable value - Ensure
"Wait for idle for"is much longer than"Start the task only if the computer is idle for" - Press
"OK"to save the changes
I want to stress that you need to ensure the “Wait for idle for” is much longer than the “Start only if the computer is idle for”, otherwise the Windows Defender Scheduled Scan will never run.
For completeness, some screenshots
Default settings for Windows Defender Scheduled Scan
Default Windows Defender Scheduled Scan properties
Modifed Windows Defender Scheduled Scan properties that will wait for a while after the machine becomes idle.
–jeroen
via:
- MsMpEng+high+cpu+usage.
- MsMpEng.exe ISSUES! Using very high amounts of CPU, during scans – Microsoft Community.
The Wiert Corner - irregular stream of stuff 
Leave a comment