The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,534 other followers

Microsoft Defender (aka Antimalware) using lots of CPU when machine becomes idle (via: MsMpEng.exe ISSUES! Using very high amounts of CPU, during scans – Microsoft Community)

Posted by jpluimers on 2015/06/08

When using Windows VMs on my MacBook Retina, often they’d start using excessive CPU after I switched back to my OS X screen.

This is very distracting, for instance during presentations, as it also starts humming the fans at close to 100 Hz (for non techies: nearly 6000 rpm).

When switching back to the VM, and going to Task Manager soon enough, I observed a MsMpEng+high+cpu+usage.

Since I knew this was caused by Windows Defender, I first tried to “Excluded files and locations” MsMpEng.exe, but that did not help.

My second thought was that it was caused by idle behaviour. Disabling that was indeed the cause. Since doing that was kind of hard to circumvent, here is how:

Circumventing immediate Idle scan (and high CPU usage) of Microsoft Defender

The standard settings screen of Microsoft Defender has no option to indicate its Idle behaviour, not even under the Advanced Settings:

No Idle settings in the Windows Defender Settings screen

No Idle settings in the Windows Defender Settings screen

Though Microsoft Security Essentials has an option for Scheduled Scan setting, that option seems to be gone in Windows Defender.

Luckily this got me going: MsMpEng.exe ISSUES! Using very high amounts of CPU, during scans – Microsoft Community.

  1. In Task Scheduler, go to Task Scheduler Library – Microsoft – Microsoft Antimalware
  2. Select MPIdleTask, right click and choose properties
  3. Go to the Conditions tab
  4. Change the drop-down for start the task only if the computer is idle for… to whatever you wish Ive changed mine to 1 hour so hopefully that’l mean itl end up checking the computer at night

I could verify this was probably the cause by entries like these in my "C:\Windows\Temp\MpCmdRun.log" file around the time of high CPU usage:

MpCmdRun: Command Line: "C:\Program Files\Windows Defender\MpCmdRun.exe" Scan -ScheduleJob

Though the above steps are for Microsoft Security Essentials, it is close enough to Windows Defender for this to work:

  1. Run Task Scheduler through "%windir%\system32\mmc.exe" %windir%\system32\taskschd.msc
  2. Browse to "Task Scheduler Library" -> "Microsoft" -> "Windows" -> "Windows Defender"
  3. Double click on "Windows Defender Scheduled Scan"
  4. Go to the "Conditions" tab
  5. Tick "Start the task only if the computer is idle for" and give it a reasonable value
  6. Ensure "Wait for idle for" is much longer than "Start the task only if the computer is idle for"
  7. Press "OK" to save the changes

I want to stress that you need to ensure the “Wait for idle for” is much longer than the “Start only if the computer is idle for”, otherwise the Windows Defender Scheduled Scan will never run.

For completeness, some screenshots

Default settings for Windows Defender Scheduled Scan

Default settings for Windows Defender Scheduled Scan

Default Windows Defender Scheduled Scan properties

Default Windows Defender Scheduled Scan properties

Modifed Windows Defender Scheduled Scan properties that will wait for a while after the machine becomes idle.

Modifed Windows Defender Scheduled Scan properties that will wait for a while after the machine becomes idle.

–jeroen

via:

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: