What is “Antimalware Service Executable” and How to Disable it
Learn what is the "Antimalware Service Executable" process on your Windows PC and whether should you disable it or not.
If you usually monitor where do the precious resources of your computer get used up from the Task Manager, you might have come across a service named “Antimalware Service Executable” or “msmpeng.exe” consuming a significant amount of RAM and/or disk usage.
Since the process is consuming a significant amount of resources, there is going to be some deterioration in the performance of the system and many of us cannot help but wonder, what exactly is the purpose of this service? Is the system infected with malware? and should you take any action on it or let Windows handle it by itself? Well, if you have been pondering over these questions, this guide will answer all of them.
Is “Antimalware Service Executable” a Malware?
Antimalware Service Executable as the name suggests protects your machine from harmful malware and it is a crucial process of Windows Defender. It runs in the background constantly to monitor your PC.
Moreover, the process only kicks in when you do not have a third-party antivirus installed on your system, as this ensures all Windows users are always protected against malicious and dangerous threats to their systems.
Even in the case where you have third-party antivirus software installed but is expired or not activated, the process will run in the background to ensure your machine’s complete safety.
Should you Disable Antimalware Service Executable?
As explained in the section above, Antimalware Service Executable is a vital service for your system if you do not have any third-party antivirus installed on your PC as it scans your PC in real-time and protects it against any kind of malware and threats.
Moreover, since the service is tightly integrated with Windows Defender, disabling it might also disable some other core functionalities of the Windows Defender and that might leave your system defenseless against viruses.
All in all, if you are not facing a major performance degradation when the service is running or the inconvenience is not too major depending on your personal use case, it is NOT recommended to disable the service at all.
When and How to Disable the Antimalware Service Executable
Though it is not recommended to disable the service, however, there can be scenarios where you already have a third-party antivirus installed and still, it is eating up your system resources or if the process always has a high consumption of resources and renders the system laggy or at times unusable, it makes sense to disable the service.
Even in such peculiar scenarios as described above, it is recommended that you disable the service temporarily in order to get your work done. However, if you notice a high amount of CPU usage by the process only at times and it returns back to normal usage, it simply means the process is actively scanning your secondary storage and is a normal behavior of the process.
For your ease of convenience, we have listed some ways to disable the process on your Windows machine. Though the list contains some ways to permanently disable the service, it is recommended you only disable the service temporarily.
Method 1: Turn Off Real-Time Protection from Windows Security
You can also turn off the Real-Time protection of Windows Defender which is constantly monitoring your system and also one of the major contributing factors that consume your system resources. However, you can only turn it off temporarily, as it will automatically turn itself back on as and when required.
To do so, head to the Start Menu and type Windows Security. Then from the search results, click on the ‘Windows Security’ tile to open the app.
Now, from the Windows Security window, make sure you have selected the ‘Virus & threat protection’ option present on the left sidebar.
After that, click on the ‘Manage settings’ option present under the ‘Virus & threat protection settings’ section.
Finally, locate the ‘Real-time protection’ section and click on the toggle switch present under the option to bring it to the ‘Off’ position.
Note: Real-time protection will be only disabled temporarily and it will again enable itself automatically.
Method 2: Change Windows Defender Schedule Using Task Scheduler
One of the solutions is to change the schedule of Windows Defender to a time where it doesn’t interrupt your work but also provides the system the necessary protection it needs.
To change the Windows Defender schedule, first, head to the Start Menu and type Task Scheduler to search for it. Then, from the search results, click on the ‘Task Scheduler; tile to open it.
Now, from the left section of the Task Scheduler window, double-click on the ‘Task Scheduler Library’ to expand the section.
After that, double-click on the ‘Microsoft’ folder to expand it further. Next, from the expanded list, click on the ‘Windows’ directory to continue.
Now, scroll down to locate the ‘Windows Defender’ folder from the list and click on it to select.
After that, from the middle pane of the Task Scheduler window, right-click on the ‘Windows Defender Scheduled Scans’ item and select the ‘Properties’ option from the context menu. This will open a separate window on your screen.
From the separately opened window, click on the ‘Triggers’ tab. Then, click on the ‘New’ button present at the bottom-left corner of the window to create a new trigger. This will again open a separate window on your screen.
Now, from the ‘New Trigger’ window, click on the drop-down menu following the ‘Begin the task’ field and select the ‘On a schedule’ option from the list.
After that, click on the radio button preceding the ‘Weekly’ option to select the weekly frequency. Then, from the right section of the window, set a time for the scan to run. After that, select the day you are less likely to use your computer for work.
Once you have set the time and the day of the week to run the Windows Defender, click on the ‘OK’ button present at the bottom right corner of the window to proceed.
Now, select any other triggers already present in the list apart from the one created by you, and then click on the ‘Delete’ button present in the bottom section of the window to delete them.
You have now successfully scheduled the Windows Defender scans out of your active time. This will enable you to use your machine without the performance impact of Windows Defender running in the background while also providing your system with the necessary protection.
Method 3: Disable Windows Defender from the Registry Editor
Disabling the Windows Defender from the Registry Editor is a permanent step until you manually revert the changes you made. It is definitely not recommended to disable the Windows Defender permanently, however, this fix can be used if you find the Antimalware Service Executable using an exorbitant amount of resources all the time.
First, head to the Start Menu and type Registry Editor to search for it. Then, from the search results, click on the ‘Registry Editor’ tile to open it.
After that, copy+paste the below-mentioned address in the address bar present on the Registry Editor window.
Now, from the left section of the window, locate and right-click on the ‘Windows Defender’ folder and hover over the ‘New’ option. Then, click to select the ‘DWORD’ option from the context menu.
Then, in the ‘Name’ field type DisableAntiSpyware, and in the ‘Value’ field type 1. Now, click on the ‘OK’ button present on the pane to save the file.
Now, restart your PC from the Start Menu and your Windows Defender should be disabled.
Method 4: Stop the Windows Defender Service
Though disabling the Windows Defender from the Registry Editor ought to do it for you, however, in case that is not able to stop the Antimalware Service Executable, you can always disable the service. Do note this does not disable the service permanently, it will be restarted automatically.
To do so, head to the Start Menu and type Services to search for it. Then, from the search results, click on the ‘Services’ tile to open it.
Now, scroll down and locate the ‘Windows Defender Antivirus Service’ from the list and right-click on it. Then, from the context menu, click on the ‘Stop’ option to stop the services temporarily.
There you people, using the above-mentioned easy-to-follow steps, you can disable the Antimalware Service Executable either temporarily or permanently; or you could choose to let Windows handle it since it is such an important process for your system.