msmpeng.exe is a Microsoft Emulator, and it is not recommended to use without any antivirus program on Windows.
msmpeng.exe is a legitimate Windows system process widely known to the general public because of the many computer problems it causes. A non-system process should start with a running program or a system startup script.
If msmpeng.exe can be seen running on your task manager at suspicious times, here's a step-by-step guide on what you should do next to fix this problem instantly and prevent it from happening again.
What is msmpeng.exe?
The MsMpEng.exe file is a Windows process that belongs to the Anti-malware service. It is the core process of Windows Defender's automatic protection service, included in the tool component of Microsoft AntiSpyware.
This file aims to detect and remove malicious software such as viruses, Trojans, worms, and rootkits. The application provides real-time protection against the installation of malware on your computer, scans all files when they are accessed, and enables you to schedule scans. The program's main goal is to protect your computer from outside threats, so it constantly runs in the background when you turn on your PC.
Can I Delete It?
This process is the default program of Microsoft's security software MSE and Windows Defender. It cannot be closed; you can only try to uninstall Microsoft security essentials to reduce its use. The memory occupied is between 20-100MB. It has become clear that msmpeng.exe will gradually reduce the memory occupied as the system runs, so you don't have to worry about it.
msmpeng.exe is a genuine Microsoft process that belongs to Microsoft Security Essentials (MSE). It is not a virus or spyware and should not be terminated unless suspected of causing problems on your PC or laptop computer.
Msmpeng stands for Microsoft Malware Protection Engine. The file runs in the background and protects your computer from malware by scanning files, emails, web pages, and instant messages for potential threats as they arrive on your computer or when requested.
Msmpeng.exe may cause problems such as high CPU usage and hard disk ejection. You can fix it by the following methods.
1. Perform a Security Scan
If you notice that the msmpeng.exe CPU usage rate is too high, it may run, and a virus has been found. First, use Windows Defender for a comprehensive check.
Use Windows Defender for a full scan.
Step 1: Open Windows Defender by clicking the Start button Picture of the Start button, clicking All Programs, and then clicking Windows Defender.
Step 2: In the left pane, click Quick Scan, and then click Scan Now.
Step 3: Follow the steps in the wizard to complete the scan process.
Step 4: If you receive a virus warning during scanning, pay more attention to it and remove it in time to avoid further damage to your computer.
2. Change Windows Defender Plan Settings.
Windows defenders can call the software of the msmpeng.exe process; closing defenders can reduce the use of msmpeng. But if you insist on doing this, it is recommended to install the three-party antivirus software first.
Step 1: On Windows, search and type Task Scheduler.
Step 2: Go to Task Scheduler Library in the left pane, expand the Microsoft folder, then the Windows folder, and click on the Windows Defender folder. Look for the Start Scan task in the middle pane.
Step 3: Double click on the Windows Defender Scheduled Scan from the windows defender folder in the middle pane.
Step 4: On the pop-up window, select the Condition tab. Uncheck all options and click OK. It will clear all the scheduled scans on your PC.
You can now schedule the windows defender scan. Here is how to:
Step 1: Double click the Windows Defender Scheduled Scan.
Step 2: In the window that opens up, select Triggers and then New.
Step 3: Set it to run on the day you want and set the time to a period when you are not using your computer.
Step 4: Click OK.
Step 5: Repeat these steps for the other two tasks: Windows Defender Cache Maintenance and Windows Defender Verification.
3. Disable Windows defender
You need to note that disabling your Windows Defender may leave you vulnerable to attacks from viruses and other malicious software if you do not have another antivirus program installed on your computer. It is not recommended for most users to leave their computers unprotected by an antivirus program.
To disable Windows Defender (through the registry editor):
Step 1: Press the Windows key + R to bring up the Run dialogue box
Step 2: Type Regedit, then press Enter on your keyboard.
Step 3: You should see a User Account Control window asking permission to open the registry editor. Click Yes.
Step 4: In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
Step 5: Double-click DisableAntiSpyware and set its value data to 1 (if a key by this name doesn't exist, right-click in the right pane and select New > DWORD (32-bit) Value and enter DisableAntiSpyware as the name)
Step 6: Close Registry Editor, restart your computer and check if the problem persists.
The defender list excludes msmpeng.exe.
Windows Defender checks all the files – including itself when scanned – which is a common cause of system lag. You can exclude Windows defender from scanning itself by simply adding it to the exclusion list.
To exclude this file from the Windows Defender scan,
Step 1: Press Ctrl +Shift + Esc to open Task Manager.
Step 2: Right-click on the Antimalware Service Executable. Select Open File Location.
Step 3: Copy the file name, Antimalware Service Executable, and add it to the exclusion list in windows defender settings.
Step 4: Open the window start menu and search Windows Defender. Click on the top result to Launch Window Defender Security Center.
Step 5: Click on virus and threat protection settings and scroll to Exclusions. Click Add or remove exclusions and select add an exclusion and then file, folder, etc.
Step 6: Choose the file you want to exclude by copying the name of that file from the task manager as described above; here, it is Antimalware Service Executable.
4. Uninstall MSE
Default installation path: The default installation path is a system disk:\Program Files\Microsoft Security Essentials
Uninstall from Control Panel
Step 1: Click Start, click Control Panel, and then double-click Programs and Features.
Step 2: Select Microsoft Security Essentials, and then click Uninstall.
Step 3: When prompted to confirm that you want to remove the program, click Yes.
5. Remove the MSSE folder
Step 1: Click Start, and then click Computer or My Computer (Windows XP).
Step 2: Open the C drive.
Step 3: Open the Program Files folder.
Step 4: If you see a folder named Microsoft Security Essentials, rename it as MSSEold or something similar to help you identify this folder as an older copy of MSE if you need it later on.
3. Remove the MSSE registry key
Step 1: Click Start, type Regedit in the Start Search box, and then press Enter
Step 2: Browse to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware
Step 3: Right-click the Microsoft Antimalware key and select Delete
Conclusion
Opening a malicious attachment can be one of the most common ways to pick up malware—after all, it's how viruses like the notorious Melissa spread. msmpeng rips off this trick by masquerading itself as a harmless Microsoft Word document and hiding its true purpose under the file extension .docm. It then copies itself as msmpeng.exe and covertly launches it to infect your computer.
What's worse is that this virus also disables Windows Automatic Update, which means it will likely remain undetected for an extended period if you're not already running a well-protected system. And even with an updated operating system and security software, msmpeng can still do damage.
