W10 - Antimalware Service Executable


  1. Posts : 2
    Windows 10 Pro
       #1

    W10 - Antimalware Service Executable


    Starting to lose my mind here.

    I have a completely fresh install of W10 Pro (Ver. 1909) on a modern PC, and since day one I've been having almost daily issue with the "Antimalware Service Executable" process locking up my computer for 5-10 minutes when it comes out of sleep.

    Things I've done to try and fix this
    • Scheduled scans for once a week at night, while computer is not in use, and to wake itself if needed (it's always asleep; never off)
    • Entirely disabled Windows Defender (so it says) through the Group Policy Editor.


    However the process still runs as usual and makes my computer practically unusable for a time. I get the feeling it's Real-Time Protection that's causing the issue, however even with Defender entirely disabled, it still turns itself back on in my Security CP.

    I don't believe turning all these things off should really be the solution, considering this is a high end PC and my old laptop with has none of this issue nor do any of my work computers, but I'll nuke it if that's the easiest solution ..if someone can tell me how to actually do that.

    Someone please help me. =]
      My Computer


  2. Posts : 36,383
    Win 10 Pro (21H2) (2nd PC is 21H2)
       #2

    Hi, not suggesting this is a real solution, but you remind me of almost my first experience with Win 10 when Defender ran amok using huge amounts of CPU time. As I was trying to get Win 10 running for the first time I installed Avast. No problems thereafter.

    That said, there must be a better way as plenty rely on Defender without this sort of issue.

    First try something simple: from an admin command or powershell prompt run
    chkdsk c: /scan
    and report if any problems.

    You could have a look at the event viewer to see what Defender was doing:

    Right-click on the Start button and choose Event Viewer. Then navigate to Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational.

    1000 – Scan started
    1001 – Scan completed
    1002 – Scan stopped (canceled)
    1005 – Scan terminated due to error
    https://docs.microsoft.com/en-us/win...nder-antivirus

    You might need to set an exclusion- something Defender doesn't scan.

    Defender logs:
    https://answers.microsoft.com/en-us/...f-de93ae659225
    You should be able to find the logs here.

    C:\ProgramData\Microsoft\Windows Defender\Support
    ... I've run it several times with the same error. By chance I found an even better way I thought you may want to adress this issue with in the future:

    Run this command directly from the search field and a report is created in eventlog. Since it's more plain English it's very easy to figure out what's going on.

    %windir%\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx


    Or -you may be able to use e.g. Procmon (Process monitor) free from MS to produce a log so you can see what is being accessed (technical- hopefully there's an easier way).

    Another experiment: try disabling controlled folder access temporarily:
    Enable or Disable Controlled Folder Access in Windows 10
    Last edited by dalchina; 28 Apr 2020 at 00:27.
      My Computers


  3. Posts : 2
    Windows 10 Pro
    Thread Starter
       #3

    dalchina said:
    Hi, not suggesting this is a real solution, but ou remind me of almost my first experience with Win 10 when Defender ran amok using huge amounts of CPU time. As I was trying to get Win 10 running for the first time I installed Avast. No problems thereafter.
    Might have to. =|

    dalchina said:
    First try something simple: from an admin command or powershell prompt run
    chkdsk c: /scan
    and report if any problems.
    No problems found.

    dalchina said:
    You could have a look at the event viewer to see what Defender was doing:

    Right-click on the Start button and choose Event Viewer. Then navigate to Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational.

    1000 – Scan started
    1001 – Scan completed
    1002 – Scan stopped (canceled)
    1005 – Scan terminated due to error
    https://docs.microsoft.com/en-us/win...nder-antivirus

    You might need to set an exclusion- something Defender doesn't scan.

    Defender logs:
    https://answers.microsoft.com/en-us/...f-de93ae659225
    [COLOR=#333333]
    Found this, when it last gave me trouble:
    "Event ID 5000 - Windows Defender Antivirus Real-time Protection scanning for malware and other potentially unwanted software was enabled."

    So that ties it down to the Real-Time scanner..
      My Computer


  4. Posts : 36,383
    Win 10 Pro (21H2) (2nd PC is 21H2)
       #4

    locking up my computer for 5-10 minutes when it comes out of sleep.
    - is that CPU, disk or RAM use in particular? (task manager).

    You could try
    3 Ways to Limit Windows Defender CPU Usage in Windows 10 | Password Recovery

    and you could try modifying the schedule, and fix #2 is quite well known:
    How to fix ‘Antimalware Service Executable’ high CPU usage | Emsisoft | Security Blog
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:57.
Find Us




Windows 10 Forums