High CPU usage from Windows Defender

Page 5 of 7 FirstFirst ... 34567 LastLast
  1.    09 Aug 2018 #41

    As I mentioned, I didn't really think that my issue with this was solved, even if that periodic CPU usage went away after manipulating the scheduled tasks. No matter what, the computer was clearly being bogged down by Defender, even when it wasn't visibly hogging the CPU.

    Then I read the post above here, from KF1983. So I stopped Defender in the Group Policy editor, and went looking for the files he mentioned. I found only one (mpenginedb.db), but it was in the subfolder "Scans", not at the location shown in his post. I guess the other mentioned files was removed automatically when I stopped Defender. There was a few cache files as well, and all had been recently written to, so I deleted those in addition to mpenginedb.db, which then was around 32 MB in size.

    Then I restarted Defender (again from the GPE) and rebooted the computer. And what can I say, this made a world of difference, it clearly fixed the issue for me (at least for now, it may of course return). mpenginedb.db was recreated, but it is now just 280 kB (but it most likely grows over time, I don't know).

    So thanks KF1983, you really made my day! Now I'm just hoping the problem doesn't return.
      My ComputerSystem Spec

  2.    10 Aug 2018 #42

    My bad, I blindly copied paths from the Reddit thread - of course files in question are in "Scans" subfolder.

    It's a shame that M$ does something like this every once in a while (for me about once per 1,5 year) and it takes HOURS (like >10) to figure out what's going on and clean up their mess.

    Anyway, glad I could help and I hope this solution proves to be permanent.
      My ComputerSystem Spec

  3.    10 Aug 2018 #43

    Hmm...thanks for continuing input on this issue.

    I currently have defeated Windows Defender real time scanning via a registry edit.

    But I might turn it back on if there is a workaround or if Microsoft fixes it.

    Regarding the suggested fix from KF1983, I notice I have 4 instances of MsMpEng.exe. See pic below.

    Note the 18705 folder that KF1983 mentions, plus an older 18502 folder that is not mentioned.

    Do all of you have these same 4 locations for MsMpEng.exe? I'm wondering which need to be deleted, if I were to try that fix--which I'm so far reluctant to do.
      My ComputerSystem Spec

  4.    10 Aug 2018 #44

    You are not going to delete msmpeng.exe! The key file to delete is mpenginedb.db, as outlined above.
      My ComputerSystem Spec

  5.    10 Aug 2018 #45

    As mroek said do not delete any of the executables!
    Kill MsMpEng.exe (Antimalware Service Executable) process with a tool like Process Hacker or stop it in the Group Policy editor.
    Then just navigate to C:\ProgramData\Microsoft\Windows Defender\Scans and delete mpenginedb.db and mpenginedb.db-wal.
    Last step - restart Antimalware Service Executable process.

    Let us know if that does the trick!
      My ComputerSystem Spec

  6.    10 Aug 2018 #46

    Gotcha....my confusion.

    But, is it standard to have msmpeng.exe in those 4 locations? KF1983 made no reference to the instance in folder 18502. I'm guessing the instances in WinSxS are normal?

    I also note that I have a "mpenginedb.db-shm" file in the scans folder. Is that standard and to be left alone?

    I am on Home and don't think I have access to Group Policy Editor. If I recall correctly from the other day, I was not able to kill the msmpeng.exe process from Task Manager. I got an "access denied" error. Therefore, I'd have to use Process Hacker? Where do I get that?

    I may or may not try KF1983's fix--a bit reluctant to fiddle since I have the real-time defeated by reg edit as of now.

    Thanks for continued comments.
      My ComputerSystem Spec

  7.    10 Aug 2018 #47

    I am guessing issues will return when mpenginedb.db grows over time (or maybe it gets corrupted somehow) (I hope to be wrong though). Good to know about this. Great work KF1983 and everyone else. I remember to have deleted those "outdated" wd platform folders and left only the latest one. As always, do a full backup copy of system partition just in case. To avoid the hassle of tinkering with wd process I boot up from an usb media (WinPE or Linux) and carefully delete files from there.

    PS - Still using AVAST Free with just the first two shields (always use custom installation on everything). I would love to see Windows Defender Improved though (easy access to "quarantine" and such, game mode maybe, better UI, more speed, etc).
      My ComputerSystem Spec

  8.    10 Aug 2018 #48

    ignatzatsonic said: View Post
    I have the real-time defeated by reg edit as of now..
    So your computer is without real-time protection. If that's fine by you or you have another antivirus that provides that feature you can just as well disregard the rest of my post and this thread altogether.

    Otherwise you may try following:
    1. https://processhacker.sourceforge.io/downloads.php - download, run, find and terminate MsMpEng.exe.
    2. Delete files that I mentioned. I'd also delete mpenginedb.db-shm for a good measure.
    If you want to be on a safe side, just move them somewhere, so that they can be restored if the need arises.
    3. Restart system. Enable real time protection.
    4. Let us know if that worked out for you.
      My ComputerSystem Spec

  9.    10 Aug 2018 #49


    I have real-time protection from Malwarebytes, although I realize it and Defender don't provide identical protection.

    Debating whether to proceed. I did make a Macrium image a week ago--which will of course contain the corruption or whatever is going on.
      My ComputerSystem Spec

  10.    10 Aug 2018 #50

    @ignatzatsonic: If disabling real-time protection in Defender solves the problem, then I am unsure if it is actually the same problem. In my testing, I saw no improvement from disabling the real-time protection. Adding certain exclusions helped a little, but not by much. It merely reduced the impact of the problem a little.

    The one thing that actually solved my issue was to delete the mpenginedb.db file. The other files mentioned was automatically removed when I disabled Defender in GPE, but if you can't use GPE, then do it as outlined by KF1983, and delete all mentioned files to be on the safe side.

    My system now runs perfectly again, and I have removed both the exclusions and enabled all the bells and whistles in Defender (cloud protection, automatic sample submission etc) just to test. No issues, so I can only conclude that mpenginedb.db either was corrupted or too big, where my money is on corrupted.

    I also have multiple instances of msmpeng.exe in different locations, just leave those alone.
      My ComputerSystem Spec

Page 5 of 7 FirstFirst ... 34567 LastLast

Related Threads
Recently whenever I open up Update & Security in Settings, it causes Antimalware Service Executable (aka Windows Defender) to flare up in CPU usage by 10-15% and slow down everything else on my computer for the next 10 or so seconds. If I back out...
Windows 10 high (70%) CPU usage in Performance & Maintenance
194971 The problem is that I don't know what is using so much CPU as you can see there is no name for this process. I have tried to use end task on the process but after about 10 minutes it will just come back. I really could you some help to...
Is this disk usage too high for windows 10? in Performance & Maintenance
Hi, As I'm typing this with no other apps running and a clean install of Windows 10 performed an hour ago I have 97% disk usage. wsappx is showing "1.8mb/s" in the task manager followed by a bunch of normal objects that show like 0mb/s or...
Windows 10 HIGH CPU Usage in Performance & Maintenance
I have done a clean install of Windows 10 Pro 64 bit and after my computer is on for about an hour or so a process in the task manager called "system and compressed memory" takes about 25-30% of my cpu cycles for no reason.It doesn't use much ram at...
Windows 10 High RAM usage in Performance & Maintenance
Can Somone help me, i have a RAM problem. since i downloaded windows 10 i have had a Ram usage problem. when i idle to long or watch a video/stream the Ram usage goes up. when i turn of my pc the normal way it takes like 2min befor it shuts down,...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 07:22.
Find Us