How to Disable Antimalware Service Executable

Using special permissions or go with another antivirus

Reading time icon 8 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

ESET HOME comes with all the security tools that you may ever need to protect your data and privacy, including:
  • Anti-theft support
  • Banking-level encryption
  • Advanced digital threat protection

Microsoft Defender is the built-in antimalware software on Windows, but many are wondering how to disable Antimalware Service Executable.

The Antimalware Service Executable, MsMpEng.exe runs even after users removed Microsoft’s AV tools, often leading to high CPU usage.

Can I turn off Antimalware Service Executable? If you don’t install any additional antivirus software, Windows Defender is the only thing that will protect your computer from malicious software. So, you should disable the service if it is causing you trouble, but purchase or install additional antivirus protection.

How do I permanently disable Antimalware Service Executable?

1. Get AdvancedRun software

Note icon NOTE
This isn’t a solution, it is a prerequisite software needed to complete most solutions, so be sure to have it downloaded and started when the instructions tell you to run it.
  1. Visit the Advanced Run download page.
  2. Next, download the software.
  3. Once the software is downloaded, extract it to a directory for quick and easy access.

Whenever the solution requires you to use Advanced Run, always do the following:

  1. Start the Advanced Run software by double-clicking it.
  2. Crucial: Always set Run as a TrustedInstaller.
  3. Follow further instructions from the solution.

2. Add exclusions to Windows Defender

  1. Press Windows key + S and type defender. Choose Windows Defender from the list of results.
  2. Click on Virus & threat protection. Next, click on Manage settings.
  3. After that, click on Add or remove exclusions in the Exclusions section.
  4. Click on the Add an exclusion button and select File.
  5. Go to the following directory and select MsMpEnd.exe in the following directory: C:\Program Files\Windows Defender

3. Create a batch script

Note icon NOTE
This solution will make system changes to your PC. Back up your files and create a System Restore point. We’re not responsible for any damage that might occur after using this solution.
  1. Open Notepad.
  2. Now paste the following code:
    @echo off
    ::Windows Defender
    reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
    ::WindowsSystemTray
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    ::System Guard
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
    ::WebThreatDefSvc
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "4" /f
    for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
    reg add "%%i" /v "Start" /t REG_DWORD /d "4" /f
    )
    ::
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /v "Debugger" /t REG_SZ /d "%%windir%%\System32\taskkill.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "1808" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "ModRiskFileTypes" /t REG_SZ /d ".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f
    reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    goto :EOF
  3. Click on File and choose Save as.
  4. Choose a save location. Set Save as type as All Files. Enter the save name as disabledefender.bat and save it.
  5. Start Advanced Run and configure it to run the file as TrustedInstaller.
  6. Set Run mode to Run .EXE File. Click three dots next to the Program to Run field.

  7. Select All files and choose disabledefender.bat file that you just created.
  8. Click the Run button and wait for the process to finish.

You can restore Windows Defender by creating a new script like this:

  1. Start Notepad and paste the following code:
    @echo off
    ::Windows Defender
    reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f
    ::WindowsSystemTray
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "%systemroot%\system32\SecurityHealthSystray.exe" /f
    ::SystemGuard
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f
    ::WebThreatDefSvc
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "2" /f
    for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
    reg add "%%i" /v "Start" /t REG_DWORD /d "2" /f
    )
    ::
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /f
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /f
    reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /f
    reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates" /f
    goto :EOF
  2. Click File and choose Save as.
  3. Set Save as type to All files. Name the file restoredefender.bat and save it.
  4. Start Advanced Run and run restoredefender.bat as TrustedInstaller.

4. Use the GitHub script

Note icon NOTE
Running any batch script comes with security risks, and we’re not responsible for any potential damages. You’re advised to create a backup before proceeding.
  1. Visit Tairiku’s GitHub page.
  2. Click on Code and select Download ZIP.
  3. Once the file is downloaded, extract it to a location that you can quickly access.
  4. Next, start Advanced Run and make sure you run it as TrustedInstaller.
  5. Set Run Mode to Run .EXE File and click three dots next to the Program to Run field.
     
  6. Select All files and choose the Microsoft Defender Disable.bat file that you downloaded.
  7. Lastly, click the Run button to run the script.

To revert the changes, repeat the steps but use the Microsoft Defender Enable.bat script instead.

5. Use Command Prompt

  1. Start Advanced Run and set it to run as TrustedInstaller.
  2. Set Run Mode to Command Prompt and click Run.
  3. Run the following command: "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -DisableService & sc config "WinDefend" depend= RpcSs-DISABLED
  4. Restart your PC.
  5. Optional: To revert the changes, use this command: sc config "WinDefend" depend= RpcSs & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -EnableService

If the previous commands didn’t work, use these commands instead:

  • To disable Windows Defender: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /v "DependOnService" /t REG_MULTI_SZ /d "RpcSs-DISABLED" /f
  • To enable Windows Defender: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /v "DependOnService" /t REG_MULTI_SZ /d "RpcSs" /f

6. Install a third-party antivirus

Antimalware Service Executable is a process closely related to Microsoft Defender.

However, Microsoft Defender won’t run side by side with a third-party antivirus, so if you’re having problems with Antimalware Service Executable, you might want to install a third-party antivirus.

After fixing the issue with the Defender process, you can safely use ESET antivirus software to provide high-end protection against online cyberattacks. Not only that, this valuable tool comes with the best low-resource usage.

You can also secure your Windows PC against new emerging malware, ransomware attacks, or financial-related threats while performing sensitive activities such as banking operations.

After you install a third-party antivirus, Microsoft Defender will automatically turn itself off, and your problem should be resolved.

ESET HOME Security Essential

Forget about the issues caused by Microsoft Defender and install this top-notch light antivirus.
Free Trial Visit Website

We hope our solutions helped you learn how to stop the Antimalware Service Executable and fix this problem for good.

Disabling this service is one of the necessary steps to fix the can’t turn off real-time protection on Windows 11 issue.

Even if you turn off Antimalware Service Executable, don’t leave your system unprotected. You can use any antivirus software option from the best antivirus with an unlimited license list.

Before you go, don’t miss our guide on Msmpeng.exe high memory usage since it covers a similar subject.

For more suggestions or questions, don’t hesitate to leave them in the comments section below, and we’ll be sure to check them out.

More about the topics: Windows Defender issues

User forum

27 messages