How to Disable Antimalware Service Executable

Using special permissions or go with another antivirus

by Madalina Dinita
Madalina Dinita
Madalina Dinita
Windows & Software Expert
Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer. She is interested in all things technology, especially emerging technologies... read more
Affiliate Disclosure
  • The Antimalware Service Executable is a Windows Defender process from Windows 10.
  • If this service uses too many resources, you can stop it by modifying the registry.
  • You can also disable this task by using a built-in command-line tool from your OS.
ESET Antivirus comes with all the security tools that you may ever need to protect your data and privacy, including:
  • Anti-theft support
  • Webcam protection
  • Intuitive setup and UI
  • Multi-platform support
  • Banking-level encryption
  • Low system requirements
  • Advanced anti-malware protection

An antivirus program needs to be fast, efficient, and cost-effective, and this one has them all.

Microsoft Defender is the built-in antimalware software on Windows, but many are wondering how to disable Antimalware Service Executable.

The Antimalware Service Executable, MsMpEng.exe runs even after users removed Microsoft’s AV tools, often leading to high CPU usage.

I don’t want an antimalware. […] So far I tried turning off Windows Defender, but the process is still running. My last resort would be deleting MsMpEng.exe from C:\Program Files\Windows Defender.

If I try to end it from Task Manager, it says The operation could not be completed… Access is denied. I really do not want it running and I feel that it is slowing down my computer. How can I turn it off?

This is why many want to disable it, and in this guide, we’re going to show you how to do it.

Why is Antimalware Service Executable always running?

Antimalware Service Executable is associated with Microsoft Defender, and many Windows 10 users reported issues with this process.

It is designed to operate in the background so that it can scan files and applications at varying intervals. When a virus or other harmful attack is found, the executable will either delete it or put it in quarantine.

Speaking of cases, these are some common problems that users reported:

  • Antimalware Service Executable causes high memory and memory leak – Many users reported memory issues due to this service. To fix the problem, it’s advised to disable Microsoft Defender and check if that solves the issue.
  • Antimalware Service Executable high disk usage – Several users reported high CPU and disk usage due to this error. However, you can fix the issue simply by installing a third-party antivirus.
  • Antimalware Service Executable issues on Windows 8.1 and 7 – This process can affect Windows 8.1 and 7. Still, even if you’re not using Windows 10, you should be able to fix the problem with one of our solutions.
  • Antimalware Service Executable running all the time, slowing down computer – Many users reported that this service keeps running all the time on their PC. However, you should be able to fix that using one of our solutions.
  • Antimalware Service Executable can’t end task – If you can’t complete this task on your PC, you’ll have to disable or delete Microsoft Defender to solve the problem.
  • Disable antimalware service executable in Windows 11, 10, server 2019 – The methods below are applicable in all Windows iterations, so make sure to refer to them.
  • Disable antimalware service executable causes high CPU – Follow the solutions below to permanently disable this process.

Can I turn off Antimalware Service Executable?

Remember that if you don’t install any additional antivirus software, Windows Defender is the only thing that will protect your computer from malicious software. So, you should disable the service if it is causing you trouble, but purchase or install additional antivirus protection.

What happens if I disable antimalware? If you disable msmpeng.exe, your computer is more likely to become infected with digital viruses that, had it not been disabled, would have been dealt with in the background in a more discrete manner.

For that reason, it is more responsible to get a performant antivirus solution that can highly secure your PC from unwanted programs, damaging malware, or phishing attacks. Plus, you will get more reliable virus detection and removal than using Windows built-in antivirus.

➡️ Get ESET Internet Security

In this article

How do I permanently disable Antimalware Service Executable?

1. Get AdvancedRun software

Note icon NOTE
This isn’t a solution, it is a prerequisite software needed to complete most solutions, so be sure to have it downloaded and started when the instructions tell you to run it.
  1. Visit the Advanced Run download page.
  2. Next, download the software.
  3. Once the software is downloaded, extract it to a directory for quick and easy access.

Whenever the solution requires you to use Advanced Run, always do the following:

  1. Start the Advanced Run software by double-clicking it.
  2. Crucial: Always set Run as a TrustedInstaller.
  3. Follow further instructions from the solution.

2. Add exclusions to Windows Defender

  1. Press Windows key + S and type defender. Choose Windows Defender from the list of results.
  2. Click on Virus & threat protection. Next, click on Manage settings.
  3. After that, click on Add or remove exclusions in the Exclusions section.
  4. Click on the Add an exclusion button and select File.
  5. Go to the following directory and select MsMpEnd.exe in the following directory: C:\Program Files\Windows Defender

3. Create a batch script

Note icon NOTE
This solution will make system changes to your PC. Back up your files and create a System Restore point. We’re not responsible for any damage that might occur after using this solution.
  1. Open Notepad.
  2. Now paste the following code:
    @echo off
    ::Windows Defender
    reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    ::System Guard
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "4" /f
    for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
    reg add "%%i" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /v "Debugger" /t REG_SZ /d "%%windir%%\System32\taskkill.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "1808" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "ModRiskFileTypes" /t REG_SZ /d ".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f
    reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
    goto :EOF
  3. Click on File and choose Save as.
  4. Choose a save location. Set Save as type as All Files. Enter the save name as disabledefender.bat and save it.
  5. Start Advanced Run and configure it to run the file as TrustedInstaller.
  6. Set Run mode to Run .EXE File. Click three dots next to the Program to Run field.

  7. Select All files and choose disabledefender.bat file that you just created.
  8. Click the Run button and wait for the process to finish.

You can restore Windows Defender by creating a new script like this:

  1. Start Notepad and paste the following code:
    @echo off
    ::Windows Defender
    reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "%systemroot%\system32\SecurityHealthSystray.exe" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "3" /f
    reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "2" /f
    for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
    reg add "%%i" /v "Start" /t REG_DWORD /d "2" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /f
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /f
    reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /f
    reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates" /f
    goto :EOF
  2. Click File and choose Save as.
  3. Set Save as type to All files. Name the file restoredefender.bat and save it.
  4. Start Advanced Run and run restoredefender.bat as TrustedInstaller.

4. Use the GitHub script

Note icon NOTE
Running any batch script comes with security risks, and we’re not responsible for any potential damages. You’re advised to create a backup before proceeding.
  1. Visit Tairiku’s GitHub page.
  2. Click on Code and select Download ZIP.
  3. Once the file is downloaded, extract it to a location that you can quickly access.
  4. Next, start Advanced Run and make sure you run it as TrustedInstaller.
  5. Set Run Mode to Run .EXE File and click three dots next to the Program to Run field.
  6. Select All files and choose the Microsoft Defender Disable.bat file that you downloaded.
  7. Lastly, click the Run button to run the script.

To revert the changes, repeat the steps but use the Microsoft Defender Enable.bat script instead.

5. Use Command Prompt

  1. Start Advanced Run and set it to run as TrustedInstaller.
  2. Set Run Mode to Command Prompt and click Run.
  3. Run the following command: "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -DisableService & sc config "WinDefend" depend= RpcSs-DISABLED
  4. Restart your PC.
  5. Optional: To revert the changes, use this command: sc config "WinDefend" depend= RpcSs & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -EnableService

If the previous commands didn’t work, use these commands instead:

  • To disable Windows Defender: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /v "DependOnService" /t REG_MULTI_SZ /d "RpcSs-DISABLED" /f
  • To enable Windows Defender: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /v "DependOnService" /t REG_MULTI_SZ /d "RpcSs" /f

6. Install a third-party antivirus

Antimalware Service Executable is a process closely related to Microsoft Defender.

However, Microsoft Defender won’t run side by side with a third-party antivirus, so if you’re having problems with Antimalware Service Executable, you might want to install a third-party antivirus.

After fixing the issue with the Defender process, you can safely use ESET antivirus software to provide high-end protection against online cyberattacks. Not only that, this valuable tool comes with the best low-resource usage.

You can also secure your Windows PC against new emerging malware, ransomware attacks, or financial-related threats while performing sensitive activities such as banking operations.

After you install a third-party antivirus, Microsoft Defender will automatically turn itself off, and your problem should be resolved.

ESET Internet Security

Forget about the issues caused by Microsoft Defender and install this top-notch light antivirus.
Free trial Visit website

We hope our solutions helped you learn how to stop the Antimalware Service Executable and fix this problem for good.

Even if you turn off Antimalware Service Executable, don’t leave your system unprotected. You can use any antivirus software option from the best antivirus with an unlimited license list.

For more suggestions or questions, don’t hesitate to leave them in the comments section below, and we’ll be sure to check them out.

This article covers:Topics: