How can I force restart msmpeng.exe?

The reason you can't kill msmpeng.exe is that Windows Defender is designed to protect itself from being terminated by other processes. Even running as SYSTEM doesn't give you enough privilege since it's running at a kernel level. What you’re seeing isn't uncommon; defenders can use up a lot of memory. Instead of trying to kill it, you might want to check the triggering events that are causing it to use so much memory. It could be due to frequent on-demand scans!

Honestly, when it comes to msmpeng.exe, it's just working as intended. All security measures are there to keep it from being interrupted or altered by other processes for security reasons. If you're dealing with high usage, it's not about just restarting it; it could be tied to other activities on the machine. You might just need to let it run its course.

I get your frustration! But, really, attempts to restart msmpeng.exe usually just get thwarted because it's built to resist interference. I’ve heard some people mention using performance monitoring tools to keep an eye on what’s making it heavy on memory since that could give some clues. But forcing a restart? Good luck with that!

You're on the right track, but just so you know, the SYSTEM account isn't the end-all when it comes to privileges. There's actually a higher privilege called TrustedInstaller that not even SYSTEM can access easily. Some users have attempted to use a PowerShell module to gain that privilege, but be warned, it can trigger security software if you're not careful. Honestly though, you might be better off letting Windows manage it.