I'm trying to restart msmpeng.exe (Windows Defender) because it's leaking memory—about a gig and its usage is way too high. I even set up a batch file that I launched as SYSTEM using schtasks, but when I tried to use taskkill.exe to kill it, I just ended up with an 'Access is denied' message in my output file. I've already turned off Tamper Protection, and I'm really just looking for a way to restart this process temporarily, not disable it long-term. Any tips or tricks to get around this stubborn process?
4 Answers
You're dealing with Windows Defender, which is designed to prevent anything from stopping it, including other high-privilege processes like SYSTEM. Your script sounds like a workaround, but it might not be the best approach. Keep in mind that if Defender is consuming that much memory, it’s likely due to something triggering it to work overtime.
I get what you're saying, but it's not uncommon for Defender to take up a lot of memory, especially if something is wrong. A process with a GB of usage isn't typical, though—it definitely needs checking out!
MSMPENG (the Defender process) operates at a higher level than SYSTEM. Essentially, it's shielded from being terminated. I usually see it running around 200MB, but if yours is at a gig, it might be worth checking for what triggers those high loads. Have you tried looking at Microsoft's insight on this issue? They have some performance metrics that could help you diagnose what's kicking it into high gear.
I appreciate that info, but honestly, no one seems to be offering any practical solutions. It's my machine, and I should be able to manage what runs on it. I'm tired of all these recommendations about just ignoring the issue or throwing money at extra RAM. Can we please focus on actionable suggestions instead?
Just a heads-up for you: using methods to override Defender's protections can be risky, especially on a work computer. Programs designed to be super protective usually don't play nice when you try to bypass them, and you might trigger more alerts. Plus, exploiting other processes to re-parent tasks could end badly if not done right. Just be careful!
It might be more helpful to figure out what’s causing that high memory usage rather than just trying to kill it. Maybe you could look into what scans are running?