I've been trying to forcefully restart the MsMpEng.exe process (Windows Defender) using an elevated command prompt. I ran a batch file as SYSTEM with the command "taskkill.exe /F /IM MsMpEng.exe >foo.txt 2>&1", but it just returns 'Access is denied' in the foo.txt file. I already disabled Tamper Protection in Virus & Threat Protection. Does anyone have any tricks to help restart this stubborn process? I don't want to disable it long term, just hoping to clear the memory leak, which has ballooned to about a gig.
3 Answers
Hey, just a heads up—the design of Windows Defender is to work this way, so they have those guard rails in place intentionally. If you’re running into these issues, consider increasing your system's RAM or managing your running processes to help alleviate memory strain without having to manually restart Defender.
I get that! Sometimes it feels like you’re just stuck with whatever the software decides to do.
MsMpEng.exe runs at the kernel level, not just SYSTEM. It’s designed to shield itself from being killed. If it’s running high on memory, that might be normal performance impact based on scans or other activities. Also, check out Microsoft's advice on memory usage with Defender—it might have pointers on adjusting settings to help you manage it better.
You’re on the right track, but there's something called TrustedInstaller that has higher privileges than SYSTEM. You could theoretically manipulate process privileges, but it’s risky and definitely not advisable on a work machine with security tools in place. Best to leave it be unless you're comfortable with the potential fallout.
That sounds complicated! It might be better to explore more benign fixes to the issue.
Absolutely. Avoiding system modifications is usually the safest path.
But seriously, not everyone wants to throw money at more RAM! There should be better solutions.