I've been trying to forcefully restart the MsMpEng.exe process (Windows Defender) using an elevated command prompt. I ran a batch file as SYSTEM with the command "taskkill.exe /F /IM MsMpEng.exe >foo.txt 2>&1", but it just returns 'Access is denied' in the foo.txt file. I already disabled Tamper Protection in Virus & Threat Protection. Does anyone have any tricks to help restart this stubborn process? I don't want to disable it long term, just hoping to clear the memory leak, which has ballooned to about a gig.
4 Answers
Just so you know, Windows Defender is designed to prevent processes from being killed to protect the system. Your approach with the batch file seems a bit like a workaround that might not be effective. If MsMpEng is using a whole gig of memory, it’s probably just how dynamic its usage is, rather than a leak. It’s worth checking if something else is causing high memory utilization.
Exactly, and as long as it's operating properly otherwise, it might just be how Defender manages resources.
Hey, just a heads up—the design of Windows Defender is to work this way, so they have those guard rails in place intentionally. If you’re running into these issues, consider increasing your system's RAM or managing your running processes to help alleviate memory strain without having to manually restart Defender.
But seriously, not everyone wants to throw money at more RAM! There should be better solutions.
I get that! Sometimes it feels like you’re just stuck with whatever the software decides to do.
MsMpEng.exe runs at the kernel level, not just SYSTEM. It’s designed to shield itself from being killed. If it’s running high on memory, that might be normal performance impact based on scans or other activities. Also, check out Microsoft's advice on memory usage with Defender—it might have pointers on adjusting settings to help you manage it better.
You’re on the right track, but there's something called TrustedInstaller that has higher privileges than SYSTEM. You could theoretically manipulate process privileges, but it’s risky and definitely not advisable on a work machine with security tools in place. Best to leave it be unless you're comfortable with the potential fallout.
That sounds complicated! It might be better to explore more benign fixes to the issue.
Absolutely. Avoiding system modifications is usually the safest path.
Gotcha! So it sounds like MsMpEng isn't really leaking memory, but maybe just behaving differently based on what’s going on with the system.