When you run a full scan using Microsoft Defender Antivirus, about 30 seconds to 1 minute into the scan, the CPU usage spikes and uses up all the remaining CPU. Its CPU usage remains at 100% throughout the full scan. The CPU fan becomes loud. Due to this issue, systems with heating issues may abruptly shut down during a full scan.
Many users are worried about the continuous high CPU usage by MsMpEng.exe during a full scan and that it might have a detrimental effect on the computer hardware, especially on systems with a massive number of files.
You may have used the local group policy editor to set “Specify the maximum percentage of CPU utilization during a scan” (or the equivalent “AvgCPULoadFactor” registry setting) to throttle the CPU usage for scans. But that may not have helped.
Cause
By default, Microsoft Defender uses 100% CPU during full scans, and usage remains at 100% till the scan is complete. The CPU throttling is applied only for scheduled/idle scans.
(Open the image in a new window to see the full-size image.)
Even though the “ScanAvgCPULoadFactor” metric is set to 50% by default, it’s applied only during scheduled scans.
However, there is also a way to enable CPU throttling during manual scans.
Resolution
To throttle the CPU usage during a full scan using Defender, launch PowerShell (admin).
Run the following commands:
set-mppreference -ThrottleForScheduledScanOnly $false set-mppreference -DisableCpuThrottleOnIdleScans $false set-mppreference -ScanAvgCPULoadFactor 50
(The commands #2 and #3 may not be required on most systems. But it doesn’t hurt to run them anyway.)
Reference: Set-MpPreference (Defender) | Microsoft Learn
From now on, CPU throttling will apply to scheduled and manual scans.
Close Windows Security and relaunch it. Run a full scan.
Now, look at the CPU usage during a full scan.
(Open the image in a new window to see the full-size image.)
As you can see in the above screenshot, the CPU usage touches 100% occasionally but never stays at 100%. It’s a huge improvement.
Editor’s note
A full scan is usually not needed unless you want to remove inactive malware-dropped files that may be lurking in the hard disk in the aftermath of a malware attack. Quick scan, real-time protection, and tamper protection features should be sufficient on most systems.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
PS C:\Users\ivan> set-mppreference -ThrottleForScheduledScanOnly $false
set-mppreference : Operation failed with the following error: 0x%1!x!
At line:1 char:1
+ set-mppreference -ThrottleForScheduledScanOnly $false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\…FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference
PS C:\Users\ivan> set-mppreference -DisableCpuThrottleOnIdleScans $false
>>
set-mppreference : Operation failed with the following error: 0x%1!x!
At line:1 char:1
+ set-mppreference -DisableCpuThrottleOnIdleScans $false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\…FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference
PS C:\Users\ivan> set-mppreference -ScanAvgCPULoadFactor 1
set-mppreference : Operation failed with the following error: 0x%1!x!
At line:1 char:1
+ set-mppreference -ScanAvgCPULoadFactor 1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\…FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference
@Ivan.
0xc0000142 is STATUS_DLL_INIT_FAILED. There are some underlying issues on your computer.
Feel free to post a question at the Microsoft Answers forum. Please let me look into it.