[Fix] Windows Defender 100% CPU Usage During Full Scan

When you run a full scan using Microsoft Defender Antivirus, about 30 seconds to 1 minute into the scan, the CPU usage spikes and uses up all the remaining CPU. Its CPU usage remains at 100% throughout the full scan. The CPU fan becomes loud. Due to this issue, systems with heating issues may abruptly shut down during a full scan.

defender high cpu usage
Antimalware Service Executable – High CPU usage during full scan

Many users are worried about the continuous high CPU usage by MsMpEng.exe during a full scan and that it might have a detrimental effect on the computer hardware, especially on systems with a massive number of files.

You may have used the local group policy editor to set “Specify the maximum percentage of CPU utilization during a scan” (or the equivalent “AvgCPULoadFactor” registry setting) to throttle the CPU usage for scans. But that may not have helped.

Cause

By default, Microsoft Defender uses 100% CPU during full scans, and usage remains at 100% till the scan is complete. The CPU throttling is applied only for scheduled/idle scans.

Windows Defender CPU usage during full scan - CPU throttle disabled
Windows Defender CPU usage during full scan – CPU throttle Off

(Open the image in a new window to see the full-size image.)

Even though the “ScanAvgCPULoadFactor” metric is set to 50% by default, it’s applied only during scheduled scans.

However, there is also a way to enable CPU throttling during manual scans.

Resolution

To throttle the CPU usage during a full scan using Defender, launch PowerShell (admin).

Run the following commands:

set-mppreference -ThrottleForScheduledScanOnly $false

set-mppreference -DisableCpuThrottleOnIdleScans $false

set-mppreference -ScanAvgCPULoadFactor 50

(The commands #2 and #3 may not be required on most systems. But it doesn’t hurt to run them anyway.)

CPU throttle enable using set-mppreference in powershell

Reference: Set-MpPreference (Defender) | Microsoft Learn

From now on, CPU throttling will apply to scheduled and manual scans.

Close Windows Security and relaunch it. Run a full scan.

Now, look at the CPU usage during a full scan.

Windows Defender CPU usage during full scan - CPU throttle enabled
Windows Defender CPU usage during full scan – CPU throttle enabled

(Open the image in a new window to see the full-size image.)

As you can see in the above screenshot, the CPU usage touches 100% occasionally but never stays at 100%. It’s a huge improvement.

Editor’s note

A full scan is usually not needed unless you want to remove inactive malware-dropped files that may be lurking in the hard disk in the aftermath of a malware attack. Quick scan, real-time protection, and tamper protection features should be sufficient on most systems.

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time.

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a ten-time recipient of the Microsoft MVP award in Windows Desktop Experience (Windows Shell), from 2003 to 2012. Ramesh founded Winhelponline.com in 2005.

...

3 thoughts on “[Fix] Windows Defender 100% CPU Usage During Full Scan”

  1. PS C:\Users\ivan> set-mppreference -ThrottleForScheduledScanOnly $false
    set-mppreference : Operation failed with the following error: 0x%1!x!
    At line:1 char:1
    + set-mppreference -ThrottleForScheduledScanOnly $false
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\…FT_MpPreference) [Set-MpPreference],
    CimException
    + FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference

    PS C:\Users\ivan> set-mppreference -DisableCpuThrottleOnIdleScans $false
    >>
    set-mppreference : Operation failed with the following error: 0x%1!x!
    At line:1 char:1
    + set-mppreference -DisableCpuThrottleOnIdleScans $false
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\…FT_MpPreference) [Set-MpPreference],
    CimException
    + FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference

    PS C:\Users\ivan> set-mppreference -ScanAvgCPULoadFactor 1
    set-mppreference : Operation failed with the following error: 0x%1!x!
    At line:1 char:1
    + set-mppreference -ScanAvgCPULoadFactor 1
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\…FT_MpPreference) [Set-MpPreference],
    CimException
    + FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference

    Reply

    • @Ivan.

      0xc0000142 is STATUS_DLL_INIT_FAILED. There are some underlying issues on your computer.

      Feel free to post a question at the Microsoft Answers forum. Please let me look into it.

  2. Thank you. This helped a lot. I assume that we can lower that 50 in the final command if things still run too hot.

    Reply

Leave a Comment