[Fix] Windows Defender 100% CPU Usage During Full Scan

When you run a full scan using Microsoft Defender Antivirus, about 30 seconds to 1 minute into the scan, the CPU usage spikes and uses up all the remaining CPU. Its CPU usage remains at 100% throughout the full scan. The CPU fan becomes loud. Due to this issue, systems with heating issues may abruptly shut down during a full scan.

defender high cpu usage
Antimalware Service Executable – High CPU usage during full scan

Many users are worried about the continuous high CPU usage by MsMpEng.exe during a full scan and that it might have a detrimental effect on the computer hardware, especially on systems with a massive number of files.

You may have used the local group policy editor to set “Specify the maximum percentage of CPU utilization during a scan” (or the equivalent “AvgCPULoadFactor” registry setting) to throttle the CPU usage for scans. But that may not have helped.

Cause

By default, Microsoft Defender uses 100% CPU during full scans, and usage remains at 100% till the scan is complete. The CPU throttling is applied only for scheduled/idle scans.

Windows Defender CPU usage during full scan - CPU throttle disabled
Windows Defender CPU usage during full scan – CPU throttle Off

(Open the image in a new window to see the full-size image.)

Even though the “ScanAvgCPULoadFactor” metric is set to 50% by default, it’s applied only during scheduled scans.

However, there is also a way to enable CPU throttling during manual scans.

Resolution

To throttle the CPU usage during a full scan using Defender, launch PowerShell (admin).

Run the following commands:

set-mppreference -ThrottleForScheduledScanOnly $false

set-mppreference -DisableCpuThrottleOnIdleScans $false

set-mppreference -ScanAvgCPULoadFactor 50

(The commands #2 and #3 may not be required on most systems. But it doesn’t hurt to run them anyway.)

CPU throttle enable using set-mppreference in powershell

Reference: Set-MpPreference (Defender) | Microsoft Learn

From now on, CPU throttling will apply to scheduled and manual scans.

Close Windows Security and relaunch it. Run a full scan.

Now, look at the CPU usage during a full scan.

Windows Defender CPU usage during full scan - CPU throttle enabled
Windows Defender CPU usage during full scan – CPU throttle enabled

(Open the image in a new window to see the full-size image.)

As you can see in the above screenshot, the CPU usage touches 100% occasionally but never stays at 100%. It’s a huge improvement.

Editor’s note

A full scan is usually not needed unless you want to remove inactive malware-dropped files that may be lurking in the hard disk in the aftermath of a malware attack. Quick scan, real-time protection, and tamper protection features should be sufficient on most systems.

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)
Tweet
Share
Share
0 Shares

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

...

Leave a Comment