J
Jeroen HD
Guest
About a week ago I noticed that Windows Defender ("Antimalware Service Executable") is using 25-50% of my CPU at all times. It's also taking between 140 and 600MB of RAM (my system has 16GB of RAM so that's not a big issue).
I have not installed any other anti virus product before on this computer. I wish to keep using Windows Defender because it used to be very light wait and non-intrusive (and also free of course ;-) )
I looked for solutions on the internet but none of the proposed solutions worked for me:
As Windows Defender protects itself from interference from viruses, it's hard to find any useful information using my usual toolset for dealing with these issues (Process Explorer shows Access Denied errors so I can't check the handles to see if it's having issues with a specific file).
Rebooting Windows does not help. Neither shutting down and booting nor selecting reboot in the start menu helps. I have updated all drivers, installed all Windows Updates but nothing seems to help.
I tried disabling ImDisk but that does not help. A scan for viruses comes out clean. I had Metasploit installed for a while but I have removed it, and I have also removed the exclusions I added for Metasploit.
The only cause I can think of is that Defender showed a notification a while ago about a threat it was removing, but the notification never disappeared and defender was hogging the CPU trying to remove it. After about 30 minutes I shut down my computer but the issue seems to persist.
I managed to find some information using Process Hacker (http://processhacker.sourceforge.net/): the CPU usage is caused by a single thread from the WinDefend service, and it seems to be stuck at ntdll.dll!RtlAcquireSRWLockShared+0x3b90 accoding to the "Start address" field of the thread overview.
The I/O total rate Process Hacker indicates is about 9-25MB/s, but no scan is running according to the interface.
I tried killing the process using Process Hacker and restarting the WinDefend service, but that didn't help.
I'm at a loss for other solutions. Hopefully someone on these forums has an idea of what I can do about this.
Continue reading...
I have not installed any other anti virus product before on this computer. I wish to keep using Windows Defender because it used to be very light wait and non-intrusive (and also free of course ;-) )
I looked for solutions on the internet but none of the proposed solutions worked for me:
- I added MsMpEng.exe and the entire Windows Defender folder as an exception to Windows Defender
- I checked the task scheduler, but the last time any of the Defender tasks ran was about a week ago
- I ran "sfc /scannow" and "dism /online /cleanup-image /restorehealth".
SFC found some issues but after rebooting the problem remained. - I disabled Windows Defender Real-Time protection, but that doesn't help.
As Windows Defender protects itself from interference from viruses, it's hard to find any useful information using my usual toolset for dealing with these issues (Process Explorer shows Access Denied errors so I can't check the handles to see if it's having issues with a specific file).
Rebooting Windows does not help. Neither shutting down and booting nor selecting reboot in the start menu helps. I have updated all drivers, installed all Windows Updates but nothing seems to help.
I tried disabling ImDisk but that does not help. A scan for viruses comes out clean. I had Metasploit installed for a while but I have removed it, and I have also removed the exclusions I added for Metasploit.
The only cause I can think of is that Defender showed a notification a while ago about a threat it was removing, but the notification never disappeared and defender was hogging the CPU trying to remove it. After about 30 minutes I shut down my computer but the issue seems to persist.
I managed to find some information using Process Hacker (http://processhacker.sourceforge.net/): the CPU usage is caused by a single thread from the WinDefend service, and it seems to be stuck at ntdll.dll!RtlAcquireSRWLockShared+0x3b90 accoding to the "Start address" field of the thread overview.
The I/O total rate Process Hacker indicates is about 9-25MB/s, but no scan is running according to the interface.
I tried killing the process using Process Hacker and restarting the WinDefend service, but that didn't help.
I'm at a loss for other solutions. Hopefully someone on these forums has an idea of what I can do about this.
Continue reading...