What is Msmpeng.exe

AntiMalware Service Executable - Microsoft Malware Protection - Microsoft Corporation

File description

Msmpeng.exe with description AntiMalware Service Executable is a process file from company Microsoft Corporation belonging to product Microsoft Malware Protection.
The file is digitally signed from Microsoft Corporation - Microsoft Time-Stamp Service
We do not recommend removing digitally signed files from Microsoft Corporation

What is MsMpEng.exe?
MsMpEng.exe is part of the Windows Defender anti-spyware software. It is responsible for performing spyware scans and protecting your system from spyware in the background. Windows Defender is also installed as part of Windows Live OneCare. The following is a screenshot of Windows Defender running under Windows XP Service Pack 2:

This is an nonessential system process and can safely be disabled. Note that disabling this process will disable your Windows Defender spyware protection. If you choose to disable it, you should do so through the Windows Defender or Windows Live OneCare interface so as not to cause errors. The screenshot below illustrates how this process should appear in the task manager:

As you can see in the above screenshot, MsMpEng.exe typically runs as SYSTEM. A process with this name that is running as a user other than SYSTEM may be indicative of a malware infection.

Dangers of MsMpEng
As this is a relatively common process in that it runs on any system with Windows Defender installed, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files may have the same name but be stored somewhere other than in %ProgramFiles%\Windows Defender. Other malware may use a name that appears similar to it but with slight differences in spelling or with appended digits. While there are currently no known viruses, trojans, or adware applications that disguise themselves as this process, you should look out for this file in an incorrect location or with a slightly different name.

There is typically only one instance of this process running at a given time. The presence of multiple instances may be an indicator of a malware infection. If you do not use Windows Defender, the presence of this executable may indicate that your system is infected.

Common problems
  • This process uses excessive CPU time
    • This is known to have been caused by Windows Defender scanning itself to monitor its own activity. Adding an exception for MsMpEng.exe should resolve the problem.
    • If the problem continues, it is recommended that you uninstall or turn off Windows Defender.
  • MsMpEng.exe causes problems with the Windows Firewall
    • This problem is known to occur in isolated cases. The only known recourse is to disable Windows Defender.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
010 Installed services
136 Local Machine Runonce (+subkeys)

Digital signatures found for this file

88 Microsoft Corporation - Microsoft Time-Stamp Service
9 Microsoft Corporation - Microsoft Timestamping Service
6 Microsoft Corporation - VeriSign Time Stamping Services Signer

MD5 security rating in our database

31 files (Not yet rated and not signed)
21 files (Not yet rated and digitally signed)
86 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to msmpeng.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of msmpeng.exe: by 138 files and users.

Application errors

Fix msmpeng.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.

Please add your comments if you have more information about this file or if you know how to solve msmpeng.exe application errors.

File safety :

File security rating :

Are you human? How much is 15+14:

Like this page?

Please support this free service by giving us a Google+1

Browse files by letter


More system processes

msmpls.exe msmpsvc.exe msmpu401.sys
msmqsy.com msmsgr.exe msmsgre.dll
msmsgs.dll msmsgs.exe msmsgsin.exe
msmsgsrv.dll msmsn.exe msmsrs.exe

Lansweeper computer inventory From the creator of Runscanner:

is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.