Posted by: kurtsh | October 2, 2022

INFO: Diagnosing high Microsoft Defender CPU utilization

example-outputHave you ever seen your CPU fan spin up to 100% and when you look at Task Manager, you see high CPU usage by Microsoft Defender (msmpeng.exe) but when you open up Defender, it’s not running a full scan?

  1. Launch
    New-MpPerformanceRecording -recordto c:\1.etl
  2. Let the process run for bit
  3. Launch
    Get-MpPerformanceReport c:\1.etl -topprocesses 100

I saw this technique posted by SwiftOnSecurity and he/she discovered that “Dell SupportAssist was poking all EXE files on the drive, triggering on-access scans” by Defender.

SwiftOnSecurity recommended reading the training module, “Performance Analyzer for Microsoft Defender Antivirus” for all Microsoft Defender administrators – including plain Microsoft Defender Antivirus, as well as Microsoft Defender for Endpoint.

Quote: “You should baseline your machines at idle and see what is causing spurious activity you haven’t tuned for.”


%d bloggers like this: