Solved Is Antimalware Service Executable supposed to run so hot?

I am well aware of how important anti-malware services are, and I can accept they take a lot of resources when they have to get down and dirty, but mine seems to run over 1/4th my CPU power for hours non stop while perpetually writing to my HD and potentially downloading GB of data and has been for like 10 hours through two restarts now. Is this normal, or do I have something setup wrong somewhere or something? I guess I just reinstalled Windows, so is it maybe getting itself fully up to date with the latest security packages in the background or something? Are there really like 10+ GB of security updates from this service alone?

The anti-malware service does not download gigabytes of data. Period. Now, it may be busy, particularly when there is a lot of activity, but it's a background process that should throttle back if needed to provide better performance to other tasks. But it has no reason whatsoever to be downloading large amounts of data itself.

That said, on every one of my systems, it's always out there doing something.

However, I have not paid attention to how busy that service is right after installing Windows, but give me a few minutes - I'm going to perform a clean install right now and see how busy it is afterwards.

Okay, did a clean install and kicked off Windows update and Microsoft Store updates. Antimalware is running, but not at the high CPU levels you are seeing. However, I see that you are on an old build of Windows 24H2 (vintage June 15, 2024). So Windows should have plenty of updates to install.

In my case, I directly installed the very latest build (26100.3476) so I have next to no updates to install.

My suggestion would be this: Don't panic! Let it get up to date with all the updates and then see if it settles down.

Maybe let us know how it is going tomorrow.

@NatS1011



Click on your start menu and type System Information

It's probably scanning the files, but why? Event viewer (filtered by source: Windows Defender) may give some information. Event ID 1000 is the start of a scan, and 1001 is the end of the (successful?) scan.

Thanks, I think you are right hsehestedt. I was just seeing the data on my metered network tick up constantly at an alarming rate, and atributed it (likely incorrectly) to whatever was writing the most constantly to the HD and using the CPU the most -- which was the process in question. As you point out, it was probably something else, likely Windows Updater and freinds, downloading GB of data while the antimalware service was going nuts scanning it all as it came in over countless hours over my tiny, slow, and metered network.

Now that I check it, almost a day after I started to notice the issue, its down to an 0.1 to 0.2% constant background CPU usage, which seems completely reasonable. Guess everything is finally downloaded and scanned.

Thanks for your insight.

​