How to Stop Antimalware Service Executable From Slowing Boot
🔍 WiseChecker

How to Stop Antimalware Service Executable From Slowing Boot

by

Quick fix: Antimalware Service Executable (MsMpEng.exe) runs a startup scan that delays boot. Open Task Scheduler → Microsoft → Windows → Windows Defender. Find Windows Defender Scheduled Scan. Edit → Conditions tab → tick “Start the task only if the computer is idle for: 30 minutes.” Also: untick “Start the task only if the computer is on AC power” for laptops. Now scan only runs when idle, not during boot.

Your boot is slow. Task Manager → Startup apps shows everything disabled. But boot still 30+ seconds to desktop. The hidden offender is Windows Defender scheduling a scan during boot.

Symptom: Boot time slow on Windows 11; Antimalware Service Executable (MsMpEng.exe) using high CPU/disk during startup.
Affects: Windows 11 (and Windows 10) with Windows Defender enabled.
Fix time: ~10 minutes.

ADVERTISEMENT

What causes this

Windows Defender runs scheduled scans on a regular cadence. If the schedule coincides with boot time (default daily ~1 AM or ~6 PM), Defender starts a full scan whenever the PC wakes near that time. The scan competes with everything else loading, slowing boot.

Method 1: Reschedule Defender scan to off-hours

The standard route.

  1. Open Task Scheduler.
  2. Navigate to Microsoft → Windows → Windows Defender.
  3. Find Windows Defender Scheduled Scan. Double-click.
  4. Switch to Triggers tab. Edit existing trigger (or add new):
    • Daily, at 3 AM.
    • Or Weekly, Sunday 3 AM (less frequent).
  5. Switch to Conditions tab:
    • Tick Start the task only if the computer is idle for: 30 minutes. Scan waits for idle.
    • Tick Stop if the computer ceases to be idle. Scan pauses when you use PC.
    • Untick Start the task only if the computer is on AC power if laptop. Else: only AC.
  6. Apply. Close.
  7. For other Defender scheduled tasks (Verification, Cleanup): apply same condition logic.

This shifts scan to true idle time.

ADVERTISEMENT

Method 2: Reduce scan-target scope via exclusions

For ongoing performance.

  1. Open Windows Security → Virus & threat protection → Manage settings.
  2. Scroll to Exclusions → Add or remove exclusions.
  3. Add exclusions for trusted high-activity folders:
    • Development project folders
    • node_modules
    • OneDrive cache
    • Docker container folders
    • Game install folders (Steam, Epic)
  4. For process exclusions: node.exe, git.exe, frequently-spawned dev tools.
  5. Smaller scan scope = faster scans. Less CPU/disk during boot if scan runs.
  6. Don’t exclude C:\Windows or C:\Program Files — those need scanning.

This reduces scan workload.

Method 3: Disable Defender during boot temporarily (advanced)

For extreme cases.

  1. Disable Real-time protection only during boot via Group Policy. Cautious approach — brief window of reduced security.
  2. Open gpedit.mscComputer Configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus → Real-time Protection.
  3. Configure: Turn off real-time protection → Not Configured. (Leaving on is safer.)
  4. Trade-off: disabling Defender boot-time means malicious files running during boot won’t be caught. Generally not recommended.
  5. For PCs with third-party AV that’s primary: Windows Defender auto-disables. Third-party may have its own “exclude during boot” option.
  6. For dedicated gaming PCs: consider Windows 11 Pro with stricter Group Policy controlling Defender boot behavior.

Use with caution.

How to verify the fix worked

  • Reboot. Boot time measured (timer or Task Manager → Performance → CPU graph during boot).
  • Task Manager → Performance: MsMpEng CPU during first 60 seconds should be low.
  • Settings → Windows Security → Virus & threat protection → check scan history. Scans run at off-hours, not during boot.

If none of these work

If boot is still slow: Other startup apps: Task Manager → Startup apps tab. Disable High-impact items not needed at boot. For SSD vs HDD: HDDs are intrinsically slow at boot due to fragmentation. Defragment once (Windows handles for HDDs). Or upgrade to SSD. For PCs with disabled Fast Startup: enable Fast Startup. Power Options → Choose what power buttons do → tick Fast Startup. Speeds boot by ~5-10 seconds. For corporate PCs: Group Policy may force boot-time scans. Contact IT. For PCs with many drivers loading: check Reliability Monitor for driver delays. Update drivers.

Bottom line: Reschedule Windows Defender Scheduled Scan to 3 AM with idle-only conditions. Add exclusions for high-activity folders. Boot completes without scan interference.

ADVERTISEMENT

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You