Windows 11 Antimalware Service Executable Access Denied

Published by Nyau Wai Hoe - Updated on

In Windows 11 or Windows 10, the Antimalware Service Executable (MsMpEng.exe) plays an important role in safeguarding your PC. It’s the core service behind Microsoft Defender (previously known as Windows Defender), which is Windows 11’s built-in anti-malware solution. The tool routinely scans files for malware, ensuring a consistently secure environment for your data. Consequently, it can sometimes consume a significant amount of CPU, memory and disk resources, even when the computer isn’t idle.

When you attempt to “end task” the Antimalware Service Executable or MsMpEng.exe process through Task Manager, you’ll likely encounter an “Access Denied” message. This is because the service operates with elevated permissions, ensuring that it’s not easily tampered with, even by potential malware. However, these precautions can sometimes be seen as obstacles, especially when this service constantly using high system resources, leading to noticeable slowdowns on your PC. In this article, we’ll look into why this happens, and present three methods to effectively manage or disable Antimalware Service Executable in Windows 11.

Windows 11 Antimalware Service Executable Access Denied

Why “Access Denied” for Antimalware Service Executable in Task Manager?

The Antimalware Service Executable is not just any regular process in Windows 11. It’s a crucial part of the system’s defense mechanism. Because of its significance:

  1. Protection from unintentional termination: Windows is designed to protect vital processes, ensuring that they can’t be accidentally stopped. This is to ensure that users, perhaps unknowingly, don’t disable essential security features that protect their system from threats.
  2. Defense against malware: By making it difficult to end or tamper with, Microsoft ensures that malware or any potential harmful software cannot easily disable Microsoft Defender. If malware could easily halt this process, it would leave the system vulnerable.

Given the reasons above, when you try to end the task directly from the Task Manager, Windows safeguards the process by displaying the “Access Denied” message, ensuring continuous protection.

Also see: Antimalware Service Executable High Disk or CPU Usage

Method 1: Installing a third-party antivirus

One of the easiest ways to manage the resource consumption of the Antimalware Service Executable is by installing a third-party antivirus. Here’s why:

  • Automatic override: Once you install and activate a reputable third-party antivirus, Windows detects it and often disables its in-built Microsoft Defender to prevent conflicts and redundant scans. This ensures that two antivirus solutions are not competing for the same system resources.

Install a third party antivirus in Windows 11

Here’s how to correctly install an alternative antivirus to replace Windows Defender:

  1. Research and choose a reputable third-party antivirus solution that fits your needs.
  2. Download and install the chosen antivirus software.
  3. Once installed, restart your PC. Windows 11 will typically recognize the third-party antivirus and disable Microsoft Defender.
  4. To confirm, navigate to Windows Security > Virus & threat protection. You should see the third-party antivirus name displayed as “turned on” instead of Windows Defender.

Useful tip: How to Limit CPU Usage of a Process in Windows 11

Method 2: Adjusting Windows Defender Scheduled Scan in Task Scheduler

Another method to ensure that the Antimalware Service Executable doesn’t overwhelm your system resources, especially during intensive tasks, is by adjusting when it operates. Here’s how to adjust Windows Defender’s scheduled scanning task using the built-in Task Scheduler in Windows 11 or 10:

  1. Press the Windows + R keys simultaneously, type “taskschd.msc“, and hit Enter.Open Task Scheduler in Windows 11
  2. On the left pane, navigate to Library > Microsoft > Windows > Windows Defender.
  3. Locate and double-click on “Windows Defender Scheduled Scan”.Windows Defender Scheduled Scan Task Scheduler
  4. Go to the “Conditions” tab.
  5. Here, check the box for “Start the task only if the computer is idle for:” and choose a preferred duration. This ensures the scan runs only when you’re not actively using the PC.MsMpEng.exe Access Denied Windows 11

Method 3: Disabling Windows Defender with a script suggested on Reddit

Certain power users and enthusiasts on platforms like Reddit often look for ways to customize their experience beyond what typical Windows interfaces allow. One such method that’s been discussed involves a specific script to completely disable Microsoft Defender. However, executing this script isn’t straightforward due to the high permissions required. As a result, you will also need a tool called NSudo.

Related resource: How to Reinstall Windows Defender in Windows 11

Why do we need NSudo?

The script needs to run with the permissions of the TrustedInstaller user, a built-in user account in Windows with extensive permissions, allowing it to interact with system files and processes. Most system components run under this account, ensuring they remain untouched even by administrators. NSudo is a third-party tool that allows users to run programs or scripts with the privileges of TrustedInstaller.

Steps to completely disable Windows Defender

Below is a step-by-step instruction on how to disable Microsoft Defender using the provided script and NSudo:

  1. Prepare the script:
    • Navigate to this Pastebin link.
    • Copy the script content and paste it into Notepad.
    • Save the file with a .bat extension (e.g., “disable_defender.bat”).Script to completely disable Windows Defender
  2. Download and set up NSudo:
    • Download NSudo from either a reputable source or from
    • Extract the downloaded file to a known location on your computer.NSudo Launcher
  3. Execute the script with NSudo:
    • Open the folder where you extracted NSudo, and navigate to NSudo Launcher > x64.
    • Run the NSudoLG.exe file.How to run NSudo Launcher in Windows 11
    • Make sure “Enable All Privileges” is enabled.
    • In the M2-Team NSudo Launcher window, click “Browse“.
    • Finally, click Run to run the script.Completely disable Antimalware Service Executable Access Denied
    • The script will execute with TrustedInstaller privileges and disable Microsoft Defender.
  4. Verifying the changes:
    • Restart your computer.
    • Check the status of Microsoft Defender. It should now be disabled.

Caution: Disabling Microsoft Defender using this method turns off a significant protection layer for your PC. Always ensure you have another reliable antivirus or security solution in place if you choose to disable Defender.

Summing up

The “Access Denied” message when trying to end task the Antimalware Service Executable in Windows 11 is there for a good reason: it’s protecting your computer. However, this protective feature can occasionally become a double-edged sword. The service can consume considerable system resources. This can be especially bothersome when you’re gaming or using demanding applications, as it may lead to lags or decreased performance.

While there are methods to manage or even disable this feature, it’s vital to approach them with caution. The third method, involving a script, should especially be considered a last resort. It’s also crucial to remember that disabling any in-built protection comes with risks. Always ensure that if you do turn off Microsoft Defender, you have another robust antivirus solution in place to shield your system from potential threats.

Nyau Wai Hoe
Nyau Wai Hoe is the Founder and Chief Editor of With a degree in software engineering and over 12 years of experience in the tech support industry, Nyau has established himself as an expert in the field, with a primary focus on the Microsoft Windows operating system. As a tech enthusiast, he loves exploring new technologies and leveraging them to solve real-life problems.

Share via
Copy link