Microsoft AntiMalware Service (MsMpEng.exe) is Microsoft’s free AntiVirus solution. The service cannot be stopped and has to be forced to stop. You may want to do this in cases where you need to install a product being blocked or some other reasons. The service is also referred to as MsMpEng.exe. AIn this post we will discuss how to do this using psexec and procexp (Process Explorer).
First off you will need to obtain psexec.exe and procexp.exe (Process Explorer), both are part of Microsoft’s Sysinternals Suite and can be downloaded from here. Once you have the files extracted we are ready to begin.
Run Process Explorer (Procexp.exe) as the SYSTEM account by using PSEXEC: psexec -s -i C:\Pathtofile\procexp.exe. In this example I have extracted the Sysinternals Suite to C:\Tools\SysinternalsSuite directory.
C:\> C:\Tools\SysinternalsSuite\psexec -s -i C:\Tools\SysinternalsSuite\procexp.exe
This will open Process Explorer, being the first time you will receive a few agreements to acknowledge.
Find the MsMpEng.exe process and double-click MsMpEng.exe to bring up the properties window
Go to the services tab
You should now be able to stop and start the service through the service management console or using the Stop button on the services tab of process explorer.
However, as soon as you do a stop/start of the service, the permissions will be reverted to default so you would have to go back through Process Explorer each time.