How To Restart or Stop Microsoft AntiMalware Service MsMpEng


Microsoft AntiMalware Service (MsMpEng.exe) is Microsoft’s free AntiVirus solution. The service cannot be stopped and has to be forced to stop. You may want to do this in cases where you need to install a product being blocked or some other reasons. The service is also referred to as MsMpEng.exe. AIn this post we will discuss how to do this using psexec and procexp (Process Explorer).


First off you will need to obtain psexec.exe and procexp.exe (Process Explorer), both are part of Microsoft’s Sysinternals Suite and can be downloaded from here. Once you have the files extracted we are ready to begin.

Run Process Explorer (Procexp.exe) as the SYSTEM account by using PSEXEC: psexec -s -i C:\Pathtofile\procexp.exe. In this example I have extracted the Sysinternals Suite to C:\Tools\SysinternalsSuite directory.

C:\> C:\Tools\SysinternalsSuite\psexec -s -i C:\Tools\SysinternalsSuite\procexp.exe

This will open Process Explorer, being the first time you will receive a few agreements to acknowledge.

Find the MsMpEng.exe process and double-click MsMpEng.exe to bring up the properties window


Go to the services tab

Click the Permissions button

Give Full Control to the Administrators group and click OK


You should now be able to stop and start the service through the service management console or using the Stop button on the services tab of process explorer.

However, as soon as you do a stop/start of the service, the permissions will be reverted to default so you would have to go back through Process Explorer each time.

9 Responses to “How To Restart or Stop Microsoft AntiMalware Service MsMpEng”

  1. thierrybo says:

    I followed exactly your guide in Windows 10 N 17.03 Family and I get “Ascess Denied”.

    Don’t know id this has changed since you wrote this guide, but System account is owner of MsMpENG, but has only read access. Only WinDefend and TrsutedInstaller have write Access

  2. Saba says:

    I tried but it just showed error opening service:access is denied

  3. Saba says:

    I have windows 7

  4. John says:

    Yep, this does not work anymore, at least on Windows 10 Pro 1709. Access denied all around. And yet, with Windows Defender totally “disabled” as far as turning off Real Time Protection, etc., MsMpEng.exe is still hammering away at my CPU. Well played, Microsoft, well played. Linux is looking better all the time.

  5. iamnoname says:

    It works for me!

    Win 7 x64 SP1.


  6. thierrybo says:

    So don’t upgrade to windows 10!

  7. Stephen says:

    Didn’t work, and this makes it harder to shrink my partition. 🙁
    Windows 7 Professional
    Service Pack 1

    A volume shrink analysis was initiated on volume Windows (C:). This event log entry details information about the last unmovable file that could limit the maximum number of reclaimable bytes.

    Diagnostic details:
    – The last unmovable file appears to be: \ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\81657D18-4C54-11E5-B8DD-806E6F6E6963-0.bin::$DATA

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.