How To Restart or Stop Microsoft AntiMalware Service MsMpEng
Introduction
Microsoft AntiMalware Service (MsMpEng.exe) is Microsoft’s free AntiVirus solution. The service cannot be stopped and has to be forced to stop. You may want to do this in cases where you need to install a product being blocked or some other reasons. The service is also referred to as MsMpEng.exe. AIn this post we will discuss how to do this using psexec and procexp (Process Explorer).
Process
First off you will need to obtain psexec.exe and procexp.exe (Process Explorer), both are part of Microsoft’s Sysinternals Suite and can be downloaded from here. Once you have the files extracted we are ready to begin.
Run Process Explorer (Procexp.exe) as the SYSTEM account by using PSEXEC: psexec -s -i C:\Pathtofile\procexp.exe. In this example I have extracted the Sysinternals Suite to C:\Tools\SysinternalsSuite directory.
C:\> C:\Tools\SysinternalsSuite\psexec -s -i C:\Tools\SysinternalsSuite\procexp.exe
This will open Process Explorer, being the first time you will receive a few agreements to acknowledge.
Find the MsMpEng.exe process and double-click MsMpEng.exe to bring up the properties window
Go to the services tab
Give Full Control to the Administrators group and click OK
You should now be able to stop and start the service through the service management console or using the Stop button on the services tab of process explorer.
However, as soon as you do a stop/start of the service, the permissions will be reverted to default so you would have to go back through Process Explorer each time.
I followed exactly your guide in Windows 10 N 17.03 Family and I get “Ascess Denied”.
Don’t know id this has changed since you wrote this guide, but System account is owner of MsMpENG, but has only read access. Only WinDefend and TrsutedInstaller have write Access
http://pix.toile-libre.org/upload/original/1500916939.png
http://pix.toile-libre.org/upload/original/1500917124.png
http://pix.toile-libre.org/upload/original/1500917187.png
I have not looked at Windows 10 but have had to stop something similar on server 2012 R2. Let me take a look and see if it is different.
I tried but it just showed error opening service:access is denied
I have windows 7
Yep, this does not work anymore, at least on Windows 10 Pro 1709. Access denied all around. And yet, with Windows Defender totally “disabled” as far as turning off Real Time Protection, etc., MsMpEng.exe is still hammering away at my CPU. Well played, Microsoft, well played. Linux is looking better all the time.
Not working for me on Win7 Pro anymore either. 🙁
It works for me!
Win 7 x64 SP1.
Thanks.
So don’t upgrade to windows 10!
Didn’t work, and this makes it harder to shrink my partition. 🙁
Windows 7 Professional
Service Pack 1
A volume shrink analysis was initiated on volume Windows (C:). This event log entry details information about the last unmovable file that could limit the maximum number of reclaimable bytes.
Diagnostic details:
– The last unmovable file appears to be: \ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\81657D18-4C54-11E5-B8DD-806E6F6E6963-0.bin::$DATA