MSE stole half my processor...

Summary:When I started using my old desktop Windows XP machine after lunch, I noticed the fan was running, so I opened SysInternals' Process Explorer to find out why. It turned out that MsMpEng.

When I started using my old desktop Windows XP machine after lunch, I noticed the fan was running, so I opened SysInternals' Process Explorer to find out why. It turned out that MsMpEng.exe was running at 50% CPU -- basically, it was consuming half my processor. But why?

MsMpEng.exe is the engine of Microsoft Security Essentials, but since I wasn't doing anything, it had no good reason to be active. It does run scheduled scans in the middle of the night, but it shouldn't be doing much in the middle of the day.

So I ran SysInternals' Process Monitor v2.93, creating a filter to display only the processes that belonged to MsMpEng.exe. There were lots, but one thing stood out. It appeared to be obsessed with a Secunia log file, psialog.txt. I use Secunia's free Personal Software Inspector 2.0 to check that I'm using the latest patched versions of the latest software from Adobe, Mozilla etc, which is important now third-party software has more potential vulnerabilities than Microsoft software. However, it doesn't make any sense for MsMpEng.exe to spend a lot of time on a harmless text file....

Fortunately, MSE lets you configure what it does. I opened it, went to Settings, clicked "Excluded files & locations" and excluded the Secunia directory (C:\Program Files\Secunia) from "real-time protection". MsMpEng.exe's processor use dropped immediately to zero, the fan turned off, and silence was restored.

All of this took far less time to do than it has taken to write about it, and I wouldn't normally have bothered. However, a quick web search shows that MsMpEng.exe has been fingered before for excessive CPU use, and I wanted to pass on a quick-and-dirty way of dealing with it. If nothing else, I've pointed you to some good free PC tools.

I'm still deciding what to do in the longer term. My Windows XP PC is running the Secunia PSI Agent (psia.exe) all the time, and whenever it kicks in some CPU use (typically 0.77% or 1.54%) with a network access, MsMpEng.exe responds after a very slight delay, and AnVir Task Manager Free follows slightly after that. This is the sort of problem you can get when running more than one monitor (or anti-malware program) at once, so I'll probably remove the Secunia PSI Agent from the start-up sequence. While it's a terrific idea to check that third-party software is up to date, this doesn't have to happen every few seconds.

Also, there's a good chance that someone out there will read this and come up with a better idea....

Topics: Tech Industry

About

Jack Schofield spent the 1970s editing photography magazines before becoming editor of an early UK computer magazine, Practical Computing. In 1983, he started writing a weekly computer column for the Guardian, and joined the staff to launch the newspaper's weekly computer supplement in 1985. This section launched the Guardian’s first webs... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.