MSE stole half my processor...

MSE stole half my processor...

Summary: When I started using my old desktop Windows XP machine after lunch, I noticed the fan was running, so I opened SysInternals' Process Explorer to find out why. It turned out that MsMpEng.

SHARE:
TOPICS: Tech Industry
11

When I started using my old desktop Windows XP machine after lunch, I noticed the fan was running, so I opened SysInternals' Process Explorer to find out why. It turned out that MsMpEng.exe was running at 50% CPU -- basically, it was consuming half my processor. But why?

MsMpEng.exe is the engine of Microsoft Security Essentials, but since I wasn't doing anything, it had no good reason to be active. It does run scheduled scans in the middle of the night, but it shouldn't be doing much in the middle of the day.

So I ran SysInternals' Process Monitor v2.93, creating a filter to display only the processes that belonged to MsMpEng.exe. There were lots, but one thing stood out. It appeared to be obsessed with a Secunia log file, psialog.txt. I use Secunia's free Personal Software Inspector 2.0 to check that I'm using the latest patched versions of the latest software from Adobe, Mozilla etc, which is important now third-party software has more potential vulnerabilities than Microsoft software. However, it doesn't make any sense for MsMpEng.exe to spend a lot of time on a harmless text file....

Fortunately, MSE lets you configure what it does. I opened it, went to Settings, clicked "Excluded files & locations" and excluded the Secunia directory (C:\Program Files\Secunia) from "real-time protection". MsMpEng.exe's processor use dropped immediately to zero, the fan turned off, and silence was restored.

All of this took far less time to do than it has taken to write about it, and I wouldn't normally have bothered. However, a quick web search shows that MsMpEng.exe has been fingered before for excessive CPU use, and I wanted to pass on a quick-and-dirty way of dealing with it. If nothing else, I've pointed you to some good free PC tools.

I'm still deciding what to do in the longer term. My Windows XP PC is running the Secunia PSI Agent (psia.exe) all the time, and whenever it kicks in some CPU use (typically 0.77% or 1.54%) with a network access, MsMpEng.exe responds after a very slight delay, and AnVir Task Manager Free follows slightly after that. This is the sort of problem you can get when running more than one monitor (or anti-malware program) at once, so I'll probably remove the Secunia PSI Agent from the start-up sequence. While it's a terrific idea to check that third-party software is up to date, this doesn't have to happen every few seconds.

Also, there's a good chance that someone out there will read this and come up with a better idea....

Topic: Tech Industry

Jack Schofield

About Jack Schofield

Jack Schofield spent the 1970s editing photography magazines before becoming editor of an early UK computer magazine, Practical Computing. In 1983, he started writing a weekly computer column for the Guardian, and joined the staff to launch the newspaper's weekly computer supplement in 1985. This section launched the Guardian’s first website and, in 2001, its first real blog. When the printed section was dropped after 25 years and a couple of reincarnations, he felt it was a time for a change....

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Lol, OK I'll go for it!

    Remove that well known virus 'Microsoft Windows' and install a secure operating system instead.
    AndyPagin-3879e
  • @AndyPagin
    Well, XP SP3 is amazingly secure compared to what it used to be (remember Blaster?) but for the purposes of answering Ask Jack queries I need to run everything that my readers run. Otherwise like all sensible people I mainly use Windows 7 ;-)
    http://www.guardian.co.uk/technology/askjack
    Jack Schofield
  • Good one, Andy, and factual. @Jack, Are you sure both your readers run XP? : ) Oh, and by the way, I am one of your sensible readers, and I run Linux Mint 10. Windows has been removed, and replaced
    ator1940
  • Jack, do you make a habit of calling your "Ask Jack" readers stupid^Wunsensible for not running Windows 7?
    Zogg
  • Unfortunately a lot of people and companies still run XP because the migration to 7 is a huge burden on resources. I'm currently in the middle of a migration for a company and it's been a rough ride the entire time. Not only from the learning curve, but mainly from application compatibility. Many many applications that ran fine in XP, simply do not run in 7, which has incurred extra unforseen expenses along the way. Some many easily migrate, while others are in for a tough time for a while.
    Chris_Clay
  • @ator1940
    I'm happy for you to run whatever you like, and the same goes for everybody else -- even the less than 1% who run Linux. However, as a matter of fact, (1) most people run Windows; and (2) Windows 7 is better than XP.

    @Chris Rankin
    Perhaps you could apply for a humour transplant on the NHS?

    @apexwm
    > Many many applications that ran fine in XP, simply do not run in 7

    If they don't run in Windows 7 then it's a pretty safe bet they didn't run in Vista. I think sensible people figured this out during the Windows Vista beta. Am I supposed to feel sorry for you five years later, or should you have used the five years to get your act together? Either way, I'm sure Microsoft is entirely to blame for your lack of preparedness, and providing free XP Mode in Windows 7 was no help at all....
    Jack Schofield
  • No need Jack, because I wasn't joking. But it's your blog, and if you want to use it to plug MS products at every single opportunity while simultaneously sneering at everything else then I suppose that's your business. But I have no desire to read any more of it.
    Zogg
  • Jack, Linux market penetration is almost impossible to define accurately. Current estimates for non-server Linux machines seems to vary between about 2% and 8%.

    According to Microsoft about 60% of the web is Linux server based.
    AndyPagin-3879e
  • @Chris Rankin
    Wow, you've actually noticed that it's my blog! In this case, I'm not sure how you manage to confuse me making a point about errant CPU use in Windows XP as "plugging MS products", but you are welcome to be as confused as you like on your own blog. I'll be extremely happy not to read it.

    I'll also be very happy if only Microsoft software users continue to read me, since these comprise more than 90% of the market.

    @AndyPagin
    > Linux market penetration is almost impossible to define accurately.

    True, but it's doing pretty miserably for a free product that has so many fanboys hyping it up every chance they get. I appreciate that you're not one of them, and that your initial comment was intended as a joke, but I never cease to be amazed at the level of childishness on display. I applaud Ubuntu for having a code of conduct, but I assume that's mainly aspirational. Very few Linux users seem capable of living up to it:
    http://www.ubuntu.com/community/conduct
    Jack Schofield
  • I enjoy Jack pushing MS as the greatest OS on the planet. But, then again I'm easily amused. I used to be a fanboy back in the early 90's, but the older I got, the smarter I got. Hang on, Jack, you'll get there.
    ator1940
  • I think you're confusing reportage with opinion...
    Manek Dubash