Windows 10 - Antimalware Service Executable

For some considerable time now I have been plagued with a period, basically of around 15-20 minutes after booting up, when the mouse has responded erratically and the computer has tended to be sluggish.

It has been hard to identify the issue in any way but I believe I may have found a resolution, which I report for the benefit of other Members.


The basic, and essential, anitimalware code is part of the Windows Defender suite and is configured by default to start its work as soon as the computer is logged on.

At this stage there is often a period of 100% HDD activity and a very high CPU load. That may well be the cause of the issues noted above.


Checking the settings for this, via the Task Scheduler, showed that the default was as noted. However there are configurable options to defer the operation of the code by setting times inthe "Idle" box and the "Wait for idle" box.

This will automatically check the "Stop if computer ceases to be idle" flag. Make sure to
check the "Restart if the idle state resumes" option (off by default).

Whether or not this is the correct resolution I have to note that the erratic mouse issue and sluggishness that was an increasing nuisance seems to have been resolved and everything is working well.



If anyone is interested the procedure can be summarised as follows:

- Open Task Scheduler and Run as Administrator.

- Open the left hand pane and search for Microsoft > Windows > Windows Defender

- In the middle pane search for "Windows Defender Scheduled Scan", double click and open the "Conditions" tab

By default no settings for the "Idle" condition are made. Set the conditions as noted above to suit your own preferences.

HTH

 

Oh? Where is that configuration set? I ask because it is my understanding Microsoft Defender (formally Windows Defender) is configured by default to start "its work" almost as soon as the boot drive is first touched at boot time - LONG BEFORE the computer is "logged" on! That's one the advantages Microsoft Defender has over 3rd party anti-malware solutions. It is doing "its work" right at the beginning of the very first boot after the computer is turned on for the very first time after assembly, and before any user account is created, any network is logged on to, or any 3rd party app is downloaded, installed or loaded up and run.

It is important to understand that Microsoft Defender's "doing its work" is NOT the same as "scheduled scans". Ideally, Microsoft Defender (or any "real-time" anti-malware solution) should never need to do a scan. Why? Because it is "doing its work" constantly monitoring your computer's operating environment in real-time anyway. You shouldn't have to do a "supplemental" scan for bad code manually (or automatically via a schedule) on the computer if you were already ensuring no bad code got on the computer in the first place in real-time. So extra manual or scheduled automatic scans are really just for reassurance.

My point is, if your system is getting bogged down for 20 minutes after it boots because Microsoft Defender is running a scan and hogging resources, the default settings must have already been changed somehow, and/or something else is going on. Because by default, it will not do a scan every time you boot. But when it does run a scan, it should step into the background (use much fewer resources) if you (the user) and the computer are not otherwise "idle" so that it does not bog down your resources.

I believe the default time for a scheduled scan is 2am. Perhaps some settings were changed on your setting telling it to scan at boot if the scheduled time was missed. This might happen if you totally power off every night instead of just letting it go to sleep.

Now of course, hogging resources is relative. If you only have 4GB of RAM installed with an entry level i3 or R3 processor and a crowded hard drive, you might notice a performance hit during a supplemental scan. If you have 16GB of RAM and a decent i5 or R5 or faster processor and a SSD with plenty of free space, you likely would not see any performance hit at all and only learn a scan occurred when you get a notification bubble appear telling you your scan found nothing.

 

Thank you Bill once again for an excellent explanation.
If Alan's problem was "normal" operation on Startup - I feel sure there would be millions of unhappy Windows users.
I think as you suggested, there is something else going on to cause erratic mouse operation for 20 minutes after comp startup.

 

Exactly! If not 100s of millions!

 

But by this time the PC has settled down when it finishes booting up. Don't believe that has anything to do with your problem. Either a weak battery (if the mouse is battery powered) or some other version of MALWARE. Do you know if you are 100% clean from malware? MBAM show everything clean and other programs also. Maybe time for a trip to the Malware section of this board and let Broni or one of the other experts help you there.

 

Thank you for your comments. Allow me to to add some clarification.


The issue has only occurred since the update to Win 10 v2004, so I do wonder if some settings were changed at that point.

The issue was not on every boot-up and typically occurred at intervals of around 3-4 days

The computer has 16Gb memory, based on an i7 processor.

The mouse battery was obviously the the first point to check and there is no problem there.

The schedule changes can be made, as explained in my first post, by visiting the Task Scheduler.

Windows Defender AV definitions are automatically updated daily.

The Windows Malicious Software Removal tool is run as each quarterly cadence is received.

The regular scheduled Windows Defender scan has never caused any issues as it runs very successfully as a background task.



The issue as reported has not recurred since I made the changes via the Task Scheduler. This suggessts, although not explicitly, that the change to force scans to take pace when idle has resolved the issue.


I will continue to monitor the situation but, with the lack of other evidence I have to hope that things have returned back to "normal"!

 

Sorry. Forgot to add that a Malwarebytes scan showed that there were no issues.

 

Just to update this thread.

Since the initial report I have found that the minor reconfiguration has, or appears to have, solved my problem.

As a check I reverted to the default setting for a couple of days; the issue immediately recurred.

So, fingers crossed and all that, it seems as if the option to force the software to wait for idle time has worked, for me at least.

I'll give a couple more weeks an I'll signal this thread as resolved.