Is Microsoft Security Essentials a virus?

By Rick Jelliffe
July 15, 2010 | Comments: 8

Imagine this: you make a new (re-) installation of Windows XP on some old PC you want to make good use of. You add all the updates, day after tedious day of updates. You do the whole Genuine Advantage thing. Everything seems to work fine. You install Microsoft Security Essentials (from a memory stick) so that the nasty red messages go away, and go online.

And then performance goes down the tubes. One of two processes MsMpEng.exe or msesec.exe is hogging 54, 72 or even 98 percent of the CPU. And it does it even when the network is disconnected.

In what universe does a computer need antivirus protection that consumes nearly 100% of CPU when the system is not connected and when the user is not making any changes? A cynical person might think Is Microsoft deliberately knobbling older installations of XP in order to force people to upgrade to Windows 7?, perhaps with guilty pleasure. This is not the result of some disc scan, nor is the result of having to anti-virus systems going at the same time: Microsoft's anti-virus system is itself acting like a virus.

Looking through the Internet, it is clear that this has been an issue reported multiple times over the last year. There is a very nice fix up from Microsoft support from Feb 2010 on PC World:

1. Open Microsoft Security Essential program.
2. Click settings tab
3. Excluded files and Locations
4. Click on Add button.
5.Select the path c:\program files\microsoft security essentials\MsMpEng.exe
6. Click ok.
7. Click on Save changes.
8. Close Microsoft Security Essential program.
9. Restart the computer. 

(Guess what: it doesn't work for me. I see other advise on the WWW is that there may be "conflicts" with other services. Conflicts? WTF....)

The problem, believe it or not, seems to be that the anti-virus program is continually checking itself. So you have to tell it to exempt itself. Boy.

Now I wonder whether the problem came up because I was installing Windows Security offline: the first thing it tries to do is update itself. Microsoft has had a fix for this for at least six months. Why haven't they fixed it? I don't recall seeing any warning that you cannot install it off-line, for example: if the problem is just that (is it?) would it have hurt to mention it?

I tried all the combinations of switching on or off options, rebooting carefully each time. Nada. I even tried searching for where the Security Essentials could be storing its data, but of course the new Search that installed itself (I don't recall OKint it) from Microsoft update won't work: it claims the disk is not indexed when I try to do a search, but when I try to index the disk it does nothing, saying the disk has been indexed. I will need to see about uninstalling that new search.

What worked for me in the end? I have uninstalled Security Essentials. I'll go back to keeping that machine offline as much as possible and running Malwarebytes after each online session (and use Thunderbird and Firefox instead of IE and Outlook when they are online, etc.) I was recently thinking that my move to PC-BSD on my main PC has been less smooth than I wanted, but it is nothing like this rubbish.


You might also be interested in:

8 Comments

Yes, please, move away from Windows. We'll all be happier.

Considering the fact that my organization had to temporarially install MSE on all 250 of our machines ,because McAfee let some malware into our network, I can say with 100% certainty that we encountered none of these problems for the two months we had MSE on our machines.

We are now happily using Microsoft's Forefront Client Security which is basically the business version of MSE. All of our systems perform much better than they did with McAfee.

We will all be better off with people like you running somesort of Linux or BSD.

Mike: So when I follow the instructions, some software does the opposite of what it says it would do, I am somehow wrong to report it? (Actually, it did it on two machines: I have them side-by-side.)

But I am glad that in your case it worked well. That seems to be a more common case than the one that I (and dozens of others in sad messages scattered around the WWW) am reporting.

I wouldn't say that people shouldn't try it, far from it: it is great to have a free tool from Microsoft to prevent all the viruses that their other software has let in; but I would say that if someone has this problem, try the fix and if the fix doesn't work then get rid of the damn thing. (Any reader who has a suggestion for a less drastic way to fix his problem please feel free to comment or recommend a link.)

I recently spent a lot of time rebuilding a Windows XP Media Center edition machine. Right after installing the OS I installed MS Security Essentials and ran the requisite updates. Followed by all MS patches, then application installs etc. Within a few weeks of setting it back up and letting my users (my mother and my sister) use the machine, presumably surfing the way the always had before, the machine has contracted something that I cannot get rid of. Spent hours on remote control, then walking someone through trying to clean it. I don't know if MSSE was at fault, but it was "on duty" when all this occurred. When I had Comodo Security Suite running on that machine I never had that problem. For years. So I'm not sure what conclusions to draw, but on their PC I won't be running MSSE any more, if we can get it running again.

Open up the Task Manager (right click in the toolbar) and get the Processes tab. Sort by CPU usage (Click on the CPU column once to get it sort by CPU usage in ascending order, then click again to get it sorted in descending order): you should be able to see whether MsMpEng.exe or msesec.exe is consuming all the CPU.

If it is not one of those .exe, then probably you have a different problem, perhaps a virus of some kind. Try to end the process that is sucking up the CPU.

I recommend you run Malwarebytes.org free tool to check whether there is an infection. (I don't have a recommendation for which real-time security software to run, sorry.) I also recommend avoiding MS Ootlook and IE: I am sure both are excellent products but they have long been targets of malware. (Use Firefox or Chrome or Opera for the browser.)

Yesterday while on a google search I suddenly was receiving a series of warnings that I had "virus" on my new laptop. I had been using Microsoft Essentials since I bought it 3 months ago, with no problems prior. I was up to date on my definitions and had run a scan a few days prior. I was infected with a trojan virus called Security Master AV. It looks like an antivirus program....it isn't. It got thr0ugh Essentials and I had to buy another virus program to get rid of it. Essentials is now a thing of the past for me.

Hmmmmmm, I had issues with high CPU usage with, I suspect, Windows Defender. The SVCHOST process sucking my CPU had Windows Defender as one of the services running. I disabled WD, my PC ran fine with no spikes in CPU for an extended period, when re-enabled the spikes occurred again.
I saw a recommendation for MS Security Essentials, downloaded and installed, and did not see the same issues, except for an occasional spike, for a few minutes (assuming other MS background processes where running).
AS of now, I have no issues. However, I was recently infected with some tracking virus that Norton caught, but no messages from MS Security Essentials (Hmm, does it even catch anything?).
Any comments?

Arnie: I have been thinking about it more. I was running a quite old PC: 2.4M Pentium. It is possible, I suppose, that what are occasional spikes on a fast PC is 100% most of the time on a slow PC. Whatever the cause, something is screwy.

I am happy that you found one that works. I don't expect that a free-beer tool from a closed source company will be as good as a paid version or an open source version. (However, there should be no need for these things in the first place!)

I have lost a computer once in an office with quite stong AV protection: the actual PC had to be abandoned (actually, I moved it to Linux) because the AV software could not detect any virus, bt it certainly had one. None of the tools are perfect, because they are reacting to threats. The BSD method (which MS is slowly implementing) of making sure the original code has no vulnerabilities by design is looking very good.

But the usual advice applies: keep backups of anything important.

When i installed Microsoft Essentials Security, it said that i should'nt have any other antivirus so i uninstalled AVG. This was about 6 months ago. All was fine. I reinstalled AVG and put it through a scan, i had 6 virus's all to do with 'essentials' so i have uninstalled it and am staying with AVG.

News Topics

Recommended for You

Got a Question?