On April 4th, Microsoft released an update for its Microsoft Defender antivirus engine, finally resolving a bug that has impacted Firefox browser performance for over five years, according to engineers from the Mozilla Foundation.
The issue was first discovered by users in May 2018, and although it was reported on Bugzilla, it remained unresolved for an extended period. Firefox engineers spent considerable time investigating the problem and eventually narrowed it down to an issue within the Microsoft Defender antivirus engine.
Specifically, the problem lies in the Antimalware Service Executable (MsMpEng.exe) that comes with Microsoft Defender. This service is responsible for providing real-time protection, scanning, and updating the virus definitions. Due to permissions, users cannot directly kill the corresponding process in Task Manager.
When Firefox is running, MsMpEng.exe accesses sechost.dll and runs ProcessTrace to generate Windows event tracing for processes. However, when using Firefox, ProcessTrace generates significantly more event tracing than with other processes, causing CPU usage to be five times higher than normal.
This issue does not affect other browsers like Chrome or Microsoft Edge, and is specific to Firefox. As a result, users may notice high CPU usage by the Antimalware Service Executable in Task Manager when using Firefox. On low-spec laptops, this may even cause a noticeable increase in fan speed and noise.
After Firefox engineers confirmed the issue and reported it to Microsoft, the company released an update on April 4th to address the problem. The update has been automatically pushed to Windows 10 and Windows 11.
The top half of the image shows high CPU usage by MsMpEng.exe (in red) when using Firefox before the fix.
The bottom half of the image displays a significant reduction in red (high CPU usage) for MsMpEng.exe after the fix.
The fixed version is Microsoft Defender Engine Version 1.1.20200.4, and Antimalware Client Version 4.18.2302.x (to be released on April 11, 2023).
Note: The Beta version received an update to 4.18.2302.7, while the official release channel will have to wait until April 11th.
Firefox engineers are also investigating similar issues with other security software. If additional problems are discovered, they will be addressed in future updates.
Additionally, the Antimalware Service Executable often consumes substantial CPU resources during startup and while using other software. This issue, specific to Microsoft Defender, should not occur when the service is not performing a system scan. Microsoft will need to continue optimizing its software to address such concerns.