none
The last MsMpEng.exe

    Question

  • I'll ask it as straightly and simply as possible..

    Is there anybody who knows how to STOP the MsMpEng.exe process?

    PLEASE, I beg of you, don't ask me why in the world I'd want to do that or explain me what is the purpose of MsMpEng or tell me that as long as it doesn't eat 10Gb of RAM and 100% of CPU usage is as fine as it should be. I just want to know, out of human curiosity, if there is a way to KILL the process at will, or either not LET IT START with Windows and set it to manual.

    I know its purpose is good, I know it comes with either MSE or WDefender (I have only the last one, disabled btw), I know that being not able to normally kill it is how it should be (MSConfig doesn't work, Services Manager doesn't work either, all greyed out), I just want to know how to do this.

    The best would be to have a way to manually stop it (or prevent it) and then be able to restart it whenever I'd want to, but ComboFix is fine to me too, if there is not another way. EVERY solution to do such is much, much appreciated.

    Thanks!

    EDIT: I also know this question has been asked many, many times before.. I'm extremely sorry to annoy you, but found NO solution whatsoever. ^^
    • Edited by Banderi Monday, June 10, 2013 2:19 PM
    Monday, June 10, 2013 2:15 PM

All replies

  • 1. Make script containing file taskmgr.exe

    2. Configure Scheduled task that starts this script interactively and with system account.

    3. When script starts kill the process you want.

    Regards

    Milos

    Tuesday, June 11, 2013 6:36 PM
  • Uhmm, by script I guess you're talking about VBS scripts, right? Or BATCH files?

    Does it just have to plainly run taskmgr.exe? And how do I set the script to run interactively?

    Thank you VERY very much for your help!

    Tuesday, June 11, 2013 11:16 PM
  • 1. It is very simple. bat or cmd script contains one row

    c:\Windows\System32\taskmgr.exe

    You can write vbs script, but there is no reason for doing it.

    Use elevated/priviledged and interactive parameters.

    2. Change user to SYSTEM

    3. Do not click Hidden

    4. Run with higher proviledges

    5. Give your task any name

    6. In trigger set time several minutes ahead of current time

    7. In action browse for script

    Regards

    Milos

    Wednesday, June 12, 2013 8:15 AM
  • Mmm.. How do I set it to interactive? There is no option to do that in the Task Sheduler.. do I have to use AT.exe?
    Wednesday, June 12, 2013 6:54 PM
  • No.3

    Alternatively you can use schtasks.exe

    Regards

    Milos

    Wednesday, June 12, 2013 11:00 PM
  • Doesn't work.. tried with schtasks.exe to make the process visible but the privilege is not high enough. I also tried to mess around with permissions or to use PSExec instead to do the trick, but it still is not enough, even with SYSTEM account.

    Oh well, I guess I'll use ComboFix, after all xD Or maybe Linux boot and remove the file manually.

    Thanks for your help!

    Wednesday, June 12, 2013 11:44 PM