Windows Defender is reportedly affecting the performance of Intel CPUs, but there's a fix

Jun 28, 2022
Windows 11 News

Kevin Glynn, the developer of popular tools like ThrottleStop and RealTemp has discovered a bug in Windows Defender that was causing it to consume more system resources than was required. He has also released a new app that fixes this problem.

Windows Defender is reportedly affecting the performance of Intel CPUs, but there's a fix

Windows Defender consumes more resources on Intel CPUs

Antivirus programs are constantly scanning your system for unusual activity to prevent malware from impacting your system. That's normal, and Windows Defender is no exception to this.

But there's more to it than meets the eye. A screenshot shared by Techpowerup shows that Defender used about 4% of the CPU while CineBench was running, and some benchmark comparisons resulted in a 6% loss because the antivirus was using excessive resources. It uses these for the Real-time Protection notifications.

Windows defender uses more system resources on Intel CPUs

Computer processors have special registers called hardware performance counters. Techpowerup's report mentions that Windows Defender uses all possible hardware performance counters, including the fixed function counters in Intel processors.

These counters can run in one of 4 possible modes:

  • Disabled
  • OS (ring-0)
  • User (ring >0)
  • All-Ring levels

Windows Defender sets these counters to mode 2 at random intervals for an unspecified amount of time. This can happen anytime, at start up or during normal usage. The problem is that this starts chewing up CPU usage, which leaves fewer resources for other programs.

Interestingly, AMD CPUs are not affected by this issue.

The value of these performance counters are set to mode 3 or All-Ring levels, when you run system monitoring tools such as including ThrottleStop, HWinfo to name a few. When Windows Defender detects a change in the counter, it will not reset it, which also ensures your computer runs at maximum efficiency.

Now, you can't have system tools running all the time. So, how do we fix this issue?

Counter Control and ThrottleStop 9.5

Say hello to a new app called Counter Control. This application, also made by Glynn, fixes the performance impact of Windows Defender. How does it do that? It  monitors and logs the IA32_FIXED_CTR_CTRL register located at MSR 0x38D. It not only reports whether Defender is impacting your system's performance, but also provides a way to set the counter to mode 3. The best part is that this does not affect the antivirus capabilities of Windows Defender, so your computer's security is not comprosmised.

How can I check if my Intel computer is affected?

Download Counter Control and run it, it's a portable software. The utility supports most Intel CPUs that have been released since 2008.

If you see the code 0x222 in the app's GUI, it means that Windows Defender is using up CPU cycles needlessly to gain control of the counter. Here is a screenshot that I took that highlights the status.

Counter Control

Click the Reset Counters button in the app, and the code will change to 0x330, which indicates that everything is normal. That's it.

Fix windows defender performance with Counter Control

Do I need to run Counter Control every time I start my computer? Yes, you will need to run it and click on Reset Counters when your PC restarts. This is necessary since Windows Defender randomly starts using up the counters.

Windows Defender Boost ThrottleStop 9.5

Alternatively, you can use ThrottleStop 9.5 for fixing the performance issue. The latest update for the popular undervolting app, introduces a new feature called Windows Defender Boost. Enable this option, and run the app when you start the computer. This is essentially the same as using Counter Control, but if you're already using ThrottleStop to undervolt your laptop, then this saves you an additional click.

Windows Defender is reportedly affecting the performance of Intel CPUs
Article Name
Windows Defender is reportedly affecting the performance of Intel CPUs
Windows Defender can affect the performance of Intel CPUs. Here's how you can fix it.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. DjBenny said on July 8, 2022 at 11:32 am

    Thank You Very Very Much For This Info…! ;)

  2. Yournicknamehere said on July 2, 2022 at 11:40 pm

    I’m IT admin in company with almost 2,5k devices placed across the world and I can honestly say that Defender makes really good work.
    Yes it consumes lot of resources sometimes (mostly when any executables comes from outside domain network or process is being initiated remotely) but
    a) only until it finish ensuring that income data is safe, then uses minimal amount of cpu in background monitor.
    b) It’s better to wait longer every installation, deployment or sync than exposure sensitive data on public or being forced to pay milions $ for your data decryption

    It’s also in Microsoft interests to provide best performance for their customers but they’re also responsible to provide same quality protection too. Defender helps keep us all devices and cloud stored data safe all the time by wide range of automatization possibilities including automatic threat remediation, isolating corrupted users account’s and devices and more.

    You just simply don’t know what it actually does until you’re able to see “back-end”, well in case of Enterprise solution at least.

  3. Leland said on July 1, 2022 at 9:27 pm

    My home laptop shows Unkown 0xBBB The Reset Counters seems to do nothing. Any thoughts on why? It’s a sixth generation Core i5-6200U.

  4. Anonymous said on July 1, 2022 at 3:35 am

    If it says: “Not Used” + 0x000 .
    Can I then ignore this or do I have to click “Reset Counters” (then “Normal” + 0x330 appears)? I think I see a very slight difference, but that can be wishful seeing.

    Thanks for any motivated advice.

    1. Anonymous said on July 28, 2022 at 12:32 pm

      If it’s “Not Used 0x000” then you are not affected by this bug. It only affects Intel CPUs from 8 – 11th gen.

  5. Leo said on June 30, 2022 at 1:52 pm

    What does “Unknown”, “0xBBB” result mean”
    Thinkpad T430 i7

  6. JohnIL said on June 30, 2022 at 1:42 am

    4% resources?? I remember when an Anti-virus program would literally bring some PCs to a standstill while it worked in background.

    1. JPS said on July 1, 2022 at 7:53 am

      I agree — what’s 4%? I too remember when programs would take up way more than 4%. 4%? I have way more things to be concerned about than an antivirus that only uses 4% of resources — please!

  7. HattinGokbori87 said on June 29, 2022 at 5:11 pm

    Avira used to be great. Even it’s free edition was either on par or ahead of paid alternatives when it comes to detection-rate. But it recently “innovated” it’s UI and now comes with loads of crapware.

    1. ShintoPlasm said on July 1, 2022 at 8:42 am

      Let’s not forget that they’ve recently been acquired by Norton/Symantec…

  8. Ray said on June 29, 2022 at 12:04 pm

    I use kaspersky and amd. Never bothered with defender. Kaspersky improved a lot on system usage.

  9. plusminus_ said on June 29, 2022 at 10:32 am

    This is great, thanks. Tried Counter Control and then updated ThrottleStop since I already use it on my laptop. I may need to set up Counter Control on some of the computers at work, hmm…

  10. Redmond HQ said on June 29, 2022 at 4:46 am

    It’s a feature. You’re using your computer wrong. Your processor is not compatible with Defender. This only affects computers that do not use a Microsoft account. Our product is perfect, your computer is ours, you agreed to the EULA. Shut up, peasant.

  11. Anonymous said on June 29, 2022 at 3:28 am

    I switched to Bitdefender Free months ago precisely because of this, background CPU usage + high spikes with Defender that were noticeable that I don’t get using Bitdefender. Turns out it wasn’t just me having issues with it then.

  12. Anonymous said on June 28, 2022 at 11:04 pm

    Not surprising. Windows Defender is the first thing I rip out of all my Window 7 and 10 installs. Useless waste of resources for tech savvy users.

  13. pHROZEN gHOST said on June 28, 2022 at 9:27 pm

    If Microsoft really cared, they’d probably fix this if you asked.

    1. Anonymous said on June 28, 2022 at 11:57 pm

      Why should anyone have to ask? Do Microsoft programmers use pen and paper instead of laptops?
      There will be an executive reason Defender craves power. There is no need to change as long as a bulk of Windows users don’t bother installing an alternative. If it wasn’t for Kaspersky wanting me to remove a couple of programs…

  14. ShintoPlasm said on June 28, 2022 at 8:24 pm

    I’ve thought long and hard about my antimalware tools, and I’ve settled for Sophos Home Premium. It’s a tad heavy on the resources, not the fastest of the bunch (though they’ve made great improvements to what used to be a massive CPU hog), but if it’s good enough for the biggest enterprises then it’s good enough for me. Windows Defender is simply not reliable enough.

    1. Min ho said on June 29, 2022 at 5:02 pm

      If I remember correctly, AV Comparatives stated in it’s 2019 annual report that there was a single piece of third-party antivirus named “Sophos” that was so bad that even the users who don’t use any anti-virus (just preinstalled Defender) were more secure than users who used the paid Sophos. I hope the situation have changed now.

      1. ShintoPlasm said on July 1, 2022 at 8:44 am

        Not really, the 2019 reviews on AV-C actually place Sophos in a pretty decent place near the top. Do note that most antimalware reviewers generally review the Business/Enterprise versions of Sophos and not the Home version, so you should check out reviews in the Enterprise section instead.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.