Microsoft fixes 5 year old Windows Defender bug that affected Firefox's performance
Microsoft has fixed a bug in Windows Defender that was leading to high CPU usage when Firefox was open. It only took the company 5 years to fix the issue.
Windows Defender bug was causing high CPU usage in Firefox
When Firefox was running, Windows Defender's Antimalware Service Executable would act up, causing its CPU Usage to rise significantly. Many users said that the performance was so bad that their PCs would lag when using the browser. Some people had compared the performance with other browsers such as Chrome and Edge, and found that it didn't affect them, the bug was limited to Firefox. The issue had been reported on Bugzilla 5 years ago (May 2018). That means it was not restricted to Windows 11, it also affected Windows 10.
Mozilla's engineers narrowed down the issue to the Antimalware Service Executable, which is Msmpeng.exe (Microsoft Malware Protection Engine). They discovered that the executable was accessing sechost.dll to run ProcessTrace, i.e. it was processing ETW (Event Tracing for Windows) from other processes. Essentially, it was generating way too many ETW events than normal, and was using 5 times more CPU power to do this with Firefox as compared with Chrome and other browsers.
Further investigations shed light on the root cause, Windows Defender's real-time protection was invoking VirtualProtect several times. Mozilla's engineers worked with Microsoft's team to solve the problem. They came to the conclusion that the calls to VirtualProtect were abnormally high, which in turn caused the performance issue. Mozilla's team pointed out that disabling JIT (in about:config) mitigated the problem, but didn't solve the CPU usage issue completely. The bug was later addressed by Microsoft, when it released a beta version of Defender's engine (1.1.20200.2). The fix has been tested for a while, and has now been pushed to the stable channel of the antivirus definitions.
According to a comparison graph shared by a Mozilla engineer, Yannis Juglaret, the fix has a huge impact on the system's performance. There's nearly a 75% improvement, or should I say a 75% reduction in the CPU usage.
You don't need to do anything, the bug has been patched in the March 2023 update that was released on April 4th. It bumps the app's version number to 4.18.2302.x, and patches the Engine to version 1.1.20200.4. To be more specific, that is the version number of the mpengine.dll file. The fix is also being deployed for Windows 7 and 8.1 users, even though they were not affected by the problem.
How to check if you have the latest version of the DLL? Go to the following folder, C:\ProgramData\Microsoft\Windows Defender\Definition Updates. It should have a folder with a long alphanumeric name, open it, and right-click on mpengine.dll. Select Properties and switch to the Details tab, and check the product version. It should say 1.1.20200.4.
Image credit: Bugzilla
It is worth noting that this patch only applies to Windows Defender, and not other antivirus programs, but some users have reported a similar issue with other security software such as Norton Antivirus. Mozilla is already working on more improvements to patch the issue with other security applications. (Refer: 1 and 2)
Have you noticed a similar issue on your PC? Did the update fix the issue?Advertisement