This article is more than 1 year old

Microsoft deigns to fix five-year-old Defender bug that slowed Firefox

Windows giant would never try to get an unfair Edge over rival, surely

After five years, Microsoft has addressed a bug in its Windows Defender antivirus software that led to high CPU usage and wasted electricity for users of Mozilla's Firefox web browser.

Back on February 28, 2018, Markus Jaritz, a design manager for Firefox, filed a bug report with Mozilla about excessive CPU utilization arising from the interaction of Firefox and Windows Defender.

"I noticed that for some time now most of the time Firefox is active, the Windows 10 built in 'Antimalware Service Executable' is using well above 30 percent of my CPU, and is reading and writing random files in 'Windows/Temp', all starting with 'etilqs_'.

"This is considerably slowing me down and makes Firefox feel really slow."

Subsequent tests conducted by Jaritz indicated that Defender's Antimalware Service Executable (MsMpEng.exe, or Microsoft Malware Protection Engine) made more computational demands on Firefox than on Chrome.

Over the next few months, MsMpEng.exe became the focus of the discussion for creating and writing too many etilqs files – temporary sqlite files. The problem was also noted on Reddit around that time and in Microsoft's support forum where the suggested workaround was disabling Windows Defender real-time protection.

In August of that year, Firefox engineer Marco Castelluccio observed that Microsoft was aware of the issue and said he had contacted the Windows biz again as a reminder that Firefox users were still having problems.

Then nothing. Years literally passed and Firefox on Windows continued frittering away CPU cycles when Defender was active - until last month.

In March, Yannis Juglaret, senior software engineer at Mozilla, looked into the issue and identified what was going on.

"There is a serious performance issue in the current version of MsMpEng.exe, which I was able to pinpoint using the WPR [Windows Performance Recorder] profiles from comment 78 and some debugging," he wrote. "We have reported the details to Microsoft, and they have acknowledged it.

"This performance issue makes calls to VirtualProtect (among other things) unreasonably expensive on Windows platforms when Windows Defender's Real-time Protection feature is active (the unreasonably expensive computations execute in the MsMpEng.exe process)."

Microsoft, which touts its own Chromium-based browser Edge to rival Firefox, patched the bug in its March 2023 Defender update, which was released on April 4 for the Defender engine and April 11 on the platform as a whole.

Redmond did not immediately respond to a request to explain why repairs took so long.

The fix means that MsMpEng.exe will be less demanding of CPU resources for monitoring programs in real-time using Event Tracing for Windows – for any application.

"We expect that on all these computers, MsMpEng.exe will consume around 75 percent less CPU than it did before when it is monitoring Firefox," he wrote.

But that's only half the battle because Microsoft's bug was aggravated by Firefox design decisions.

Juglaret in subsequent posts explains that Firefox was affected more than other applications because it makes heavy use of Windows' VirtualProtectEx function. So he opened a bug report to "Reduce the CPU usage of antivirus software on Windows when Firefox is running."

With any luck, Mozilla engineers will be able to close this bug report in less than half a decade. ®

More about


Send us news

Other stories you might like