MSMPENG.EXE, TrustedInstaller.exe, SearchIndexer and SLSVC.EXE at 100% CPU on my Vista Machines

May 29, 2007 Comment on this post [44] Posted in Musings | Tools
UPDATE: Looks like this bug has been fixed in Vista Service Pack 1 (SP1). I've upgraded and I've not seen this issue again.

I give Microsoft a lot of credit for the work all their bloggers do to increase the transparency of their business. Specifically the developers and folks in the developer division (devdiv) do a great job of letting us know what's up, especially when things are wrong.

However, when I have a problem, and I Google and Google...

(and sometimes find myself - that's always disheartening when you Google for a problem, find yourself, then at that moment realize that not only have you had this problem before, but you're still screwed.)

and find a huge number of folks "suffering" on blogs, on Usenet, in Forums with some similar problem, and nary a Microsoft blogger or MVP in sight.

Try Googling for any subset of these words "MSMPENG.EXE, TrustedInstaller.exe and SLSVC.EXE at 100% CPU on Vista Machines" and you'll discover a mass of pained and screaming Vista users, yearning for a HotFix.

When I see things like this, I think "If I worked for Microsoft, fixing this problem could be a HUGE opportunity." This isn't a small problem, if Google has anything to say about it, but rather something is really sick somewhere.

I've had a pretty decent Vista experience, recognizing that I'm an Early Adopter. Early Betas hurt me, and an RC1 or two destroyed a machine or two, but after release (RTM) including installation and day to day use, my experience has been nice. My wife, my mom, and myself all run Vista. I also got OneCare for the whole family, having had nice experiences as a Beta Tester.

Now, in the last month, on EVERY Vista Machine I have, from a slow AMD K5 my wife runs, to a Toshiba m200 Tablet, an IBM T60, and a home-built monster, has suffered with these issues. All of them, every machine and every issue:

  • MSMPENG.EXE - Some say this is Windows Defender, others say it's the OneCare AntiVirus. SysInternals ProcMon says it's constantly going over totally innocuous files over and over again. Note that I've turned off both OneCare and Defender on these machines. (Not sure why there's two apps?) This process just won't stop sucking the life from my machines. Things are SO slow, especially when the process hits a 4 gig ISO or 12 gig VM Disk Image.
  • TrustedInstaller.exe - This application has such a suspicious name I immediately started Googling around thinking I was infected with some evil Trojan. I mean, "TrustedInstaller.exe"? Seriously, like I'm going to see this in Taskman and say to myself, "oh, as long as it's TRUSTED." This process starts up seemingly randomly, even when I'm not installing things. It runs for 10 minutes or so, then disappears. I fear it. I fear iTunes on Vista more, but this one is pretty bad also.
  • SLSVC.EXE - The Software Licensing Service. I guess it licenses software, or hands out licenses, but there's no telling when it'll pop up, churn for an hour, then leave.
  • SearchIndexer.exe and friends - These guys just won't stop. There's usually 3 or 4 of them going all at once, but I still have to wait for a count of one-one-thousand, two-one-thousand, three-one-thousand, four-one-thousand before Search Results come back.

I don't like having to run my Operating System with Taskman constantly open because I no longer trust background processes. I'd like someone at Microsoft who works on one of these apps, help me understand what crazy edge case I've hit on every machine I own and how I can make it stop. I mean this not as a troll, and if you read my blog, you know I never blog bile, but I'm really interested in figuring out what's up.

What process is currently sucking up YOUR CPU? (Mac and Linux folks are welcome to join in, as I run TOP in a Terminal constantly on my Macs also.)

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

May 29, 2007 11:07
Vista, Itunes and the indexing service. Apparentely it's to do with itunes using xml files for storage and as these a constantely changing due to an ipod sync, the search service goes nutso (thats the proper term).

More info here.

I've turned off the indexing service.

May 29, 2007 11:25
Works on my machine.

But Vista is tons better if you disable all the background crap (Defender, System Restore, etc.). Personally I think we need anti-anti-virus software, it's the #1 destroyer of system performance on the planet.
May 29, 2007 11:38
I recently had my XP box freezing a couple of minutes after start-up (freeze followed an svchost.exe crash).

Turned out it was a bug in the Windows Updates service. Just delete its cache dir (%windir%\SoftwareDistribution) and you're solved (Quick! It's gonna freeze soon! Or boot in Safe Mode).

Oh, and about Jeff's note regarding anti-virus: When neighbours and friends complain that their computer is soooo slooow, the first thing I do is uninstall their Norton AntiVirus (and replace it by something else). That's how I've become known as The Living God in my neighbourhood :-D
May 29, 2007 11:53
I tend to disable Defender and OneCare as well as turn off lots of services. I don't have a comprehensive list. Trusted Installer is particularly nasty (as in earlier builds when it was just destroying SIDs). Any chance you could eliminate some directories that are indexed? I am pretty careful about what is indexed and where I put VM's, Music and Videos are specifically turned off. My guess would be a mix of indexing the entire machine + IPod service (I don't own an IPod and have choosen never to install iTunes ever's why: iTunes No More.
May 29, 2007 12:01
> the first thing I do is uninstall their Norton AntiVirus (and replace it by something else)

In response to Scott:
Until recently, I used to install AVG Free Edition on their computers.
But I'll have to find something else (unless they are ready to pay) since GriSoft recently discontinued their Free Edition :-(
(As far as I'm concerned, I purchased an AVG license for each computer in the house. The discount on 2-years license + small quantity makes it a good deal IMO).
May 29, 2007 12:27
Serge: It doesn't look like AVG Free has gone away. Do you have a link to some evidence?
May 29, 2007 12:34
Maybe he means he can't get AVG Free for x64 machines. I think they see that as indication you're a professional user.
May 29, 2007 12:58
Same experiences here, except I haven't seen the MSMPENG.EXE and SLSVS.EXE, but both SeachIndexer and TrustedInstaller - ended up turning the indexing off all together. Besides those two the SVCHOST.EXE (when running Performance Monitor it is "subcategorized" as secsvcs) hogs up my CPU as well. Pretty damn annoying.
May 29, 2007 13:11

When I was an AVG Free user, I've received lots of warnings (during daily AGV updates) that the product was about to be discontinued on Feb 15, 2007 (IIRC). On one of the home computers that we use less, I even had a "Product discontinued. No more updates." kind of message the 1st time I switched it on after that date.

Wait, I just checked It does indeed look like the product is still there. WTF!?
May 29, 2007 13:14
Dont forget the unzipping of files
May 29, 2007 14:21
And also copying files over the network........really slow.
May 29, 2007 14:23
AVG anti-virus free edision (v7.5) is still available. They discontinued previous version sometime earlier this year.
May 29, 2007 15:21
In my experience (3 seperate machines) OneCare is the killer. It seems nice on the surface, but as soon as I installed it I started encountering the problem you describe, and as soon as I uninstalled it and went with Avast Antivirus (also free), the problem went away across the board.
May 29, 2007 16:18
Scott --

On your Mac, have you used GeekTool? Among other things, you can use it to show the output from top on your desktop.

Another nice (and unobtrusive) Mac system monitoring tool is MenuMeters.
May 29, 2007 16:47
I've had the MSMPENG.EXE problem on 4 PCs and it was due to Live OneCare.
It was due to some auto-scanning. I changed the settings so it runs once a week (the largest interval) on Sunday when I don't use my work PC. When I open the PC on Monday, the first thing I do will be to open OneCare and cancel the scan.
Seems you cannot avoid it wanting to scan at least a week. Very annoying.
May 29, 2007 17:03
When I installed Mac OS X 10.4.8 update in September 2006, the built-in airport process started consuming 100% CPU on wake from sleep. Turns out Apple had changed the way WiFi connections were acquired for tighter security and it broke a lot of VPN software, but only if you remembered preferred WiFi networks as is the default. Apple created a support article and said it was on the 3rd party VPN software makers to update their bits. It took CheckPoint 8 months to release a new build of their software which fixed the problem. You can read the whole tale here:
May 29, 2007 17:52
If you're a SideBar user and haven't seen TopProcess yet, check it out. Very handy display of the top CPU users on the system.
May 29, 2007 18:15
I've had the same problem of 100% cpu usage, however, it was related to Powerchute software from APC. I have noticed upon return from standby or hibernation the CPU usage went to 100%. When I disabled the APC service, the system began to respond again and dropped from 100% utilization to around the usual 4%.
May 29, 2007 19:30
Hmm, perhaps we need a "CPU Hog Hall of Shame" web site so that if MS or ISVs aren't responsive in getting these issues fixed in a timely manner we could at least shame them into it at some point. :-)
May 29, 2007 20:16
Did you consider running good old "strings" on these commands? I don't know the windows tool to do this, but I keep a copy of strings and cygwin around for trying to figure out just what unknown exe files are.

Sounds like you have some good answers, but next time, try running strings on the unknown exe and see what interesting information you can find.
May 29, 2007 20:16
I was going to make a (probably lame) joke about System Idle Process sucking up my CPU cycles, but Jeff Atwood beat me to it.

Seriously though... Norton gets my WTF award. When I did tech support for a Web hosting company, there were so many email problems caused by Norton updates.
May 29, 2007 20:27
I've had a similar problem with OneCare continually grabbing all CPU time on my wife's Vaio running WInXP. Disabling the Windows Update feature quite neatly fixed that. And when the 90 day trial runs out, I'll switch her over to AVG and switch updates back on.
May 29, 2007 20:39
And also copying files over the network........really slow.

Wessam - Ya, I've noticed that file copying on the network is incredibly slow on Vista. Copying from a removeable media is also very slow. Strange.
May 29, 2007 20:50
I also have experienced occasional problems with APC's Powerchute software. It completely sucks up all CPU cycles until you kill the process. The only thing I can associate it with is if there's a longer brownout/blackout and the machine is on battery backup for 4+ minutes.

I tossed Live OneCare two days after installing: I hated being reminded to backup when I have Acronis TrueImage doing all my backups already (and no way to turn it off). And the CPU cycles when it would go into a scan!!!

And Windows Defender is long gone too. I currently just run ClamWin so that I have antivirus conveniently available for any manual scans I wish to do.
May 29, 2007 20:54
I've had the 100% CPU usage problem before on 2 occasions:

1.) I installed Toshiba's Utilities for Vista on my M200 (not technically supported) and that spawned a whole bunch of different processes and peaked my CPU most of the time.

2.) OneCare. This was on XP but it still was a resource hog.

I'm running Vista on my M200 now and it idles at about 3% CPU usage (with sidebar and all the default apps that start up with Vista).

Hope you can sort it out!
May 29, 2007 20:57

From the reviews I have seen, the Windows built-in anti spyware and anti virus (Defener, OnceCare..etc) get one of the lowest ratings because they catch fewer malware than the commercial ones. If these are also causing stability issues, I would disable them.

A little offtopic:
when I download a suspecious file, I run it in a sandbox first using the free Sandboxie and see what it did. It's more practical than using a virtual machine. In a VM, you're not sure what the thing did to your system and what files were installed. There's also a commercial prodyc called Buffer Zone pro.
May 29, 2007 22:52
The biggest offenders on my notebook running Windows XP are Windows Desktop Search, Outlook 2003, Trend Micro PC-cillin, and occasionally Windows Explorer. I've noticed several instances in which Windows Desktop Search apparently rebuilds a major part of its index (e.g. indexing 5,000 to 10,000 files for some unknown reason) and "Snooze Indexing" just doesn't work--it continues indexing in the background anyway. Once or twice I've seen this triggered when using Fast User Switching, but most of the time Windows XP is sitting idle when Windows Desktop Search suddenly decides it wants to take over.

I think Outlook 2003 is broken in a serious way when connecting to Exchange Server. When I disconnect the network cable to carry my notebook to a conference room, Outlook 2003 becomes very slow and won't relinquish its connection to Exchange Server (e.g. it attempts to connect, can't find a network connection, and hangs for several minutes). This isn't exactly 100% CPU usage, but the computer becomes sluggish when it happens. I may install Office 2007 after I finish my last college course in a few weeks and get part of my life back.

I haven't been happy with PC-cillin for several reason and my license expires in a few days, so let's just say it's going away soon. Any advice on good antivirus and firewall software? I've already tried Windows Live OneCare and wasn't quite happy with it (notably its inadequate support of limited user accounts on Windows XP).

Windows Explorer is the one oddball in the bunch because when it goes south for the count it takes the entire system with it--desktop and all. The only way I've ever recovered from Windows Explorer using 100% CPU time is by turning off my notebook.
May 30, 2007 0:35

TrustedInstaller is also used by Automatic Updates, if I remember correctly. That might be causing the "bursts" of high CPU usage. I have been having a problem lately on my older machine (an XP box) and Microsoft Update using 100% to the point of absurdity... it's only a 1 GHz P3 CPU, and it brings the computer to it's knees just to check for Windows & Office updates. Yes, I've deleted the update cache like the other commenter says. No joy.

As far as copying files over the network being slow... have you tried disabling Windows Firewall? If you've got a Gigabit network, it can take quite a bit CPU time to process all packets through the firewall. Kind of lame, but whatever. That trick worked for me in XP, at least. Might need some further tweaks with Vista's new networking stack/features. Or it might just be a bug.
May 30, 2007 3:20
I've had these same problems with GoogleDeskop (Windows XP).
This little tool ( "solves" the problem. Well, at least it keeps GDS wild behavior under control.
Not sure if it works on Vista.
May 30, 2007 5:45
Well, I tried and tried with Vista on a brand new Dell XPS M1210 laptop (preloaded with Vista Home Premium, updated to Vista Ultimate). Nothing I did helped: every now and then, usually at the most important times, I would get 100% CPU for hours at a time. The whole sorry saga can be read on my website - and yes I'd disabled Windows Defender, the Indexing Service, and any other service I could get away with, and had no anti-virus, trusting to UAC - but in the end I ordered a new SATA drive and installed XP on it. I was even beginning to think it was the hardware, but have had no problems with XP. One day, after Vista SP1 is released, perhaps, I'll try it again with the old saved drive.
May 30, 2007 7:54
I just wish Microsoft would stop being innovative for about 24 months so they could focus on fixing their current software before releasing a new version that has a whole new list of issues.

Its a perpetual cycle and no end in sight.

May 30, 2007 22:58
I amazed that so many of you are happy with Vista even while suffering through all this stuff. I used for a few months just to be sure then went back to XP. There were so many things that were insanely slow, like copying files over a network or right-clicking on certain files or folders. After a few days I turned off Aero as a distraction and would have turned off most of the animations if I had kept using Vista. The only thing I really missed was the new Start menu, until I found the Colibri menu thingy. Oh well, good luck with these issues :-)

One small note on antivirus, I recently switched to Kaspersky Internet Security and have had a great experience with it. Just make sure you run it in the "basic" mode rather than the "advanced" mode - just trust me on that :-)
May 31, 2007 6:05
Oh if only I could open task manager to see the process that causes Vista to freeze. About every 10 to 20 minutes my machine stops to "think". The mouse can move, but pretty much everything else becomes unresponsive. Visual Studio throughs up the nice "waiting" icon to tell me that my machine is not ready to accept my keystrokes. Usually these "thinking" sessions only last about 30 seconds, but it totally ruins the whole experience and makes me dread the day I upgraded to Vista.
June 01, 2007 1:12
If you disable SLsvc.exe you also disable Ready Boost....which is not good
June 01, 2007 5:39
I see the TrustedInstaller.exe CPU hogging problem on one of my machines. Like the other commenters, I believe this is related to scanning for Windows Updates. I also wonder if the problem is similar to the 927891 issue with Windows XP. I'm frustrated that I haven't been able to solve this problem.

I also wrote an article that describes how ReadyBoost actually slows your machine down substantially on every restart and wake cycle. The short version is that ReadyBoost rewrites your USB drive's entire cache on every restart and wake, causing a big performance penalty while the file is rewritten.
June 04, 2007 15:13
I'd like to say, that as a Mac user, I never experience thrashing. However, that simply isn't the case.

Beach balls of death, anyone?

In no particular order:

iTunes - I have no idea why, in this day and age, it still needs 10-15% CPU, when performing purely decoding/playback, on the 2.33GHz Core 2 Duo I have in my MacBook. I don't like WMP much, but at least on the performance side of things, it feels less like a pig.

Safari/Firefox/IE7 - Does inexplicable waits, and then a sudden barrage of fast loading come part and parcel with "Web 2.0" browsers? I'd love to know what's going on during the "thinking, please wait" delays I with all of these browsers.
June 06, 2007 5:26
Well, let me crash the party as well ;)

I googled AVG Trustedinstaller.exe and this was the first page that came up.

I searched the above combo because I never had a problem with Trustedinstaller.exe UNTIL I put the latest AVG on my system the other day. TrustedInstaller.exe has only been appearing after AVG does an update (and speaking of updates, since when are we required to reboot after a definition updated in AVG? Very annoying...happens everytime). frustrated 2 cents :)
June 15, 2007 9:54
I was stumped because I had the problem of 100% CPU cycle consumption, and nothing seemed to work. Until I decided to change my power setting to 'Balanced'. Since then, I have had a fairly good mix of CPU consumption - no wild swinging of System Idle Process from 80% to 40%. Just my penny's worth of contribution.
June 20, 2007 12:12
I am using an IBM Z60t with Vista and every time I plug into the ethernet my CPU jumps from 6% to 90-100%. As soon as I unplug, it drops back down. I've tried stopping the various services mentioned here, but nothing works. I am a day or two away from going back to XP.
July 06, 2007 6:15
I'm having a horrible time with Vista munching up my CPU and I really regret installing it by now. I have a pretty fast dual-core machine, and for the last few weeks I've had explorer.exe at 100% on one of the cores and avgw.exe at 100% on the other one (and no, AVG is not running a scan at the time, just mysteriously hogging CPU). I'm a few days from just wiping out my hard drive and starting from scratch on XP.
July 17, 2007 1:52
Me too I have this ressource hog issue. I didn't install any custom firewall or anti-virus just like I used to do in WinXP to keep maximum performance. But now sometimes I see that "TrustedInstaller.exe" coming out of nowhere and eating like 80-100% of the CPU until I close it manualy. It's really annoying and so many people seem to have this problem. I can't believe Microsoft didn't fix it yet. They should bother fixing important things instead of security flaws/minor bug at happen at 0.001% of users.

Oh well now I know at least that I'm not the only guy having this issue and that it's not some kind of virus lol.
July 19, 2007 3:07
On those 3 apps - go to task manager - find the app - right click and set the priority to low on each one.
Let me know if it works on your machine - so far mine seems a liitle better.
July 24, 2007 12:36
Get a Mac! Me too having this same problem. And its worst when I'm running a high definition movie and it suddenly starts to frame. Then I got to get up and open task manager, close the shit and get back to the movie. Its embarassing especially when friends are over.

Thank god I use a Mac for my professional work...
July 27, 2007 0:09
Have bought a brandnew laptop with 1.8 Turion and 2GB memory, and have the same "trustedInstaller" issues where taking up approx. 50% CPU and 200 megs memory, even with the "preinstalled" installation. Did a full "recovery" (preinstalled software, don't like it but saves a hell of a lot of time) four times now. Did remove "unwanted"stuff like NOF 2007 (did not get a new laptop to be forced to use a trial version of this software). Still hard disk drive LED is flashing continuesly and absolute poor system performance while this process is running. Have had issues like d: partition fully inaccesable even for administrator after a user without admin rights tried to write anything to it (never had this crap in XP...). Today even a blue screen while performing windows update (didn't expect to get a blue screen this easily in Vista). Wonder if AVG has something to do with it, have it running also and I can see that a lot of people with issues use it, but that might be just a coincidence. Lots of work still to do on Vista to get it somewhat more stable if you ask me.

