Microsoft Defender for Endpoint is apparently causing a couple of major problems for some client systems on Windows 10 20H2. The report comes from Borncity which says it has been observing these issues for nearly a month.
Here is a list of problems the site reports that Defender for Endpoint is causing:
- Very high memory usage
- Black screen issue after logging in (two minutes delay or more)
- Word 2016 and newer fails to open or takes a very long time to open
- Windows Event Viewer takes a long time to show events (both remote as well as local)
The high memory usage issue is likely being caused by a memory leak bug. The problem is apparently not new and Microsoft had fixed the issue once earlier (via Reddit). The company states that the issue started with signature build 1.363.177.0 (via Jay on Twitter). However, the bug has apparently returned and it looks like the earlier resolution may have been a temporary one only.
The high memory usage by Defender's "Antimalware Service Executable" process (MsMpEng.exe) is a quite common bug and sometimes a temporary workaround to reduce the memory consumption is to disable the Real-time Protection.