A performance-sapping conflict between Mozilla Firefox and Microsoft Defender was first discussed on Bugzilla half a decade ago. However, Firefox users can now rejoice, as Mozilla devs and Microsoft worked together to release an update to MsMpEng.exe (a core process of Windows Defender), which is currently being rolled out. Troubled users should notice a significant improvement after the update, with "a ~75% improvement in CPU usage from MsMpEng.exe when browsing with Firefox," according to senior Mozilla software engineer Yannis Juglaret.
So, what has been happening, and why was there an awful interaction between Firefox and Microsoft Defender? Microsoft acknowledged a problem with MsMpEng.exe using too much CPU time when Windows Defender's real-time Protection feature is spurred into action. This change has helped cut the CPU usage observed by Firefox users significantly.
The Firefox app was particularly hard hit by the Microsoft bug, as the browser is said to generate up to 7x more Event Tracing for Windows (ETW) events compared to competitors (Edge, Chrome etc). It sends these ‘VirtualProtect’ calls to the antivirus / anti-malware provider to try and keep the browser safe from harm as it roams the web.
Though Microsoft’s patch of MsMpEng.exe helps a lot, as you can see from the above-quoted figures, Mozilla devs acknowledge that “We should try to reduce the number of events that Firefox generates, which will reduce the CPU usage from [all] AV software.”
With this in mind, it is also worth noting that other AV solutions, like those from Norton, will also consume a lot of CPU time due to the numerous (7x) Firefox calls for monitoring VirtualProtect. Thus, any program that calls VirtualProtect will benefit from Microsoft’s new MsMpEng.exe, not just Firefox.
An “Explosive” Waste of Time
Mozilla’s Juglaret summed up the prior situation most succinctly when he wrote, “This problem has two sides: Microsoft was doing a lot of useless computations upon each event; and we are generating a lot of events.” He then underlined the impact, “The combination is explosive.”
Using more processing power than necessary is a common irritation for computer users. Those using laptops away from a power outlet will want to avoid CPU-eating applications when there are more efficient alternatives. Meanwhile, if the problem is widespread enough and runs long enough, the math is also scary for desktop users. For example, Hacker News forum members have estimated the energy wasted by Microsoft’s MsMpEng.exe, and the 300M+ users of Firefox could have easily eaten up the entire output of an average coal-fired power plant every day...
When you're on the practice field w/ your son, you don't tell him to 'try AND hit the ball'. You tell him to 'try TO hit the ball'.
Microsoft will never change.
And I will probably always cheer for the underdog - I hate monopolies.
It would be pretty silly to slip in a bug affecting anything which make these API calls just to slow down Firefox.
If you think you really need an antivirus – just install a decent 3'd party solution.
While the bug raised was about Defender, any AV that follows the same pattern for getting ETW event details could be affected to some degree.