I had the same problem starting on 29 SEP 2022 and passed two weeks of biggest frustration, could barely work and lost many hours trying to fix this.
My machine is a Lenovo Thinkpad X1 Gen9 with integrated WWAN device Quectel EM120R-GL.
I realized that after disabling Windows Defender real-time protection (Echtzeitschutz) in Settings, the Antimalware Service Executable
MsMpEng.exe indeed stopped using that many CPU ressources, but the overall system load remained still quite high, at least much higher than normal idle state. Task Manager (and also Process Explorer from Sysinternals) did not show any individual process using all that CPU, but showed the total CPU at still around 20% (thus the sum of the processes did not add up to the overall CPU usage). That led to the conclusion that Defender CPU usage might be only the symptom of another problem.
In Windows Event Log (Ereignisanzeige) I found thousands of errors that read:
Dienst "QService" wurde unerwartet beendet. Dies ist bereits 16927 Mal passiert. ("service ended prematurely"). QService is a Service installed by Quectel driver and (at least for me) located at
"C:\Windows\Firmware\Quectel\Service". In that folder I found around 260.000 (!) dump files. Apparently, the service failed repeatedly (about once per second, I would say) and wrote a dump file to that directory. Windows Defender then scanned that dump file and therefore needed CPU ressources.
In addition, I don't wanna know how much that ruined my SSD with two weeks of constant writing. Indeed, I saw in Task Manager that something was permanently writing to storage, but I couldn't figure out what it was.
What I finally did:
Disabled QService
Disabled ModemAuthService (which apparently, after disabling QService, started to have some problems, it is also from Quectel).
Code:
C:\Windows\Firmware\Quectel>dir /O:D /P Service (in order to look at which date the first dump files were written and if it coincided with the problem appearing)
C:\Windows\Firmware\Quectel>del Service\*.dmp (in order to free up the dump file space)
I occasionally need the WWAN device, so I will have to figure out how to solve this issue completely and not only deactivating the Service. (Mabye reinstalling drivers, whatever.) But for now I am happy that at least now I can work again in peace.
One more note: During my research, I found out that restarting the service
UserManager (Benutzer-Manager) would solve the issue for some minutes or sometimes even until restart. But some other things in Windows did not work anymore (even though it was restarted, not stopped). Never figured out how that was actually related to QService.
Facebook
Twitter
Instagram