As expected killing this process is not allowed, access denied. What is very strange though is that there seems to be absolutely no protection at all against suspending this process. Once suspended the system becomes completely crippled and requires a forced reboot to recover. If you attempt to launch an app after this it looks like the system gets stuck waiting forever for the app to be checked which never happens due to MsMpEng.exe being suspended. I can't imagine that MS is intentionally creating a denial of service condition through its own security software. I would imagine that blocking this process from being suspended is a trivial change since its termination is already blocked.