Should I block it?

No, this file is 100% safe to run.

Relationships

Child process

rps.exe (Rogers Online Protection by Radialpoint)

Related files

PE file structure

Show functions

Import table

advapi32.dll

ControlService, InitializeSecurityDescriptor, RegCloseKey, SetSecurityDescriptorDacl, RegOpenKeyExA, RegNotifyChangeKeyValue, ConvertStringSecurityDescriptorToSecurityDescriptorA, InitializeAcl, AddAccessAllowedAce, AddAce, GetTokenInformation, GetLengthSid, GetAclInformation, CopySid, GetSecurityDescriptorDacl, GetAce, OpenProcessToken, SetServiceStatus, CreateServiceA, DeleteService, QueryServiceStatus, OpenServiceA, OpenSCManagerA, CreateProcessAsUserW, RegisterServiceCtrlHandlerExA, StartServiceCtrlDispatcherA, DuplicateTokenEx, CloseServiceHandle, IsValidSid, EqualSid, LookupAccountSidA, GetSidIdentifierAuthority, GetSidSubAuthorityCount, AdjustTokenPrivileges, GetSidSubAuthority, LookupPrivilegeValueA, AllocateAndInitializeSid, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, IsValidSecurityDescriptor, GetSecurityDescriptorLength, CryptDestroyHash, CryptAcquireContextA, CryptCreateHash, CryptGetHashParam, CryptHashData, CryptReleaseContext

iphlpapi.dll

GetNetworkParams, GetAdaptersInfo

kernel32.dll

GetSystemTimeAsFileTime, GetACP, GetLocaleInfoA, GetTickCount, GetCurrentProcessId, GetSystemWow64DirectoryA, GetDriveTypeA, GetSystemDirectoryA, GetCurrentDirectoryW, CreateFileW, GetCurrentThreadId, InterlockedDecrement, LoadLibraryA, InterlockedIncrement, GetProcAddress, GetWindowsDirectoryA, WideCharToMultiByte, InterlockedExchange, GetVersionExA, CreateDirectoryA, SetFileAttributesA, GetFileAttributesA, SetLastError, GetCurrentProcess, WTSGetActiveConsoleSessionId, FormatMessageA, CopyFileA, SetConsoleCtrlHandler, SetUnhandledExceptionFilter, GetProcessHeap, HeapFree, HeapAlloc, GetFileSize, CreateFileA, SetEndOfFile, SetFilePointer, OutputDebugStringA, InitializeCriticalSection, DeleteCriticalSection, FlushFileBuffers, ReadFile, EnterCriticalSection, LeaveCriticalSection, WriteFile, OpenMutexA, FreeLibrary, GetModuleFileNameA, SetEvent, Process32First, WaitForMultipleObjects, QueryPerformanceCounter, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetLastError, CreateToolhelp32Snapshot, ResetEvent, Sleep, CloseHandle, GetModuleHandleA, SetThreadPriority, CreateMutexA, WaitForSingleObject, OpenProcess, Process32Next, CreateEventA, InterlockedCompareExchange, GetThreadLocale, GetLogicalDriveStringsA

msvcp80.dll

DllMain

msvcr80.dll

DllMain

netapi32.dll

NetShareEnum, NetApiBufferFree

oemlibr.dll

OemLibLoadResourceDLL

ole32.dll

CoUninitialize, CoInitialize

persistr.dll

CreateCrypto, CreatePersist

psapi.dll

EnumProcesses

user32.dll

CloseDesktop, CloseWindowStation, OpenDesktopA, SetProcessWindowStation, GetUserObjectSecurity, SetUserObjectSecurity, OpenWindowStationA, wsprintfA, MessageBoxA, GetSystemMetrics

userenv.dll

DestroyEnvironmentBlock, CreateEnvironmentBlock

version.dll

GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

wtsapi32.dll

WTSEnumerateProcessesA, WTSQuerySessionInformationA, WTSFreeMemory, WTSEnumerateSessionsA, WTSQueryUserToken

Fws.exe

Rogers Online Protection by Radialpoint (Signed)

Remove Fws.exe

Version:	9.0.58.60238
MD5:	1861535b65be2073d705bfb5c252f9a8
SHA1:	dc5c3ccc0d568a7c3cb0e0b03dcb44ed23e6c97f

Overview

fws.exe runs as a service under the name Rogers Online Protection Firewall (RP_FWS) with extensive SYSTEM privileges (full administrator access). This is typically installed with the program Rogers Online Protection published by Rogers Cable Communications Inc.. The file is digitally signed by Radialpoint which was issued by the VeriSign certificate authority (CA). This particular version is usually found on Microsoft Windows XP (5.1.2600.196608).

Details

File name:	fws.exe
Publisher:	Rogers
Product name:	Rogers Online Protection
Description:	Radialpoint 9.0.58
Typical file path:	C:\Program Files\rogers online protection\rogers online protection\fws.exe
File version:	9.0.58.60238
Size:	373.32 KB (382,280 bytes)
Certificate
Issued to:	Radialpoint
Authority (CA):	VeriSign
Effective date:	Thursday, June 10, 2010
Expiration date:	Wednesday, July 10, 2013
Digital DNA
PE subsystem:	Windows Console
File packed:	No
Code language:	Microsoft Visual C++ 8.0
.NET CLR:	No

More details

Programs

The following program will install this file

Rogers Online Protection

Rogers Cable Communications Inc.

53% remove

“Protect up to 3 PCs from the latest viruses and security threats.1 You can also set limits on what your children access online.”

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'RP_FWS' (Rogers Online Protection Firewall)

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00341872%	0.028634%
Kernel CPU:	0.00165943%	0.013761%
User CPU:	0.00175929%	0.014873%
Kernel CPU time:	797 ms/min	100,923,805ms/min
Context switches:	1/sec	284/sec
Memory
Private memory:	9.65 MB	21.59 MB
Private (maximum):	35.21 MB
Private (minimum):	3.67 MB
Non-paged memory:	9.65 MB	21.59 MB
Virtual memory:	69.63 MB	140.96 MB
Virtual memory (peak):	109.76 MB	169.69 MB
Working set:	3.7 MB	18.61 MB
Working set (peak):	35.21 MB	37.95 MB
Page faults:	11,047/min	2,039/min
I/O
I/O read transfer:	1.48 KB/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O write transfer:	1.1 KB/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	1.1 KB/sec	448.09 KB/min
I/O other operations:	14/sec	1,671/min
Resource allocations
Threads:	5	12
Handles:	326	600
GUI GDI count:	4	103
GUI USER count:	2	49

Process properties

Integrety level:	Undefined
Platform:	32-bit
Command line:	"C:\Program Files\rogers online protection\rogers online protection\fws.exe"
Owner:	SYSTEM
Windows Service
Service name:	RP_FWS
Display name:	Rogers Online Protection Firewall
Description:	“Radialpoint Firewall Service”
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads