Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1, 5, 395, 0 4.00%
1, 5, 395, 0 4.00%
1, 5, 393, 22 36.00%
1, 5, 393, 22 12.00%
1, 5, 393, 18 20.00%
1, 5, 393, 18 4.00%
1, 5, 388, 0 12.00%
1, 5, 388, 0 4.00%
1, 5, 350, 0 4.00%

Relationships

Parent process
Child process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
LookupAccountNameW, RegCloseKey, RegQueryValueExW, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, InitializeSecurityDescriptor, InitializeAcl, GetAce, AdjustTokenPrivileges, OpenProcessToken, MakeAbsoluteSD, OpenThreadToken, RegCreateKeyExW, RegOpenKeyExW, SetSecurityDescriptorOwner, SetKernelObjectSecurity, SetSecurityDescriptorGroup, GetSecurityInfo, AddAce, AllocateAndInitializeSid, LookupPrivilegeValueW, CreateProcessAsUserW, EqualSid, ConvertStringSidToSidW, SetThreadToken, DuplicateTokenEx, CreateRestrictedToken, SetSecurityInfo, GetSecurityDescriptorSacl, SetTokenInformation, GetTokenInformation, SetSecurityDescriptorSacl, SetSecurityDescriptorDacl, AddAuditAccessAce, AddAccessAllowedAce, RegDeleteValueW, RegEnumValueW, RegOpenKeyW, RegCreateKeyW, ImpersonateNamedPipeClient, RevertToSelf, ImpersonateLoggedOnUser, ConvertSidToStringSidW, RegSetValueExW
crypt32.dll
CertGetIssuerCertificateFromStore, CertFindCertificateInStore, CertCreateCertificateChainEngine, CertGetCertificateChain, CryptQueryObject, CryptHashPublicKeyInfo, CertGetNameStringW, CertNameToStrW, CertGetCertificateContextProperty, CryptDecodeObject, CryptMsgClose, CertFreeCertificateChainEngine, CertFreeCertificateChain, CertCloseStore, CertOpenSystemStoreW, CryptMsgGetParam, CertFreeCertificateContext, CertEnumCertificatesInStore
kernel32.dll
SetLastError, WaitForSingleObject, GetTickCount, GetThreadPriority, FreeLibrary, GetCurrentThread, SetThreadPriority, CreateEventW, CloseHandle, CreateToolhelp32Snapshot, Process32FirstW, SetUnhandledExceptionFilter, SetEvent, InterlockedCompareExchange, Process32NextW, QueueUserAPC, DeviceIoControl, SleepEx, GetVersion, TerminateProcess, OpenThread, DuplicateHandle, GetModuleHandleW, InterlockedExchange, CreateProcessW, GetExitCodeProcess, LocalFree, ResumeThread, GetStartupInfoA, UnhandledExceptionFilter, OpenProcess, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetCurrentProcess, SetProcessWorkingSetSize, Sleep, GetProcAddress, LoadLibraryW, GetLastError, WaitForMultipleObjects, ResetEvent, GetComputerNameW, QueueUserWorkItem, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetEnvironmentStringsW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, CreateDirectoryW, GetEnvironmentVariableW, GetFileAttributesW, MultiByteToWideChar, FindFirstFileW, GetModuleFileNameW, FindClose, SearchPathW, WriteFile, FlushFileBuffers, DisconnectNamedPipe, ReadFile, ConnectNamedPipe, CreateNamedPipeW, TlsAlloc, GetCurrentDirectoryW, TlsFree, OpenFileMappingW, VirtualQuery, lstrcmpA, IsBadReadPtr, IsBadWritePtr, lstrcpynW, VerLanguageNameW, FormatMessageW, HeapDestroy, HeapCreate, GetFileSizeEx, MoveFileExW, SetFilePointerEx, CompareFileTime, HeapFree, GetCommandLineW, ExitThread, GetLocalTime, ReleaseMutex, CreateMutexW, WaitForSingleObjectEx, SetEndOfFile, HeapAlloc, GetSystemTime, CompareStringA, CompareStringW, GetShortPathNameW, WaitNamedPipeW, GetPrivateProfileIntW, GetPrivateProfileStringW, GetVersionExW, WideCharToMultiByte, RemoveDirectoryW, SetFileAttributesW, FindNextFileW, DeleteFileW, OutputDebugStringW, ReadProcessMemory, GetExitCodeThread, CreateThread, GetFileSize, CreateFileW, CopyFileW, TlsGetValue, TlsSetValue, GetProcessAffinityMask, InterlockedIncrement, InterlockedDecrement, VirtualAlloc, VirtualFree, QueryPerformanceFrequency, IsDebuggerPresent, GetSystemDirectoryW, GetLongPathNameW, SystemTimeToFileTime
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ntdll.dll
ZwDelayExecution, ZwSetInformationFile, ZwQueryFullAttributesFile, ZwWaitForMultipleObjects, ZwOpenKey, RtlFreeUnicodeString, ZwCreateFile, ZwQueryInformationFile, ZwOpenThread, RtlGetVersion, ZwFlushBuffersFile, ZwWriteFile, ZwReadFile, ZwReleaseMutant, RtlFormatCurrentUserKeyPath, ZwCreateKey, RtlInitUnicodeString, ZwAllocateVirtualMemory, ZwWriteVirtualMemory, ZwFlushInstructionCache, ZwQueryInformationProcess, ZwQueryKey, ZwYieldExecution, ZwCreateEvent, ZwWaitForSingleObject, ZwResetEvent, ZwSetValueKey, ZwQueryInformationThread, ZwOpenDirectoryObject, ZwOpenSymbolicLinkObject, ZwQuerySymbolicLinkObject, ZwOpenSection, ZwMapViewOfSection, ZwReadVirtualMemory, ZwQueryVirtualMemory, ZwQueryValueKey, ZwProtectVirtualMemory, ZwSetEvent, ZwAreMappedFilesTheSame, ZwUnmapViewOfSection, RtlNtStatusToDosError, ZwOpenMutant, ZwClose, ZwCreateMutant, ZwOpenFile, ZwOpenEvent
ole32.dll
CoInitialize, CoUninitialize
psapi.dll
EnumProcesses
shell32.dll
CommandLineToArgvW, SHGetSpecialFolderPathW
shlwapi.dll
SHDeleteKeyW
user32.dll
CharLowerW, wsprintfW, CharUpperW, OpenInputDesktop, SetThreadDesktop, GetThreadDesktop, OpenDesktopW, CloseDesktop, GetDesktopWindow, FindWindowExW, GetUserObjectInformationW, CharUpperBuffW, CharUpperBuffA, CharLowerBuffA, RegisterWindowMessageW, MessageBoxW, PeekMessageW, MsgWaitForMultipleObjects, DispatchMessageW, TranslateMessage, CharLowerBuffW
userenv.dll
DestroyEnvironmentBlock, CreateEnvironmentBlock
version.dll
VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
wintrust.dll
WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext, CryptCATAdminReleaseCatalogContext, CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminAcquireContext, WTHelperProvDataFromStateData, CryptCATAdminCalcHashFromFileHandle

iswsvc.exe

ZoneAlarm Browser Security by Check Point Software Technologies Ltd. (Signed)

Remove iswsvc.exe
Version:   1, 5, 393, 22
MD5:   57fe873b8246def1372503cbc57a7499
SHA1:   a3485529ddbeb127b6d2a6f2ced3e31b1213be36
SHA256:   f10a2c17de3f7bac8660cd21efd9e33425ef9ea4a1d48865adc365f17b3906f7

What is iswsvc.exe?

Check Point's ZoneAlarm ForceField is designed to secure Web browsing sessions through the use of browser virtualization, inline download scanning and DNS validation services.

About iswsvc.exe (from Check Point Software Technologies Ltd.)

Get ZoneAlarm ForceField for your browser. ForceField works hard at Web safety so you don't have to, but you should continue to browse with common sense in mind.

Overview

iswsvc.exe runs as a service under the name ZoneAlarm Toolbar IswSvc (IswSvc) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by Check Point Software Technologies Ltd. which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:iswsvc.exe
Publisher:Check Point Software Technologies
Product name:ZoneAlarm Browser Security
Typical file path:C:\Program Files\checkpoint\zaforcefield\iswsvc.exe
File version:1, 5, 393, 22
Size:485.66 KB (497,320 bytes)
Certificate
Issued to:Check Point Software Technologies Ltd.
Authority (CA):VeriSign
Expiration date:Monday, May 5, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'IswSvc' (ZoneAlarm Toolbar IswSvc)
  • IswSvc

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.02246357%
0.028634%
Kernel CPU:0.01315311%
0.013761%
User CPU:0.00931046%
0.014873%
Kernel CPU time:96,519 ms/min
100,923,805ms/min
CPU cycles:372,765/sec
17,470,203/sec
Context switches:12/sec
284/sec
Memory
Private memory:8.79 MB
21.59 MB
Private (maximum):7.92 MB
Private (minimum):5.57 MB
Non-paged memory:8.79 MB
21.59 MB
Virtual memory:87.92 MB
140.96 MB
Virtual memory (peak):114.42 MB
169.69 MB
Working set:6.98 MB
18.61 MB
Working set (peak):27.53 MB
37.95 MB
Page faults:569,320/min
2,039/min
I/O
I/O read transfer:728 Bytes/sec
1.02 MB/min
I/O read operations:6/sec
343/min
I/O write transfer:3.59 KB/sec
274.99 KB/min
I/O write operations:18/sec
227/min
I/O other transfer:9.19 KB/sec
448.09 KB/min
I/O other operations:853/sec
1,671/min
Resource allocations
Threads:13
12
Handles:235
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:"C:\Program Files\checkpoint\zaforcefield\iswsvc.exe"
Owner:SYSTEM
Windows Service
Service name:IswSvc
Display name:ZoneAlarm Toolbar IswSvc
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.07636662%
0.272967%
Kernel CPU:0.04853223%
0.107585%
User CPU:0.02783439%
0.165382%
Context switches:4/sec
79/sec
Memory:712 KB
1.16 MB
advapi32.dll (Advanced Windows 32 Base API by Microsoft)
Total CPU:0.00025011%
Kernel CPU:0.00005002%
User CPU:0.00020009%
Memory:620 KB
IswSvc.exe (main module)
Total CPU:0.00002975%
Kernel CPU:0.00002349%
User CPU:0.00000625%
CPU cycles:162/sec
Memory:484 KB
MSVCR80.dll
Total CPU:0.00001271%
Kernel CPU:0.00000000%
User CPU:0.00001271%
Memory:620 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 48.00%
Microsoft Windows XP 16.00%
Windows Vista Home Basic 8.00%
Windows 8 Pro 8.00%
Windows 7 Professional 8.00%
Windows 7 Ultimate N 4.00%
Windows Vista Ultimate 4.00%
Windows 7 Ultimate 4.00%

Distribution by countryDistribution by country

United States installs about 60.00% of ZoneAlarm Browser Security.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 80.00%
Acer 20.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE