mcshield.exe
Anti-Malware Core by McAfee (Signed)
| Version: | Anti-Malware Core.1.0.1.118.x64 |
| MD5: | 38d1f23ee031b615a8ca51dd1e523579 |
| SHA1: | 6557479af477cdaf0efb803718d25da907821625 |
| SHA256: | e61a21000de672768a4ee505fea076e0ff20782a70820e59b378ac7871d00e55 |
What is mcshield.exe?
McAfee On-Access Scanner service features true blocking On Access Scanning. It scans every file being accessed from or written to the machine and blocks infections if any. On Access Scanner can be configured to scan on Read Only, Write only or both. It can also be configured to scan files on network volumes.
Overview
mcshield.exe runs as a service under the name McAfee Anti-Malware Core (mfecore) with extensive SYSTEM privileges (full administrator access). This is typically installed with the program Lenovo Patch Utility 64 bit published by Lenovo. The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).
Details
| File name: | mcshield.exe |
| Publisher: | McAfee, Inc. |
| Product name: | Anti-Malware Core |
| Description: | McAfee On-Access Scanner service |
| Typical file path: | C:\Program Files\common files\mcafee\amcore\mcshield.exe |
| File version: | Anti-Malware Core.1.0.1.118.x64 |
| Size: | 983.68 KB (1,007,288 bytes) |
| Certificate |
| Issued to: | McAfee |
| Authority (CA): | VeriSign |
| Effective date: | Friday, June 10, 2011 |
| Digital DNA |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Programs
The following program will install this file
This program provides the utilities (sub packages) related for the special keys and buttons on your computer. The special keys and buttons are designed on the accessibility and usability. The utilities enable the full functionality for the special keys and buttons. This program provides a function to change various settings of the ThinkPad's internal display. This program is applicable only to several featurized ThinkPad products. The s...
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'mfecore' (McAfee Anti-Malware Core)
Network connections
[TCP] 8.21.161.6:443
[TCP] 161.69.165.6:443
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00504261% | |
| Kernel CPU: | 0.00167285% | |
| User CPU: | 0.00336976% | |
| Kernel CPU time: | 586,126,943 ms/min | |
| CPU cycles: | 20,336,642/sec | |
| Memory |
| Private memory: | 296.57 MB | |
| Private (maximum): | 289.11 MB | |
| Private (minimum): | 119.44 MB | |
| Non-paged memory: | 296.57 MB | |
| Virtual memory: | 507.67 MB | |
| Virtual memory (peak): | 575.37 MB | |
| Working set: | 245.92 MB | |
| Working set (peak): | 342.93 MB | |
| Page faults: | 13,439,026/min | |
| I/O |
| I/O read transfer: | 42.27 MB/sec | |
| I/O read operations: | 9,328/sec | |
| I/O write transfer: | 1.88 MB/sec | |
| I/O write operations: | 194/sec | |
| I/O other transfer: | 13.77 MB/sec | |
| I/O other operations: | 87,650/sec | |
| Resource allocations |
| Threads: | 51 | |
| Handles: | 780 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command line: | "C:\Program Files\common files\mcafee\amcore\mcshield.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | mfecore |
| Display name: | McAfee Anti-Malware Core |
| Description: | “McAfee OnAccess Scanner” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (by Microsoft) |
Threads
Averages
| sechost.dll |
| Total CPU: | 0.85216620% | |
| Kernel CPU: | 0.13836668% | |
| User CPU: | 0.71379952% | |
| CPU cycles: | 20,287,818/sec | |
| Memory: | 288 KB | |
| ncapi.dll |
| Total CPU: | 0.35907861% | |
| Kernel CPU: | 0.04500248% | |
| User CPU: | 0.31407614% | |
| CPU cycles: | 15,814,227/sec | |
| Context switches: | 8/sec | |
| Memory: | 116 KB | |
| MCNormalizer.dat |
| Total CPU: | 0.19332013% | |
| Kernel CPU: | 0.05776642% | |
| User CPU: | 0.13555371% | |
| CPU cycles: | 4,248,077/sec | |
| Memory: | 196 KB | |
| ntdll.dll |
| Total CPU: | 0.10694643% | |
| Kernel CPU: | 0.07547482% | |
| User CPU: | 0.03147161% | |
| CPU cycles: | 3,029,018/sec | |
| Memory: | 1.66 MB | |
| MSVCR90.dll |
| Total CPU: | 0.06864738% | |
| Kernel CPU: | 0.00793538% | |
| User CPU: | 0.06071200% | |
| CPU cycles: | 1,655,077/sec | |
| Memory: | 652 KB | |
| EMMain.dll |
| Total CPU: | 0.02860217% | |
| Kernel CPU: | 0.00648795% | |
| User CPU: | 0.02211423% | |
| CPU cycles: | 1,041,660/sec | |
| Context switches: | 18/sec | |
| Memory: | 284 KB | |
| ts.dat |
| Total CPU: | 0.00372424% | |
| Kernel CPU: | 0.00263863% | |
| User CPU: | 0.00108561% | |
| CPU cycles: | 144,960/sec | |
| Memory: | 1.18 MB | |
| amgti.dat |
| Total CPU: | 0.00066667% | |
| Kernel CPU: | 0.00033333% | |
| User CPU: | 0.00033333% | |
| CPU cycles: | 4,583/sec | |
| Memory: | 216 KB | |
| mcshield.exe (main module) |
| Total CPU: | 0.00007076% | |
| Kernel CPU: | 0.00007076% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 1,430/sec | |
| Memory: | 992 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
27.94% |
|
| Windows 8.1 |
22.06% |
|
| Windows 8.1 Single Language |
16.18% |
|
| Windows 8 |
16.18% |
|
| Windows 8 Single Language |
5.88% |
|
| Windows 8.1 Pro with Media Center |
2.94% |
|
| Windows 8 Pro |
2.94% |
|
| Windows 7 Professional |
1.47% |
|
| Windows 7 Ultimate |
1.47% |
|
| Windows Vista Home Premium |
1.47% |
|
| Windows 7 Starter |
1.47% |
|
Distribution by country
United States installs about 50.00% of Anti-Malware Core.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
29.13% |
|
| Dell |
23.30% |
|
| Acer |
12.62% |
|
| Lenovo |
11.65% |
|
| Hewlett-Packard |
11.65% |
|
| Sony |
7.77% |
|
| Toshiba |
3.88% |
|
