mcshield.exe
Anti-Malware Core by McAfee (Signed)
| Version: | Anti-Malware Core.1.1.2.123.x64 |
| MD5: | 8036004f016125c907fc9351141f95aa |
| SHA1: | 8bf3d70d800b965cfefb5d144dd98244c0a1dac3 |
What is mcshield.exe?
McAfee On-Access Scanner service features true blocking On Access Scanning. It scans every file being accessed from or written to the machine and blocks infections if any. On Access Scanner can be configured to scan on Read Only, Write only or both. It can also be configured to scan files on network volumes.
Overview
mcshield.exe runs as a service under the name McAfee Anti-Malware Core (mfecore) with extensive SYSTEM privileges (full administrator access). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).
Details
| File name: | mcshield.exe |
| Publisher: | McAfee, Inc. |
| Product name: | Anti-Malware Core |
| Description: | McAfee On-Access Scanner service |
| Typical file path: | C:\Program Files\common files\mcafee\amcore\mcshield.exe |
| File version: | Anti-Malware Core.1.1.2.123.x64 |
| Size: | 993.18 KB (1,017,016 bytes) |
| Build date: | 8/28/2013 9:02 AM |
| Certificate |
| Issued to: | McAfee |
| Authority (CA): | VeriSign |
| Effective date: | Friday, June 10, 2011 |
| Digital DNA |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'mfecore' (McAfee Anti-Malware Core)
Network connections
[TCP] 161.69.225.6:443
[TCP] 161.69.92.6:443
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00103824% | |
| Kernel CPU: | 0.00056015% | |
| User CPU: | 0.00047809% | |
| Kernel CPU time: | 389,637 ms/min | |
| CPU cycles: | 18,968,263/sec | |
| Context switches: | 40/sec | |
| Memory |
| Private memory: | 284.3 MB | |
| Private (maximum): | 174.42 MB | |
| Private (minimum): | 8.22 MB | |
| Non-paged memory: | 284.3 MB | |
| Virtual memory: | 493.37 MB | |
| Virtual memory (peak): | 741.29 MB | |
| Working set: | 126.04 MB | |
| Working set (peak): | 427.09 MB | |
| Page faults: | 97,265,303/min | |
| I/O |
| I/O read transfer: | 59.3 MB/sec | |
| I/O read operations: | 1,025/sec | |
| I/O write transfer: | 26.03 KB/sec | |
| I/O write operations: | 39/sec | |
| I/O other transfer: | 34.82 MB/sec | |
| I/O other operations: | 15,954/sec | |
| Resource allocations |
| Threads: | 47 | |
| Handles: | 742 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command line: | "C:\Program Files\common files\mcafee\amcore\mcshield.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | mfecore |
| Display name: | McAfee Anti-Malware Core |
| Description: | “McAfee OnAccess Scanner” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (by Microsoft) |
Threads
Averages
| ntdll.dll |
| Total CPU: | 16.60599055% | |
| Kernel CPU: | 1.01877302% | |
| User CPU: | 15.58721753% | |
| CPU cycles: | 364,223,588/sec | |
| Context switches: | 113/sec | |
| Memory: | 1.66 MB | |
| ncapi.dll (Anti-Malware Core by McAfee) |
| Total CPU: | 0.75975813% | |
| Kernel CPU: | 0.03275007% | |
| User CPU: | 0.72700805% | |
| CPU cycles: | 13,213,073/sec | |
| Context switches: | 1/sec | |
| Memory: | 120 KB | |
| sechost.dll (Host for SCM/SDDL/LSA Lookup APIs by Microsoft) |
| Total CPU: | 0.60144799% | |
| Kernel CPU: | 0.26500635% | |
| User CPU: | 0.33644164% | |
| CPU cycles: | 16,139,337/sec | |
| Context switches: | 2/sec | |
| Memory: | 124 KB | |
| MCNormalizer.dat |
| Total CPU: | 0.19333583% | |
| Kernel CPU: | 0.06014490% | |
| User CPU: | 0.13319093% | |
| CPU cycles: | 3,800,789/sec | |
| Context switches: | 1/sec | |
| Memory: | 208 KB | |
| emmain.dll (Anti-Malware Core by McAfee) |
| Total CPU: | 0.02630209% | |
| Kernel CPU: | 0.00987478% | |
| User CPU: | 0.01642730% | |
| CPU cycles: | 517,435/sec | |
| Memory: | 284 KB | |
| MSVCR90.dll |
| Total CPU: | 0.00576997% | |
| Kernel CPU: | 0.00087522% | |
| User CPU: | 0.00489475% | |
| CPU cycles: | 138,010/sec | |
| Memory: | 652 KB | |
| ts.dat |
| Total CPU: | 0.00251442% | |
| Kernel CPU: | 0.00151684% | |
| User CPU: | 0.00099758% | |
| CPU cycles: | 60,877/sec | |
| Memory: | 1.32 MB | |
| mcshield.exe (main module) |
| Total CPU: | 0.00020527% | |
| Kernel CPU: | 0.00019605% | |
| User CPU: | 0.00000922% | |
| CPU cycles: | 2,677/sec | |
| Memory: | 1004 KB | |
| amgti.dat |
| Total CPU: | 0.00013605% | |
| Kernel CPU: | 0.00011481% | |
| User CPU: | 0.00002125% | |
| CPU cycles: | 2,578/sec | |
| Memory: | 216 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
27.94% |
|
| Windows 8.1 |
22.06% |
|
| Windows 8.1 Single Language |
16.18% |
|
| Windows 8 |
16.18% |
|
| Windows 8 Single Language |
5.88% |
|
| Windows 8.1 Pro with Media Center |
2.94% |
|
| Windows 8 Pro |
2.94% |
|
| Windows 7 Professional |
1.47% |
|
| Windows 7 Ultimate |
1.47% |
|
| Windows Vista Home Premium |
1.47% |
|
| Windows 7 Starter |
1.47% |
|
Distribution by country
United States installs about 50.00% of Anti-Malware Core.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
29.13% |
|
| Dell |
23.30% |
|
| Acer |
12.62% |
|
| Lenovo |
11.65% |
|
| Hewlett-Packard |
11.65% |
|
| Sony |
7.77% |
|
| Toshiba |
3.88% |
|
