mcshield.exe

Anti-Malware Core by McAfee (Signed)

Remove mcshield.exe
Version:   Anti-Malware Core.1.1.3.164.x64
MD5:   bbc716d161b412f3298c105b9382864f
SHA1:   bc58ef79c5ddf658fcc39f608f88acd1d231aa41

What is mcshield.exe?

McAfee On-Access Scanner service features true blocking On Access Scanning. It scans every file being accessed from or written to the machine and blocks infections if any. On Access Scanner can be configured to scan on Read Only, Write only or both. It can also be configured to scan files on network volumes.

Overview

mcshield.exe runs as a service under the name McAfee Anti-Malware Core (mfecore) with extensive SYSTEM privileges (full administrator access). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:mcshield.exe
Publisher:McAfee, Inc.
Product name:Anti-Malware Core
Description:McAfee On-Access Scanner service
Typical file path:C:\Program Files\common files\mcafee\amcore\mcshield.exe
File version:Anti-Malware Core.1.1.3.164.x64
Size:1016.79 KB (1,041,192 bytes)
Build date:3/18/2014 8:05 AM
Certificate
Issued to:McAfee
Authority (CA):VeriSign
Effective date:Friday, June 10, 2011
Digital DNA
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'mfecore' (McAfee Anti-Malware Core)
Network connections
  • [TCP] cloud.gti.mcafee.com (161.69.199.6:443)
  • [TCP] cloud.gti.mcafee.com (161.69.92.6:443)
  • [TCP] cloud.gti.mcafee.com (8.21.161.6:443)

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00290000%
    0.028634%
    Kernel CPU:0.00120673%
    0.013761%
    User CPU:0.00169327%
    0.014873%
    Kernel CPU time:302,023,087 ms/min
    100,923,805ms/min
    CPU cycles:4,564,691/sec
    17,470,203/sec
    Context switches:74/sec
    284/sec
    Memory
    Private memory:265.65 MB
    21.59 MB
    Private (maximum):279.09 MB
    Private (minimum):119.79 MB
    Non-paged memory:265.65 MB
    21.59 MB
    Virtual memory:489.73 MB
    140.96 MB
    Virtual memory (peak):677.61 MB
    169.69 MB
    Working set:214.74 MB
    18.61 MB
    Working set (peak):418.99 MB
    37.95 MB
    Page faults:18,392,866/min
    2,039/min
    I/O
    I/O read transfer:72.51 MB/sec
    1.02 MB/min
    I/O read operations:1,763/sec
    343/min
    I/O write transfer:191.84 KB/sec
    274.99 KB/min
    I/O write operations:151/sec
    227/min
    I/O other transfer:25.82 MB/sec
    448.09 KB/min
    I/O other operations:17,939/sec
    1,671/min
    Resource allocations
    Threads:47
    12
    Handles:755
    600

    BehaviorsProcess properties

    Integrety level:System
    Platform:64-bit
    Command line:"C:\Program Files\common files\mcafee\amcore\mcshield.exe"
    Owner:SYSTEM
    Windows Service
    Service name:mfecore
    Display name:McAfee Anti-Malware Core
    Description:“McAfee OnAccess Scanner”
    Type:Win32OwnProcess
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    sechost.dll
    Total CPU:0.38216755%
    0.272967%
    Kernel CPU:0.19344842%
    0.107585%
    User CPU:0.18871913%
    0.165382%
    CPU cycles:7,315,764/sec
    5,741,424/sec
    Context switches:8/sec
    79/sec
    Memory:348 KB
    1.16 MB
    ncapi.dll (Anti-Malware Core by McAfee)
    Total CPU:0.11136089%
    Kernel CPU:0.01679897%
    User CPU:0.09456192%
    CPU cycles:1,914,076/sec
    Context switches:1/sec
    Memory:124 KB
    MCNormalizer.dat
    Total CPU:0.07198750%
    Kernel CPU:0.02304792%
    User CPU:0.04893958%
    CPU cycles:1,778,481/sec
    Context switches:2/sec
    Memory:224 KB
    MSVCR90.dll
    Total CPU:0.03237122%
    Kernel CPU:0.00542325%
    User CPU:0.02694797%
    CPU cycles:630,542/sec
    Context switches:1/sec
    Memory:652 KB
    ntdll.dll
    Total CPU:0.02505317%
    Kernel CPU:0.01938420%
    User CPU:0.00566897%
    CPU cycles:642,310/sec
    Memory:1.75 MB
    emmain.dll (Anti-Malware Core by McAfee)
    Total CPU:0.01835255%
    Kernel CPU:0.00151385%
    User CPU:0.01683870%
    CPU cycles:313,001/sec
    Context switches:2/sec
    Memory:292 KB
    ts.dat
    Total CPU:0.00073851%
    Kernel CPU:0.00051077%
    User CPU:0.00022774%
    CPU cycles:13,273/sec
    Memory:1.32 MB
    mcshield.exe (main module)
    Total CPU:0.00024655%
    Kernel CPU:0.00023694%
    User CPU:0.00000961%
    CPU cycles:5,684/sec
    Memory:1 MB
    amgti.dat
    Total CPU:0.00002447%
    Kernel CPU:0.00001357%
    User CPU:0.00001090%
    CPU cycles:662/sec
    Memory:216 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 27.94%
    Windows 8.1 22.06%
    Windows 8.1 Single Language 16.18%
    Windows 8 16.18%
    Windows 8 Single Language 5.88%
    Windows 8.1 Pro with Media Center 2.94%
    Windows 8 Pro 2.94%
    Windows 7 Professional 1.47%
    Windows 7 Ultimate 1.47%
    Windows Vista Home Premium 1.47%
    Windows 7 Starter 1.47%

    Distribution by countryDistribution by country

    United States installs about 50.00% of Anti-Malware Core.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 29.13%
    Dell 23.30%
    Acer 12.62%
    Lenovo 11.65%
    Hewlett-Packard 11.65%
    Sony 7.77%
    Toshiba 3.88%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE