mcsysmon.exe
McAfee VirusScan API by McAfee (Signed)
Overview
mcsysmon.exe has 4 known versions, the most recent one is 13,15,102,0. It is started as a Windows Service called 'McSysmon' with the name 'McSysmon' and described as “Monitors potentially unauthorized changes to this computer.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 596.48 KB. It is an authenticode code-signed executable issued to McAfee by the certification authority VeriSign. During the process's lifecycle, the typical CPU resource utilization is about 0.0002% including both foreground and background operations, the average private memory consumption is about 5.59 MB with the maximum memory reaching around 7.23 MB. Addionally, typically read and write I/O disk operations is about 458 Bytes per minute for reads and 27 Bytes per minute for writes.
 Details
|
| File name: | mcsysmon.exe |
| Publisher: | McAfee, Inc. |
| Product name: | McAfee VirusScan API |
| Description: | McAfee SystemGuards Service |
| Typical file path: | C:\Program Files\McAfee\VirusScan\mcsysmon.exe |
| Original name: | sysmon.exe |
| Certificate |
| Issued to: | McAfee |
| Authority (CA): | VeriSign |
| Effective date: | Friday, September 12, 2008 |
| Expiration date: | Sunday, October 9, 2011 |
| Windows Service |
| Service name: | McSysmon |
| Display name: | McSysmon |
| Description: | “Monitors potentially unauthorized changes to this computer.” |
| Type: | Win32OwnProcess |
Behaviors
(Note, the behaviors below are for all versions of mcsysmon.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- McSysmon
- 'McSysmon' (McAfee SystemGuards)
All file variations of mcsysmon.exe
