Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.1.7601.18170 (win7sp1_gdr.130526-1536) 13.44%
6.1.7601.18170 (win7sp1_gdr.130526-1536) 5.27%
6.1.7600.16385 (win7_rtm.090713-1255) 31.12%
6.1.7600.16385 (win7_rtm.090713-1255) 41.16%
6.1.7600.16384 (win7_rtm.090710-1945) 0.17%
1.1.1600.0 0.68%
1.1.1600.0 7.65%
1.1.1505.0 0.51%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
GetLengthSid, ConvertSidToStringSidW, QueryServiceConfigW, QueryServiceStatus, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, ConvertStringSidToSidW, AllocateAndInitializeSid, FreeSid, CheckTokenMembership, IsValidSid, LookupAccountSidW, EqualSid, OpenThreadToken, OpenProcessToken, GetTokenInformation, LookupPrivilegeValueW, AdjustTokenPrivileges, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, OpenSCManagerW, OpenServiceW, ChangeServiceConfigW, CloseServiceHandle, SetServiceStatus, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, TraceEvent
crypt32.dll
CertVerifyCertificateChainPolicy
kernel32.dll
WaitForSingleObject, SetThreadPriority, GetCurrentThread, CreateThread, lstrlenW, GetVersionExW, LeaveCriticalSection, EnterCriticalSection, ResetEvent, InterlockedIncrement, lstrcmpiW, GetFileAttributesW, CopyFileW, FindClose, FindNextFileW, FindFirstFileW, CreateDirectoryW, GetCurrentThreadId, InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetThreadTimes, GetModuleHandleW, WaitForMultipleObjects, OpenThread, CreateMutexW, ReleaseMutex, UnregisterWaitEx, ReleaseSemaphore, CreateSemaphoreW, GetSystemTimeAsFileTime, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationW, CreateFileW, GetTickCount, DeleteFileW, WriteFile, GetFileSize, GetFileAttributesExW, CompareFileTime, CreateEventW, GetTimeFormatW, GetDateFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, Sleep, QueryPerformanceCounter, GetCurrentProcessId, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetEvent, InterlockedCompareExchange, UnregisterWait, CloseHandle, DeleteTimerQueueTimer, CreateTimerQueueTimer, GetCurrentProcess, TerminateProcess, SetErrorMode, LoadLibraryW, GetProcAddress, FreeLibrary, LocalAlloc, LocalFree, GetLastError, InterlockedExchange, LoadLibraryExW, GetSystemDirectoryW, InitializeCriticalSection, FormatMessageW, DisableThreadLibraryCalls, RemoveDirectoryW, SetFileAttributesW, HeapFree, HeapAlloc, DeleteTimerQueueEx, TryEnterCriticalSection, GetModuleFileNameW, CreateTimerQueue, GetLocalTime, RegisterWaitForSingleObject
mpclient.dll
MpConfigIteratorEnum, MpConfigIteratorClose, MpConfigUnregisterNotifications, MpFeatureStatus, MpGetEngineVersion, MpOpen, MpFormatVErrorMessage, MpClose, MpConfigSetValue, MpConfigRegisterForNotifications, MpClientUtilExportFunctions, MpConfigUninitialize, MpConfigInitialize, MpConfigGetValue, MpConfigGetValueAlloc, MpConfigClose, MpConfigOpen, MpConfigIteratorOpen
msvcrt.dll
DllMain
ole32.dll
CoUninitialize, CoInitializeEx, StringFromGUID2, CoCreateInstance
rpcrt4.dll
RpcImpersonateClient, UuidFromStringW, NdrServerCall2, NdrAsyncServerCall, RpcStringFreeW, RpcBindingInqAuthClientW, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, UuidCreate, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerRegisterAuthInfoW, RpcServerUnregisterIf, RpcAsyncCompleteCall
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
wintrust.dll
WinVerifyTrust, CryptCATAdminReleaseContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain, CryptCATCatalogInfoFromContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminAcquireContext, CryptCATAdminCalcHashFromFileHandle
Export table
ServiceCrtMain
ServiceMain
SvchostPushServiceGlobals

MpSvc.dll

Windows Defender by Microsoft Corporation (Signed)

Remove MpSvc.dll
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   cf318f60a84f15af352439465a8d05f4
SHA1:   16ba18c9ac7371cdcf35eb793e9cd84106c4c515
SHA256:   e713f7fd90eb5d8845f3407e94ffd17d893c59746330960a36645a989d8d45af
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is MpSvc.dll?

Windows Defender, formerly known as Microsoft AntiSpyware, is a software product that helps combat malware. Windows Defender was initially an antispyware program; it is included with Windows Vista and Windows 7 and is available as a free download for Windows XP.

About MpSvc.dll (from Microsoft Corporation)

Windows Defender is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted so

DetailsDetails

File name:mpsvc.dll
Publisher:Microsoft Corporation
Product name:Windows Defender
Description:Service Module
Typical file path:C:\Program Files\windows defender\mpsvc.dll
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:988 KB (1,011,712 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Thursday, December 18, 2008
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

ResourcesPrograms

The following programs will install this file
Carenado
9% remove
C90B King Air HD SERIES FSX is an aircraft 3D model for use with Microsoft Flight Simulator X.
Carenado
1% remove
Carenado A36 Bonanza FSX is an aircraft 3D model for use with Microsoft Flight Simulator X.
Carenado
2% remove
Carenado C 152 II is an aircraft 3D model for use with Microsoft Flight Simulator.
Carenado
3% remove
Carenado C172N FSX is an aircraft 3D model for use with Microsoft Flight Simulator X.
Guenter Kraemer
1% remove
Microsoft Game Studios
1% remove
Microsoft Flight Simulator X, also known as FSX, is the 10th version of Microsoft Flight Simulator after Microsoft Flight Simulator 2004. It includes a graphics engine upgrade, having been marketed by Microsoft as the most important technological milestone in the series to date. Flight Simulator X marks the tenth version of the popular line of flight simulators. It was officially released to the US market on October 17, 2006. According ...
PMDG Simulations, LLC.
4% remove
The PMDG 737NGX features an unprecedented level of systems fidelity. Developed over three years with technical input from Boeing and a team of real-life 737NG crew and maintenance advisors, we have painstakingly modeled nearly every system on the real aircraft in a fully dynamic and realistic manner.

BehaviorsBehaviors

Hosted services
Runs as a shared service under the Windows svcHost
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'
  • Shared name is 'WinDefend'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows Vista Home Premium 61.54%
Windows Vista Home Basic 21.15%
Windows Vista Ultimate 9.62%
Windows Vista Business 5.77%
Windows Vista™ Home Premium 1.92%

Distribution by countryDistribution by country

United States installs about 61.22% of Windows Defender.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 27.91%
Toshiba 23.26%
ASUS 13.95%
Hewlett-Packard 13.95%
Acer 11.63%
Gateway 9.30%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE