MsMpEng.exe
Microsoft Malware Protection by Microsoft Corporation (Signed)
Overview
There are 31 versions of MsMpEng.exe in the wild, the latest version being 4.5.0218.0. It is started as a Windows Service called 'Windows Defender-Dienst' with the name 'WinDefend' and described as “Schützt Benutzer vor Schadsoftware und weiterer potenziell unerwünschter Software.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 18.55 KB. The file is a digitally signed and issued to Microsoft Corporation by Microsoft Corporation. The programs Microsoft Security Essentials, Microsoft Antimalware and MS Security Essentials have been observed as installing specific variations of MsMpEng.exe. During the process's lifecycle, the typical CPU resource utilization is about 0.0069% including both foreground and background operations, the average private memory consumption is about 78.91 MB with the maximum memory reaching around 155.72 MB. Addionally, typically read and write I/O disk operations is about 5.37 MB per minute for reads and 1.76 MB per minute for writes.
What is MsMpEng.exe?
MsMpEng.exe is the back-end of Microsoft Security Essentials. It is important to remember that this process is actually used by both Windows Defender and MSE. When you install Microsoft Security Essentials, then Windows Defender is automatically turned off and Microsoft Security Essentials uses this process. This is the main process that runs the program and takes quite some system memory. If you end this process then Microsoft Security Essentials will be disabled and an alert will be shown aski
About MsMpEng.exe (from Microsoft Corporation)
“Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyw”
 Details
|
| File name: | MsMpEng.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Microsoft Malware Protection |
| Description: | AntiMalware Service Executable |
| Typical file path: | C:\Program Files\microsoft security essentials\msmpeng.exe |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Effective date: | Wednesday, October 22, 2008 |
| Expiration date: | Friday, January 22, 2010 |
| Windows Service |
| Service name: | WinDefend |
| Display name: | Windows Defender-Dienst |
| Description: | “Schützt Benutzer vor Schadsoftware und weiterer potenziell unerwünschter Software.” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of Microsoft Malware Protection.)
Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. It runs on Win...
Microsoft Antimalware is an antivirus software (AV) product that fights malware (malicious software), including computer viruses, spyware, Trojan horses and rootkits. The software runs on Windows XP, ...
The Microsoft Security Essentials Prerelease program allows users to run the latest & greatest versions of Security Essentials before they are publicy available.
“Manage PCs and multiple types of mobile devices in one unified solution, either through the cloud or by extending your existing on-premises infrastructure. Whether using corporate or employee-owned de...”
“Endpoint Protection uses the monitoring and deployment capabilities of Configuration Manager to streamline the deployment of antimalware definitions and uses Configuration Manager to provide an in-con...”
Microsoft Forefront is a family of line-of-business security software that are designed to help protect computer networks, network servers (such as Microsoft Exchange Server and Microsoft SharePoint ...
Microsoft Security Client for Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and...
“Security and management have traditionally existed as two separate disciplines, yet both play a central role in keeping your users safe and productive. Microsoft System Center 2012 Endpoint Protection...”
Behaviors
(Note, the behaviors below are for all versions of MsMpEng.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- WinDefend
- 'MsMpSvc' (Microsoft Antimalware Service)
All file variations of MsMpEng.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
32.25% |
|
| Windows 8 |
12.75% |
|
| Windows 7 Ultimate |
10.00% |
|
| Windows 8 Pro |
9.50% |
|
| Windows 8.1 |
7.25% |
|
| Windows 7 Professional |
6.50% |
|
| Microsoft Windows XP |
4.50% |
|
| Windows 8.1 Pro |
3.25% |
|
| Windows 8 Single Language |
3.25% |
|
| Windows Vista Home Premium |
3.00% |
|
| Windows 8 Enterprise |
1.75% |
|
| Windows 8.1 Single Language |
1.50% |
|
| Windows 8 Pro with Media Center |
1.25% |
|
| Windows 8.1 Pro with Media Center |
1.00% |
|
| Windows Vista Business |
0.50% |
|
| Windows Vista Ultimate |
0.50% |
|
| Windows 8.1 N |
0.25% |
|
| Windows 8.1 Enterprise Evaluation |
0.25% |
|
| Windows 8 Enterprise N |
0.25% |
|
| Windows 8 Enterprise Evaluation |
0.25% |
|
| Windows 8 Pro N |
0.25% |
|
| 21 other Windows OS version |
Distribution by country
United States installs about 47.22% of Microsoft Malware Protection.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
24.71% |
|
| Hewlett-Packard |
14.83% |
|
| ASUS |
12.55% |
|
| Acer |
10.46% |
|
| Lenovo |
9.51% |
|
| Toshiba |
9.51% |
|
| Sony |
5.32% |
|
| Intel |
4.56% |
|
| GIGABYTE |
2.09% |
|
| Compaq |
1.52% |
|
| Samsung |
1.14% |
|
| American Megatrends |
0.95% |
|
| Gateway |
0.76% |
|
| MSI |
0.76% |
|
| NEC |
0.76% |
|
| Sahara |
0.38% |
|
| Alienware |
0.19% |
|
