Should I block it?

No, this file is 100% safe to run.

Additional versions

6.2.8250.0 (winmain_win8beta.120217-1520)	0.37%
6.2.8102.0 (winmain_win8m3.110823-1455)	0.74%
4.3.9600.16384 (winblue_rtm.130821-1623)	13.01%
4.3.9600.16384 (winblue_rtm.130821-1623)	0.74%
4.3.9431.0 (winmain_bluemp.130615-1214)	1.86%
4.3.9431.0 (winmain_bluemp.130615-1214)	0.37%
4.0.9200.16384 (win8_rtm.120725-1247)	18.22%
4.0.9200.16384 (win8_rtm.120725-1247)	62.83%
4.0.8400.0 (winmain_win8rc.120518-1423)	1.12%
4.0.8400.0 (winmain_win8rc.120518-1423)	0.74%

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

PE file structure

Show functions

Import table

kernel32.dll

ExitProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount

mpsvc.dll

ServiceCrtMain

MsMpEng.exe

Antimalware Service Executable by Microsoft Corporation (Signed)

Remove MsMpEng.exe

Version:	4.0.9200.16384 (win8_rtm.120725-1247)
MD5:	36a695e1683671009c2fea38b5eb4cd4
SHA1:	2497c8cad4579f37b5d7c1f2d8e8a06049d8fce0
SHA256:	3542673e2e8eb310aa55d973da5923f65f6ad4311dea2fea8e50abc757659ed2

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is MsMpEng.exe?

MsMpEng.exe is the back-end of Microsoft Security Essentials. It is important to remember that this process is actually used by both Windows Defender and MSE. When you install Microsoft Security Essentials, then Windows Defender is automatically turned off and Microsoft Security Essentials uses this process. This is the main process that runs the program and takes quite some system memory. If you end this process then Microsoft Security Essentials will be disabled and an alert will be shown aski

About MsMpEng.exe (from Microsoft Corporation)

“Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyw”

Details

File name:	msmpeng.exe
Publisher:	Microsoft Corporation
Product name:	Antimalware Service Executable
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Program Files\windows defender\msmpeng.exe
File version:	4.0.9200.16384 (win8_rtm.120725-1247)
Product version:	4.0.9200.16384
Size:	13.54 KB (13,864 bytes)
Certificate
Issued to:	Microsoft Corporation
Authority (CA):	Microsoft Corporation
Expiration date:	Tuesday, July 9, 2013
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'WinDefend' (Servizio Windows Defender)
WinDefend

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.01062297%	0.028634%
Kernel CPU:	0.00734961%	0.013761%
User CPU:	0.00327336%	0.014873%
Kernel CPU time:	279,672,871 ms/min	100,923,805ms/min
CPU cycles:	292,820/sec	17,470,203/sec
Context switches:	15/sec	284/sec
Memory
Private memory:	75.66 MB	21.59 MB
Private (maximum):	93.49 MB
Private (minimum):	28.61 MB
Non-paged memory:	75.66 MB	21.59 MB
Virtual memory:	199.63 MB	140.96 MB
Virtual memory (peak):	403.06 MB	169.69 MB
Working set:	47.28 MB	18.61 MB
Working set (peak):	236.16 MB	37.95 MB
Page faults:	14,006,108/min	2,039/min
I/O
I/O read transfer:	1.5 MB/sec	1.02 MB/min
I/O read operations:	287/sec	343/min
I/O write transfer:	89.65 KB/sec	274.99 KB/min
I/O write operations:	2/sec	227/min
I/O other transfer:	295.1 KB/sec	448.09 KB/min
I/O other operations:	2,874/sec	1,671/min
Resource allocations
Threads:	19	12
Handles:	470	600

Process properties

Integrety level:	System
Platform:	32-bit
Command line:	"C:\Program Files\windows defender\msmpeng.exe"
Owner:	SYSTEM
Windows Service
Service name:	WinDefend
Display name:	Servizio Windows Defender
Description:	“Contribuisce a proteggere gli utenti da malware e altro software potenzialmente indesiderato”
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads

Averages

msvcrt.dll
Total CPU:	0.17052443%	0.272967%
Kernel CPU:	0.01556230%	0.107585%
User CPU:	0.15496212%	0.165382%
CPU cycles:	3,001,829/sec	5,741,424/sec
Context switches:	1/sec	79/sec
Memory:	708 KB	1.16 MB
ntdll.dll
Total CPU:	0.04090396%
Kernel CPU:	0.01701864%
User CPU:	0.02388532%
CPU cycles:	674,434/sec
Memory:	1.4 MB
MsMpEng.exe (main module)
Total CPU:	0.00037043%
Kernel CPU:	0.00034235%
User CPU:	0.00002808%
CPU cycles:	4,368/sec
Memory:	24 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

urlmon.dll (by Microsoft)

Distribution by Windows OS

OS version	distribution
Windows 8 Pro	43.50%
Windows 8	16.00%
Windows 8.1	10.50%
Windows 8 Pro with Media Center	8.50%
Windows 8.1 Pro	5.00%
Windows 8 Enterprise	3.50%
Windows 8.1 Pro Preview	2.00%
Windows 8 Release Preview	2.00%
Windows 8 Enterprise N	1.50%
Windows 8.1 Single Language	1.00%
Windows 8.1 Pro with Media Center	1.00%
Windows 8.1 Enterprise	1.00%
Windows Developer Preview	1.00%
Windows 8 Single Language	1.00%
Windows 8 Enterprise Evaluation	1.00%
Windows 8.1 Single Language Preview	0.50%
Windows 8.1 Pro Preview with Media Center	0.50%
Windows 8 Consumer Preview	0.50%

Distribution by country

United States installs about 33.67% of Antimalware Service Executable.

Distribution by PC manufacturer

PC Manufacturer	distribution
ASUS	21.92%
Hewlett-Packard	16.44%
Dell	13.70%
Toshiba	10.96%
Sony	9.59%
Acer	8.90%
Lenovo	8.22%
GIGABYTE	3.42%
Intel	2.74%
Medion	1.37%
Packard Bell	1.37%
Alienware	0.68%
Samsung	0.68%

Remove Adware and Spyware Programs, FREE Download!