Should I block it?
No, this file is 100% safe to run.
Additional versions
Relationships
Parent process
Related files
 PE file structure
|
Show functions |
Import table
kernel32.dll
GetLastError, GetModuleFileNameW, LoadLibraryW, FreeLibrary, GetProcAddress, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, InterlockedCompareExchange, Sleep, InterlockedExchange, UnhandledExceptionFilter, ExitProcess
mpsvc.dll
ServiceCrtMain
msvcrt.dll
DllMain
MsMpEng.exe
Microsoft Malware Protection by Microsoft Corporation (Signed)
| Version: | 4.0.1526.0 |
| MD5: | 59faaf2c83c8169ea20f9e335e418907 |
| SHA1: | 564d03a55fa39928cd7df3fd0e7541b54e0a305c |
| SHA256: | 019a5f7e68a62a6958525226abb21ca3aeaf7cdd9332b199af8ede2528b348d3 |
What is MsMpEng.exe?
MsMpEng.exe is the back-end of Microsoft Security Essentials. It is important to remember that this process is actually used by both Windows Defender and MSE. When you install Microsoft Security Essentials, then Windows Defender is automatically turned off and Microsoft Security Essentials uses this process. This is the main process that runs the program and takes quite some system memory. If you end this process then Microsoft Security Essentials will be disabled and an alert will be shown aski
About MsMpEng.exe (from Microsoft Corporation)
“Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyw”
Details
| File name: | MsMpEng.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Microsoft Malware Protection |
| Description: | AntiMalware Service Executable |
| Typical file path: | C:\Program Files\microsoft security essentials\msmpeng.exe |
| File version: | 4.0.1526.0 |
| Size: | 12.3 KB (12,600 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Effective date: | Wednesday, October 22, 2008 |
| Expiration date: | Friday, January 22, 2010 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| Entropy: | 6.372596 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. It runs on Windows XP, Windows Vista and Windows 7, but not on Windows 8, which has a built-in AV component. Built upon the same virus definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, constantly mo...
Microsoft Security Client for Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. Built upon the same virus definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, constantly monitoring activities on the computer and scanning new files as they are download...
“Security and management have traditionally existed as two separate disciplines, yet both play a central role in keeping your users safe and productive. Microsoft System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection) allows you to consolidate desktop security and management in a single solution.
Built on System Center 2012 Configuration Manager, System Center 2012 Endpoint Protection provides a sin...”
“Manage PCs and multiple types of mobile devices in one unified solution, either through the cloud or by extending your existing on-premises infrastructure. Whether using corporate or employee-owned devices, Windows Intune helps provide a security-enhanced environment with comprehensive update and policy management. Use Windows Intune to give employees access to the resources and applications they need on the devices they choose without ...”
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- WinDefend
- 'MsMpSvc' (Microsoft Antimalware Service)
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00291475% | |
| Kernel CPU: | 0.00015850% | |
| User CPU: | 0.00275626% | |
| Kernel CPU time: | 2,078,707 ms/min | |
| CPU cycles: | 6,788,608/sec | |
| Context switches: | 89/sec | |
| Memory |
| Private memory: | 86.48 MB | |
| Private (maximum): | 83.68 MB | |
| Private (minimum): | 68.33 MB | |
| Non-paged memory: | 86.48 MB | |
| Virtual memory: | 244.26 MB | |
| Virtual memory (peak): | 593.48 MB | |
| Working set: | 80.17 MB | |
| Working set (peak): | 317.02 MB | |
| Page faults: | 879,384,594/min | |
| I/O |
| I/O read transfer: | 3.57 MB/sec | |
| I/O read operations: | 378/sec | |
| I/O write transfer: | 94.03 KB/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 451.96 KB/sec | |
| I/O other operations: | 9,288/sec | |
| Resource allocations |
| Threads: | 45 | |
| Handles: | 497 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command line: | "C:\Program Files\microsoft security client\msmpeng.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | WinDefend |
| Display name: | Windows Defender-Dienst |
| Description: | “Schützt Benutzer vor Schadsoftware und weiterer potenziell unerwünschter Software.” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| msvcrt.dll |
| Total CPU: | 0.25357667% | |
| Kernel CPU: | 0.00960997% | |
| User CPU: | 0.24396670% | |
| CPU cycles: | 5,810,508/sec | |
| Context switches: | 1/sec | |
| Memory: | 636 KB | |
| ntdll.dll |
| Total CPU: | 0.02474215% | |
| Kernel CPU: | 0.00805527% | |
| User CPU: | 0.01668688% | |
| CPU cycles: | 872,705/sec | |
| Context switches: | 2/sec | |
| Memory: | 1.66 MB | |
| MsMpEng.exe (main module) |
| Total CPU: | 0.00208644% | |
| Kernel CPU: | 0.00208644% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 28,537/sec | |
| Memory: | 24 KB | |
| mpengine.dll |
| Total CPU: | 0.00007642% | |
| Kernel CPU: | 0.00007642% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 114,601/sec | |
| Context switches: | 1/sec | |
| Memory: | 8.89 MB | |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
31.50% |
|
| Windows 8.1 |
14.50% |
|
| Windows 7 Ultimate |
13.00% |
|
| Windows 7 Professional |
8.00% |
|
| Windows 8.1 Pro |
6.50% |
|
| Windows 8 |
6.00% |
|
| Windows 8 Pro |
5.50% |
|
| Windows 8 Single Language |
3.50% |
|
| Windows 8.1 Single Language |
3.00% |
|
| Windows 8.1 Pro with Media Center |
2.00% |
|
| Windows Vista Home Premium |
2.00% |
|
| Microsoft Windows XP |
1.50% |
|
| Windows 8 Enterprise |
1.00% |
|
| Windows 8.1 N |
0.50% |
|
| Windows 8.1 Enterprise Evaluation |
0.50% |
|
| Windows 8 Enterprise N |
0.50% |
|
| Windows 8 Enterprise Evaluation |
0.50% |
|
Distribution by country
United States installs about 45.50% of Microsoft Malware Protection.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
24.10% |
|
| Hewlett-Packard |
15.26% |
|
| Acer |
13.25% |
|
| ASUS |
12.05% |
|
| Lenovo |
12.05% |
|
| Toshiba |
8.84% |
|
| Sony |
4.02% |
|
| GIGABYTE |
3.61% |
|
| Intel |
3.21% |
|
| Samsung |
1.61% |
|
| Compaq |
1.61% |
|
| Alienware |
0.40% |
|
