MsMpEng.exe
Windows Defender by Microsoft Corporation (Signed)
| Version: | 1.1.1593.0 |
| MD5: | f45dd1e1365d857dd08bc23563370d0e |
| SHA1: | f8cfa36178da79f75ff003b4ae052fce6ad5fdd0 |
| SHA256: | d95aebb2095579d716c62152c8b805e119812fd2e40f14f9a5ba2efde133303b |
What is MsMpEng.exe?
MsMpEng.exe is the back-end of Microsoft Security Essentials. It is important to remember that this process is actually used by both Windows Defender and MSE. When you install Microsoft Security Essentials, then Windows Defender is automatically turned off and Microsoft Security Essentials uses this process. This is the main process that runs the program and takes quite some system memory. If you end this process then Microsoft Security Essentials will be disabled and an alert will be shown aski
About MsMpEng.exe (from Microsoft Corporation)
“Windows Defender is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted so”
Details
| File name: | MsMpEng.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows Defender |
| Description: | Service Executable |
| Typical file path: | C:\Program Files\windows defender\msmpeng.exe |
| File version: | 1.1.1593.0 |
| Size: | 13.27 KB (13,592 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Effective date: | Tuesday, April 4, 2006 |
| Expiration date: | Thursday, October 4, 2007 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| Entropy: | 6.571932 |
| File packed: | No |
| Code language: | Microsoft Visual C++ 8.0 |
| .NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- WinDefend
- 'WinDefend' (Windows Defender)
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.14786202% | |
| Kernel CPU: | 0.07855999% | |
| User CPU: | 0.06930204% | |
| Kernel CPU time: | 19,400 ms/min | |
| User CPU time: | 169 ms/min | |
| Context switches: | 86/sec | |
| Memory |
| Private memory: | 53.26 MB | |
| Private (maximum): | 37.83 MB | |
| Private (minimum): | 26.59 MB | |
| Non-paged memory: | 53.26 MB | |
| Virtual memory: | 137.13 MB | |
| Virtual memory (peak): | 194.35 MB | |
| Working set: | 33 MB | |
| Working set (peak): | 106.37 MB | |
| Page faults: | 299,002/min | |
| I/O |
| I/O read transfer: | 6.84 MB/sec | |
| I/O read operations: | 1,068/sec | |
| I/O write transfer: | 275.72 KB/sec | |
| I/O write operations: | 34/sec | |
| I/O other transfer: | 37.33 KB/sec | |
| I/O other operations: | 1,380/sec | |
| Resource allocations |
| Threads: | 17 | |
| Handles: | 315 | |
| GUI GDI count: | 4 | |
| GUI USER count: | 2 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command line: | "C:\Program Files\windows defender\msmpeng.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | SYSTEM\CurrentControlSet\Services\WinDefend |
| Display name: | WinDefend |
| Description: | “Protection against spyware and potentially unwanted software” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| ntdll.dll |
| Total CPU: | 2.12504425% | |
| Kernel CPU: | 0.12400455% | |
| User CPU: | 2.00103970% | |
| Context switches: | 21/sec | |
| Memory: | 712 KB | |
| offreg.dll |
| Total CPU: | 0.00076478% | |
| Kernel CPU: | 0.00076478% | |
| User CPU: | 0.00000000% | |
| Memory: | 60 KB | |
| MsMpEng.exe (main module) |
| Total CPU: | 0.00074191% | |
| Kernel CPU: | 0.00072400% | |
| User CPU: | 0.00001791% | |
| Memory: | 16 KB | |
| mprtplug.dll |
| Total CPU: | 0.00021259% | |
| Kernel CPU: | 0.00015944% | |
| User CPU: | 0.00005315% | |
| Memory: | 60 KB | |
| MpSvc.dll |
| Total CPU: | 0.00009750% | |
| Kernel CPU: | 0.00004900% | |
| User CPU: | 0.00004850% | |
| Memory: | 272 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
57.14% |
|
| Windows XP Home Edition |
25.71% |
|
| Microsoft Windows XP Home Edition |
5.71% |
|
| Windows XP Professional |
5.71% |
|
| Windows 7 Home Premium |
5.71% |
|
Distribution by country
United States installs about 76.19% of Windows Defender.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
55.56% |
|
| Intel |
22.22% |
|
| American Megatrends |
11.11% |
|
| ASUS |
11.11% |
|
