Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.2.8250.0 (winmain_win8beta.120217-1520) 0.37%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.74%
4.3.9600.16384 (winblue_rtm.130821-1623) 13.01%
4.3.9600.16384 (winblue_rtm.130821-1623) 0.74%
4.3.9431.0 (winmain_bluemp.130615-1214) 1.86%
4.3.9431.0 (winmain_bluemp.130615-1214) 0.37%
4.0.9200.16384 (win8_rtm.120725-1247) 18.22%
4.0.9200.16384 (win8_rtm.120725-1247) 62.83%
4.0.8400.0 (winmain_win8rc.120518-1423) 1.12%
4.0.8400.0 (winmain_win8rc.120518-1423) 0.74%

Relationships


PE structurePE file structure

Show functions
Import table
kernel32.dll
ExitProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount
mpsvc.dll
ServiceCrtMain

MsMpEng.exe

Antimalware Service Executable by Microsoft Corporation (Signed)

Remove MsMpEng.exe
Version:   4.0.9200.16384 (win8_rtm.120725-1247)
MD5:   f6e2d63673ed6c04ab21cec88517b0f5
SHA1:   dbd38ad4668005f26b8535777eee9349cc293503
SHA256:   05a1f9f3cbf7c19a16a4b0ea5cd0631ccd77357b1214cc6ecd3089a766db2f51
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is MsMpEng.exe?

MsMpEng.exe is the back-end of Microsoft Security Essentials. It is important to remember that this process is actually used by both Windows Defender and MSE. When you install Microsoft Security Essentials, then Windows Defender is automatically turned off and Microsoft Security Essentials uses this process. This is the main process that runs the program and takes quite some system memory. If you end this process then Microsoft Security Essentials will be disabled and an alert will be shown aski

About MsMpEng.exe (from Microsoft Corporation)

Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyw

DetailsDetails

File name:msmpeng.exe
Publisher:Microsoft Corporation
Product name:Antimalware Service Executable
Description:Microsoft® Windows® Operating System
Typical file path:C:\Program Files\windows defender\msmpeng.exe
File version:4.0.9200.16384 (win8_rtm.120725-1247)
Product version:4.0.9200.16384
Size:15.08 KB (15,440 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Tuesday, July 9, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'WinDefend' (Servizio Windows Defender)
  • WinDefend

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00372089%
0.028634%
Kernel CPU:0.00177114%
0.013761%
User CPU:0.00194975%
0.014873%
Kernel CPU time:185,566,063 ms/min
100,923,805ms/min
CPU cycles:8,122,611/sec
17,470,203/sec
Context switches:57/sec
284/sec
Memory
Private memory:78.68 MB
21.59 MB
Private (maximum):119.22 MB
Private (minimum):40.4 MB
Non-paged memory:78.68 MB
21.59 MB
Virtual memory:240.1 MB
140.96 MB
Virtual memory (peak):491.9 MB
169.69 MB
Working set:65.99 MB
18.61 MB
Working set (peak):302.19 MB
37.95 MB
Page faults:7,778,866/min
2,039/min
I/O
I/O read transfer:2.95 MB/sec
1.02 MB/min
I/O read operations:531/sec
343/min
I/O write transfer:306.87 KB/sec
274.99 KB/min
I/O write operations:29/sec
227/min
I/O other transfer:129.5 KB/sec
448.09 KB/min
I/O other operations:2,418/sec
1,671/min
Resource allocations
Threads:25
12
Handles:478
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command line:"C:\Program Files\windows defender\msmpeng.exe"
Owner:SYSTEM
Windows Service
Service name:WinDefend
Display name:Servizio Windows Defender
Description:“Contribuisce a proteggere gli utenti da malware e altro software potenzialmente indesiderato”
Type:Win32OwnProcess
Parent process:services.exe (by Microsoft)

ResourcesThreads

Averages
 
msvcrt.dll
Total CPU:0.07748428%
0.272967%
Kernel CPU:0.00498412%
0.107585%
User CPU:0.07250016%
0.165382%
CPU cycles:1,999,500/sec
5,741,424/sec
Memory:660 KB
1.16 MB
ntdll.dll
Total CPU:0.05671688%
Kernel CPU:0.02332245%
User CPU:0.03339442%
CPU cycles:1,505,602/sec
Context switches:1/sec
Memory:1.74 MB
MsMpEng.exe (main module)
Total CPU:0.00020211%
Kernel CPU:0.00018501%
User CPU:0.00001711%
CPU cycles:2,512/sec
Memory:28 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8 Pro 43.50%
Windows 8 16.00%
Windows 8.1 10.50%
Windows 8 Pro with Media Center 8.50%
Windows 8.1 Pro 5.00%
Windows 8 Enterprise 3.50%
Windows 8.1 Pro Preview 2.00%
Windows 8 Release Preview 2.00%
Windows 8 Enterprise N 1.50%
Windows 8.1 Single Language 1.00%
Windows 8.1 Pro with Media Center 1.00%
Windows 8.1 Enterprise 1.00%
Windows Developer Preview 1.00%
Windows 8 Single Language 1.00%
Windows 8 Enterprise Evaluation 1.00%
Windows 8.1 Single Language Preview 0.50%
Windows 8.1 Pro Preview with Media Center 0.50%
Windows 8 Consumer Preview 0.50%

Distribution by countryDistribution by country

United States installs about 33.67% of Antimalware Service Executable.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 21.92%
Hewlett-Packard 16.44%
Dell 13.70%
Toshiba 10.96%
Sony 9.59%
Acer 8.90%
Lenovo 8.22%
GIGABYTE 3.42%
Intel 2.74%
Medion 1.37%
Packard Bell 1.37%
Alienware 0.68%
Samsung 0.68%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE