Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

4.5.0218.0 7.33%
4.5.0216.0 7.05%
4.4.0304.0 4.23%
4.4.0304.0 0.28%
4.4.0304.0 0.42%
4.3.0219.0 6.21%
4.3.0219.0 2.82%
4.3.0216.0 0.85%
4.3.0216.0 1.55%
4.3.0215.0 3.24%
4.3.0215.0 0.99%
4.2.0223.0 11.00%
4.2.0223.0 20.87%
4.2.0216.0 0.42%
4.1.0522.0 19.89%
4.1.0522.0 12.83%

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTraceEnableFlags, GetTraceLoggerHandle, TraceEvent, GetTraceEnableLevel, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, StartServiceCtrlDispatcherW, IsValidSid, GetLengthSid, CopySid, ConvertSidToStringSidW, LookupAccountSidW, RegQueryValueExW, RegNotifyChangeKeyValue, RegOpenKeyExA, RegQueryValueExA, RegisterServiceCtrlHandlerExW, SetServiceStatus, TraceMessage
kernel32.dll
InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetProcessId, GetCurrentProcess, FreeLibrary, LoadLibraryExW, lstrcmpiW, LeaveCriticalSection, RaiseException, EnterCriticalSection, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceExW, GetModuleFileNameW, InitializeCriticalSection, SetProcessWorkingSetSize, CloseHandle, Sleep, InterlockedExchangeAdd, GetSystemTimeAsFileTime, DeleteTimerQueueTimer, DeviceIoControl, CreateSemaphoreW, WaitForSingleObject, InterlockedExchange, ReleaseSemaphore, SetEvent, CreateEventW, ResetEvent, ExpandEnvironmentStringsW, QueryDosDeviceW, SetErrorMode, VerifyVersionInfoW, CompareFileTime, VerSetConditionMask, CreateFileW, InterlockedIncrement, CreateTimerQueueTimer, GetNativeSystemInfo, ReadFile, GetFileSizeEx, GetFileAttributesW, LoadLibraryW, GetModuleHandleExW, WaitForSingleObjectEx, CreateEventA, GetProcessHeap, LoadLibraryA, InterlockedCompareExchange64, DuplicateHandle, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, GetModuleHandleA, OutputDebugStringA, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, SwitchToThread, InterlockedCompareExchange, HeapDestroy, GetLastError, HeapSetInformation, HeapCreate, LocalFree, LocalAlloc, GetProcAddress, GetVersionExW, GetModuleHandleW, GetSystemDirectoryW, ChangeTimerQueueTimer
mpclient.dll
MpConfigGetValue, MpConfigGetValueAlloc, MpConfigIteratorOpen, MpConfigOpen, MpConfigClose, MpTelemetrySetDWORD, MpTelemetryIncrementDWORD, MpClientUtilExportFunctions, MpConfigIteratorEnum, MpConfigInitialize, MpTelemetryInitialize, MpTelemetryUninitialize, MpConfigUninitialize, MpAllocMemory, MpConfigUnregisterNotifications, MpHandleClose, MpConfigRegisterForNotifications, MpNotificationRegister, MpManagerOpen, MpTelemetrySetIfMaxDWORD, MpTelemetryAddToAverageDWORD, MpFreeMemory, MpUtilsExportFunctions, MpConfigIteratorClose, MpTelemetrySetString
msvcrt.dll
DllMain
nislog.dll
NisLogOnServiceStart, NisLogOnSignatureEntry, NisLogOnSignatureMatch, NisLogOnParseError, NisLogInitialize, NisLogSPrintfW, NisLogWrite, NisLogCleanup
ole32.dll
CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, CoInitializeEx, CoCreateInstance, CoUninitialize, IIDFromString, CoRevokeClassObject
user32.dll
CharNextW, CharLowerBuffW, UnregisterClassA
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW

NisSrv.exe

Microsoft Malware Protection by Microsoft Corporation (Signed)

Remove NisSrv.exe
Version:   4.1.0522.0
MD5:   79e80b10fe8f6662e0c9162a68c43444
SHA1:   12a8fbbcad2161a0abf683c53eabfb295582206f
SHA256:   3a643c8cdea0c2cac8fc503463d23560683f4457d4ffc06b1eddd265d09fa807

What is NisSrv.exe?

Network Inspection System (NIS), which is the signature-based part of the Forefront TMG Intrusion Prevention System and Microsoft Security Essentials. NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center to help detect and block malicious traffic. NIS, which is enabled by default, can be configured from the Getting Started Wizard.

About NisSrv.exe (from Microsoft Corporation)

Microsoft Security Essentials is our fully featured, real-time antivirus solution for your home or small business. It runs quietly and efficiently in the background, with no annoying pop-ups.
It ca

DetailsDetails

File name:nissrv.exe
Publisher:Microsoft Corporation
Product name:Microsoft Malware Protection
Description:Microsoft Network Realtime Inspection Service
Typical file path:C:\Program Files\microsoft security client\nissrv.exe
File version:4.1.0522.0
Size:360.25 KB (368,896 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Thursday, July 26, 2012
Expiration date:Saturday, October 26, 2013
Digital DNA
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

ResourcesPrograms

The following programs will install this file
Microsoft Corporation
8% remove
Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. It runs on Windows XP, Windows Vista and Windows 7, but not on Windows 8, which has a built-in AV component. Built upon the same virus definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, constantly mo...
Microsoft Corporation
4% remove
Microsoft Security Client for Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. Built upon the same virus definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, constantly monitoring activities on the computer and scanning new files as they are download...
Microsoft Corporation
5% remove
Security and management have traditionally existed as two separate disciplines, yet both play a central role in keeping your users safe and productive. Microsoft System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection) allows you to consolidate desktop security and management in a single solution. Built on System Center 2012 Configuration Manager, System Center 2012 Endpoint Protection provides a sin...
Microsoft Corporation
1% remove
Microsoft Forefront is a family of line-of-business security software that are designed to help protect computer networks, network servers (such as Microsoft Exchange Server and Microsoft SharePoint Server) and individual devices.
Microsoft Corporation
1% remove
The Microsoft Security Essentials Prerelease program allows users to run the latest & greatest versions of Security Essentials before they are publicy available.

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'WdNisSvc' (Windows Defender-Netzwerkinspektionsdienst)
  • WdNisSvc

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00281381%
0.028634%
Kernel CPU:0.00080739%
0.013761%
User CPU:0.00200642%
0.014873%
Kernel CPU time:5,454,115 ms/min
100,923,805ms/min
CPU cycles:924,677/sec
17,470,203/sec
Context switches:3/sec
284/sec
Memory
Private memory:17.3 MB
21.59 MB
Private (maximum):10.12 MB
Private (minimum):3.73 MB
Non-paged memory:17.3 MB
21.59 MB
Virtual memory:81.16 MB
140.96 MB
Virtual memory (peak):83.07 MB
169.69 MB
Working set:8.09 MB
18.61 MB
Working set (peak):18.27 MB
37.95 MB
Page faults:40,511/min
2,039/min
I/O
I/O read transfer:969.28 KB/sec
1.02 MB/min
I/O read operations:62/sec
343/min
I/O write transfer:75 Bytes/sec
274.99 KB/min
I/O write operations:3/sec
227/min
I/O other transfer:15.25 KB/sec
448.09 KB/min
I/O other operations:65/sec
1,671/min
Resource allocations
Threads:13
12
Handles:254
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command line:"C:\Program Files\microsoft security client\nissrv.exe"
Owner:LOCAL SERVICE
Windows Service
Service name:WdNisSvc
Display name:Windows Defender-Netzwerkinspektionsdienst
Description:“Schützt gegen Eindringversuche bei bekannten und neu erkannten Sicherheitsrisiken von Netzwerkprotokollen.”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.01063212%
0.272967%
Kernel CPU:0.00121259%
0.107585%
User CPU:0.00941954%
0.165382%
CPU cycles:132,495/sec
5,741,424/sec
Memory:1.66 MB
1.16 MB
msvcrt.dll
Total CPU:0.00112279%
Kernel CPU:0.00059275%
User CPU:0.00053004%
CPU cycles:22,711/sec
Memory:636 KB
NisSrv.exe (main module)
Total CPU:0.00038626%
Kernel CPU:0.00019829%
User CPU:0.00018797%
CPU cycles:4,407/sec
Memory:352 KB
sechost.dll
Total CPU:0.00016456%
Kernel CPU:0.00013228%
User CPU:0.00003228%
CPU cycles:2,209/sec
Memory:124 KB
ADVAPI32.dll
Total CPU:0.00000932%
Kernel CPU:0.00000000%
User CPU:0.00000932%
CPU cycles:108/sec
Memory:1.03 MB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 47.00%
Windows 8.1 14.50%
Windows 7 Ultimate 12.50%
Windows 7 Professional 10.00%
Windows 8.1 Pro 6.50%
Windows Vista Home Premium 3.50%
Windows 8.1 Single Language 3.00%
Windows 8.1 Pro with Media Center 2.00%
Windows 8.1 N 0.50%
Windows 8.1 Enterprise Evaluation 0.50%

Distribution by countryDistribution by country

United States installs about 52.50% of Microsoft Malware Protection.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 24.60%
Hewlett-Packard 16.27%
ASUS 13.49%
Acer 13.10%
Toshiba 9.52%
Lenovo 7.94%
Sony 4.76%
GIGABYTE 2.38%
Intel 1.59%
Gateway 1.59%
MSI 1.59%
NEC 1.59%
Samsung 1.19%
Alienware 0.40%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE