NisSrv.exe
Microsoft Malware Protection by Microsoft Corporation (Signed)
| Version: | 4.2.0223.0 |
| MD5: | c6e15f2f95f9c0a6098d43510b604e52 |
| SHA1: | 47342c6ed53a7d362dedfc5f3c741c53d38d9baa |
What is NisSrv.exe?
Network Inspection System (NIS), which is the signature-based part of the Forefront TMG Intrusion Prevention System and Microsoft Security Essentials. NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center to help detect and block malicious traffic. NIS, which is enabled by default, can be configured from the Getting Started Wizard.
About NisSrv.exe (from Microsoft Corporation)
“Microsoft Security Essentials is our fully featured, real-time antivirus solution for your home or small business. It runs quietly and efficiently in the background, with no annoying pop-ups.
It ca”
Details
| File name: | nissrv.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Microsoft Malware Protection |
| Description: | Microsoft Network Realtime Inspection Service |
| Typical file path: | C:\Program Files\microsoft security client\nissrv.exe |
| File version: | 4.2.0223.0 |
| Size: | 370.47 KB (379,360 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Effective date: | Thursday, July 26, 2012 |
| Expiration date: | Saturday, October 26, 2013 |
| Digital DNA |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Programs
The following programs will install this file
Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. It runs on Windows XP, Windows Vista and Windows 7, but not on Windows 8, which has a built-in AV component. Built upon the same virus definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, constantly mo...
The Microsoft Security Essentials Prerelease program allows users to run the latest & greatest versions of Security Essentials before they are publicy available.
“Security and management have traditionally existed as two separate disciplines, yet both play a central role in keeping your users safe and productive. Microsoft System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection) allows you to consolidate desktop security and management in a single solution.
Built on System Center 2012 Configuration Manager, System Center 2012 Endpoint Protection provides a sin...”
Microsoft Forefront is a family of line-of-business security software that are designed to help protect computer networks, network servers (such as Microsoft Exchange Server and Microsoft SharePoint Server) and individual devices.
“Manage PCs and multiple types of mobile devices in one unified solution, either through the cloud or by extending your existing on-premises infrastructure. Whether using corporate or employee-owned devices, Windows Intune helps provide a security-enhanced environment with comprehensive update and policy management. Use Windows Intune to give employees access to the resources and applications they need on the devices they choose without ...”
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'WdNisSvc' (Windows Defender-Netzwerkinspektionsdienst)
- WdNisSvc
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00210471% | |
| Kernel CPU: | 0.00089644% | |
| User CPU: | 0.00120827% | |
| Kernel CPU time: | 2,860,740 ms/min | |
| CPU cycles: | 558,503/sec | |
| Context switches: | 4/sec | |
| Memory |
| Private memory: | 13.09 MB | |
| Private (maximum): | 7.07 MB | |
| Private (minimum): | 2.82 MB | |
| Non-paged memory: | 13.09 MB | |
| Virtual memory: | 71.12 MB | |
| Virtual memory (peak): | 73.41 MB | |
| Working set: | 6.1 MB | |
| Working set (peak): | 14.33 MB | |
| Page faults: | 31,989/min | |
| I/O |
| I/O read transfer: | 12.64 KB/sec | |
| I/O read operations: | 2/sec | |
| I/O write transfer: | 35 Bytes/sec | |
| I/O write operations: | 2/sec | |
| I/O other transfer: | 14.5 KB/sec | |
| I/O other operations: | 65/sec | |
| Resource allocations |
| Threads: | 13 | |
| Handles: | 259 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command lines: |
- "C:\Program Files\microsoft security client\nissrv.exe"
|
| Owner: | LOCAL SERVICE |
| Windows Service |
| Service name: | WdNisSvc |
| Display name: | Windows Defender-Netzwerkinspektionsdienst |
| Description: | “Schützt gegen Eindringversuche bei bekannten und neu erkannten Sicherheitsrisiken von Netzwerkprotokollen.” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| ntdll.dll |
| Total CPU: | 0.00753609% | |
| Kernel CPU: | 0.00022254% | |
| User CPU: | 0.00731355% | |
| CPU cycles: | 163,331/sec | |
| Memory: | 1.67 MB | |
| msvcrt.dll (Windows NT CRT DLL by Microsoft) |
| Total CPU: | 0.00527013% | |
| Kernel CPU: | 0.00180223% | |
| User CPU: | 0.00346789% | |
| CPU cycles: | 110,428/sec | |
| Context switches: | 1/sec | |
| Memory: | 636 KB | |
| NisSrv.exe (main module) |
| Total CPU: | 0.00051320% | |
| Kernel CPU: | 0.00038229% | |
| User CPU: | 0.00013091% | |
| CPU cycles: | 6,753/sec | |
| Memory: | 368 KB | |
| sechost.dll (Host for SCM/SDDL/LSA Lookup APIs by Microsoft) |
| Total CPU: | 0.00031121% | |
| Kernel CPU: | 0.00030001% | |
| User CPU: | 0.00001120% | |
| CPU cycles: | 3,207/sec | |
| Memory: | 124 KB | |
| ADVAPI32.dll |
| Total CPU: | 0.00001947% | |
| Kernel CPU: | 0.00000363% | |
| User CPU: | 0.00001584% | |
| CPU cycles: | 310/sec | |
| Memory: | 1.03 MB | |
| RPCRT4.dll |
| Total CPU: | 0.00000285% | |
| Kernel CPU: | 0.00000285% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 4/sec | |
| Memory: | 1.26 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
47.00% |
|
| Windows 8.1 |
14.50% |
|
| Windows 7 Ultimate |
12.50% |
|
| Windows 7 Professional |
10.00% |
|
| Windows 8.1 Pro |
6.50% |
|
| Windows Vista Home Premium |
3.50% |
|
| Windows 8.1 Single Language |
3.00% |
|
| Windows 8.1 Pro with Media Center |
2.00% |
|
| Windows 8.1 N |
0.50% |
|
| Windows 8.1 Enterprise Evaluation |
0.50% |
|
Distribution by country
United States installs about 52.50% of Microsoft Malware Protection.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
24.60% |
|
| Hewlett-Packard |
16.27% |
|
| ASUS |
13.49% |
|
| Acer |
13.10% |
|
| Toshiba |
9.52% |
|
| Lenovo |
7.94% |
|
| Sony |
4.76% |
|
| GIGABYTE |
2.38% |
|
| Intel |
1.59% |
|
| Gateway |
1.59% |
|
| MSI |
1.59% |
|
| NEC |
1.59% |
|
| Samsung |
1.19% |
|
| Alienware |
0.40% |
|
