ntrtscan.exe
Trend Micro OfficeScan by Trend Micro
| Version: | 7.0.0.1040 |
| MD5: | e730b757178e12d15afdcf27f573b30c |
| SHA1: | 4bdd5cbda7bf07d256e921c3361c304e02518b86 |
Overview
ntrtscan.exe runs as a service under the name OfficeScanNT RealTime Scan (ntrtscan) with extensive SYSTEM privileges (full administrator access). This particular version is usually found on Microsoft Windows XP (5.1.2600.131072).
Details
| File name: | ntrtscan.exe |
| Publisher: | Trend Micro Inc. |
| Product name: | Trend Micro OfficeScan |
| Description: | Ntrtscan.exe |
| Typical file path: | C:\Program Files\trend micro\officescan client\ntrtscan.exe |
| File version: | 7.0.0.1040 |
| Product version: | 7.0 |
| Size: | 476 KB (487,424 bytes) |
| Build date: | 3/15/2005 12:46 PM |
| Digital DNA |
| PE subsystem: | Windows Console |
| File packed: | No |
| .NET CLR: | No |
More details
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'ntrtscan' (OfficeScanNT RealTime Scan)
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00444550% | |
| Kernel CPU: | 0.00309890% | |
| User CPU: | 0.00134660% | |
| Kernel CPU time: | 1,734 ms/min | |
| Context switches: | 43/sec | |
| Memory |
| Private memory: | 2.63 MB | |
| Private (maximum): | 4.7 MB | |
| Private (minimum): | 4.66 MB | |
| Non-paged memory: | 2.63 MB | |
| Virtual memory: | 34.74 MB | |
| Virtual memory (peak): | 38.03 MB | |
| Working set: | 4.68 MB | |
| Working set (peak): | 5.13 MB | |
| Resource allocations |
| Threads: | 14 | |
| Handles: | 86 | |
| GUI GDI count: | 28 | |
| GUI USER count: | 18 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command line: | "C:\Program Files\trend micro\officescan client\ntrtscan.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | ntrtscan |
| Display name: | OfficeScanNT RealTime Scan |
| Type: | Win32OwnProcess, InteractiveProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| ADVAPI32.dll |
| Total CPU: | 0.00901074% | |
| Kernel CPU: | 0.00215182% | |
| User CPU: | 0.00685892% | |
| Memory: | 620 KB | |
| ntrtscan.exe (main module) |
| Total CPU: | 0.00310393% | |
| Kernel CPU: | 0.00283400% | |
| User CPU: | 0.00026993% | |
| Context switches: | 11/sec | |
| Memory: | 640 KB | |
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
100.00% |
|
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Toshiba |
100.00% |
|
