Should I block it?

No, this file is 100% safe to run.

Additional versions

6.3.9600.16384 (winblue_rtm.130821-1623)	1.57%
6.3.9600.16384 (winblue_rtm.130821-1623)	0.10%
6.3.9600.16384 (winblue_rtm.130821-1623)	2.75%
6.3.9600.16384 (winblue_rtm.130821-1623)	0.05%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.10%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.05%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.15%
6.2.9200.16693 (win8_gdr.130815-1505)	3.05%
6.2.9200.16686 (win8_gdr.130809-1506)	0.29%
6.2.9200.16642 (win8_gdr.130614-1704)	0.10%
6.2.9200.16384 (win8_rtm.120725-1247)	2.21%
6.2.9200.16384 (win8_rtm.120725-1247)	10.85%
6.2.9200.16384 (win8_rtm.120725-1247)	1.23%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.10%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.10%
6.2.8250.0 (winmain_win8beta.120217-1520)	0.05%
6.2.8102.0 (winmain_win8m3.110823-1455)	0.10%
6.1.7600.16385 (win7_rtm.090713-1255)	6.97%
6.1.7600.16385 (win7_rtm.090713-1255)	42.14%
6.1.7600.16385 (win7_rtm.090713-1255)	23.92%
6.1.7600.16385 (win7_rtm.090713-1255)	4.08%
6.1.7600.16385 (win7_rtm.090713-1255)	0.05%

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

SLsvc.exe (Microsoft Software Licensing Service by Microsoft)

sppsvc.exe

Microsoft Software Protection Platform Service by Microsoft Corporation (Signed)

Remove sppsvc.exe

Version:	6.2.9200.16384 (win8_rtm.120725-1247)
MD5:	d9e859f4b29377854e1ab0f302824e1c
SHA1:	b82b3bf75792905d8d23badd25bfd0740c55a79d
SHA256:	14d9639204c0af1fe8a06865bff9ff4b978ee42c02c774c5fa9f2bea9f75676c

This is a Windows system installed file with Windows File Protection (WFP) enabled.

Warning 4 antivirus scanners has detected malware.

Overview

sppsvc.exe is malware that runs as a service under the name Ochrana softwaru (sppsvc) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by Microsoft Corporation. This version is installed on Windows 8 and is compiled as a 32 bit program.

Details

File name:	sppsvc.exe
Publisher:	Microsoft Corporation
Product name:	Microsoft Software Protection Platform Service
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\sppsvc.exe
Original name:	sppsvc.exe.mui
File version:	6.2.9200.16384 (win8_rtm.120725-1247)
Product version:	6.2.9200.16384
Size:	10 KB (10,240 bytes)
Certificate
Issued to:	Microsoft Corporation
Authority (CA):	Microsoft Corporation
Expiration date:	Tuesday, July 9, 2013
Digital DNA
PE subsystem:	Windows Console
Entropy:	7.357806
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

SLSvc
'sppsvc' (Software Protection)

Malware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.

Antivirus engine	Engine version	Detection
Comodo Internet Security	15862	UnclassifiedMalware
McAfee	5.400.1158	GenericTRA-BS!D9E859F4B293
McAfee Gateway Anti-Malware	v2012.1-dat	GenericTRA-BS!D9E859F4B293
Trend Micro HouseCall	9.700.0.1001	TROJ_GEN.F47V1215

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00000399%	0.028634%
Kernel CPU:	0.00000399%	0.013761%
Kernel CPU time:	6 ms/min	100,923,805ms/min
CPU cycles:	321/sec	17,470,203/sec
Memory
Private memory:	597.23 KB	21.59 MB
Private (maximum):	1.93 MB
Private (minimum):	1.22 MB
Non-paged memory:	597.23 KB	21.59 MB
Virtual memory:	17.77 MB	140.96 MB
Virtual memory (peak):	19.55 MB	169.69 MB
Working set:	1.25 MB	18.61 MB
Working set (peak):	2.58 MB	37.95 MB
Page faults:	983/min	2,039/min
I/O
I/O read transfer:	11 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O other transfer:	0 Bytes/sec	448.09 KB/min
I/O other operations:	1/sec	1,671/min
Resource allocations
Threads:	2	12
Handles:	47	600

Process properties

Integrety level:	System
Platform:	32-bit
Command line:	C:\windows\sppsvc.exe
Owner:	SYSTEM
Windows Service
Service name:	sppsvc
Display name:	Ochrana softwaru
Description:	“Gjør det mulig å laste ned, installere og aktivere digitale lisenser for Windows og Windows-programmer. Hvis tjenesten deaktiveres, kan det hende at operativsystemet og lisensierte programmer kjøres i varslingsmodus. Det anbefales på det sterkeste at du ikke deaktiverer tjenesten for programvarebeskyttelse.”
Type:	Win32OwnProcess
Parent process:	services.exe (by Microsoft)

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	34.00%
Windows 8.1	17.00%
Windows 7 Ultimate	15.50%
Windows 8.1 Pro	7.50%
Windows 7 Professional	7.00%
Windows 8	3.50%
Windows 8.1 Single Language	3.50%
Windows 8 Pro	3.00%
Windows 8 Single Language	2.50%
Windows 8.1 Pro with Media Center	2.00%
Windows 7 Home Basic	1.50%
Windows 8 Enterprise N	1.00%
Windows 8.1 N	0.50%
Windows Seven Black Edition	0.50%
Windows 8.1 Enterprise Evaluation	0.50%
Windows 8 Enterprise	0.50%

Distribution by country

United States installs about 45.23% of Microsoft Software Protection Platform Service.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	18.90%
Hewlett-Packard	18.50%
ASUS	18.11%
Acer	12.60%
Toshiba	11.02%
Lenovo	8.66%
Sony	3.94%
Intel	2.36%
Samsung	1.97%
GIGABYTE	1.97%
Alienware	1.18%
Medion	0.79%

Remove Adware and Spyware Programs, FREE Download!