Should I block it?

No, this file is 100% safe to run.

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

PE file structure

Show functions

Import table

advapi32.dll

StartServiceCtrlDispatcherW, GetUserNameA, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, SetSecurityDescriptorDacl, CopySid, IsValidSid, GetLengthSid, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetAclInformation, InitializeAcl, AddAce, RegOpenKeyW, GetSecurityDescriptorControl, RegisterServiceCtrlHandlerW, SetServiceStatus, RegisterEventSourceW, ReportEventW, DeregisterEventSource, ControlService, QueryServiceStatus, DeleteService, CreateServiceW, OpenSCManagerW, CloseServiceHandle, OpenServiceW, StartServiceW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegNotifyChangeKeyValue

kernel32.dll

CreateFileW, FileTimeToSystemTime, GetFileAttributesExW, GetTempPathW, GetFileSize, SetFilePointer, SetEndOfFile, WriteFile, GetProcessHeap, HeapSize, HeapReAlloc, GetVersionExW, HeapAlloc, HeapDestroy, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, GetWindowsDirectoryW, CreateEventW, CloseHandle, SetEvent, lstrcmpiW, AllocConsole, GetStdHandle, SetConsoleCtrlHandler, FreeConsole, Sleep, GetModuleFileNameW, GetLastError, lstrlenW, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, GetCurrentThreadId, GetComputerNameA, GetModuleHandleW, EnterCriticalSection, RaiseException, GetFileSizeEx, MoveFileW, DeleteFileW, GetFileAttributesExA, FileTimeToLocalFileTime, FileTimeToDosDateTime, OutputDebugStringA, lstrlenA, MultiByteToWideChar, lstrcmpiA, GetPrivateProfileSectionW, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetUserDefaultLangID, GetSystemDefaultLangID, WaitForSingleObject, GetModuleFileNameA, SetLastError, InterlockedCompareExchange, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetCurrentProcessId, GetLocalTime, WideCharToMultiByte, HeapFree, InterlockedExchange, SetUnhandledExceptionFilter, IsDebuggerPresent, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, FormatMessageA, GetProcAddress

msvcp80.dll

DllMain

msvcr80.dll

DllMain

shell32.dll

ShellExecuteW, SHCreateDirectoryExW

shfolder.dll

SHGetFolderPathW

shlwapi.dll

PathAppendW, PathCombineW, PathFindExtensionA, PathStripPathW, PathRenameExtensionW, PathFindFileNameW, PathFileExistsW, PathFindFileNameA

user32.dll

PostQuitMessage, DefWindowProcW, SendMessageW, wsprintfW, CharNextW, LoadIconW, LoadCursorW, RegisterClassW, CreateWindowExW, GetMessageW, TranslateMessage, DispatchMessageW, DestroyWindow, UnregisterClassA, GetUserObjectInformationA, GetProcessWindowStation, FindWindowW

version.dll

GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW

swAgent.exe

McAfee Security-as-a-Service by McAfee (Signed)

Remove swAgent.exe

Version:	6.0.0.390
MD5:	5cb1f7f8c2a4ffbb9cbeceadfdf8818c
SHA1:	1aad80c24b36b962a9c3083b1b8b1eefe1a1d36a
SHA256:	adb2df04605ad246c70908ecee5011e80e56b7d941e836b03f894cd40fe73e36

Overview

swagent.exe runs as a service under the name SonicWALL Agent Service (SWAGENT) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA). This particular version is usually found on Windows Vista (TM) Ultimate (6.0.6002.131072).

Details

File name:	swagent.exe
Publisher:	McAfee, Inc.
Product name:	McAfee® Security-as-a-Service
Description:	swAgent Module
Typical file path:	C:\Program Files\mcafee\managed virusscan\agent\swagent.exe
File version:	6.0.0.390
Product version:	6.0.0
Size:	190.03 KB (194,592 bytes)
Build date:	2/19/2013 4:29 PM
Certificate
Issued to:	McAfee
Authority (CA):	VeriSign
Effective date:	Wednesday, October 5, 2011
Expiration date:	Tuesday, December 31, 2013
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
Code language:	Microsoft Visual C++ 8.0
.NET CLR:	No

More details

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'SWAGENT' (SonicWALL Agent Service)

Network connections

[UDP] listens on port 59152

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00007762%	0.028634%
Kernel CPU:	0.00004456%	0.013761%
User CPU:	0.00003306%	0.014873%
Kernel CPU time:	63 ms/min	100,923,805ms/min
CPU cycles:	6,010/sec	17,470,203/sec
Memory
Private memory:	1.37 MB	21.59 MB
Private (maximum):	3.55 MB
Private (minimum):	204 KB
Non-paged memory:	1.37 MB	21.59 MB
Virtual memory:	49.21 MB	140.96 MB
Virtual memory (peak):	50.21 MB	169.69 MB
Working set:	556 KB	18.61 MB
Working set (peak):	4.25 MB	37.95 MB
Page faults:	1,333/min	2,039/min
I/O
I/O read transfer:	0 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O write transfer:	0 Bytes/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	0 Bytes/sec	448.09 KB/min
I/O other operations:	1/sec	1,671/min
Resource allocations
Threads:	3	12
Handles:	61	600

Process properties

Integrety level:	System
Platform:	32-bit
Command line:	"C:\Program Files\mcafee\managed virusscan\agent\swagent.exe"
Owner:	SYSTEM
Windows Service
Service name:	SWAGENT
Display name:	SonicWALL Agent Service
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads