Should I block it?

No, this file is 100% safe to run.

Additional versions

13,15,102,0	25.00%
13,11,103,0	25.00%
13,0,220,0	25.00%
11,0,281,0	25.00%

Relationships

PE file structure

Show functions

Import table

advapi32.dll

RegSetValueExA, EqualSid, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, RegEnumValueW, RegisterServiceCtrlHandlerW, RegQueryInfoKeyW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, SetServiceStatus, StartServiceCtrlDispatcherW, AllocateAndInitializeSid, SetEntriesInAclW, FreeSid, RegEnumKeyExW, RegCreateKeyExW, RegNotifyChangeKeyValue, SetSecurityInfo, GetTokenInformation, GetAce, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, SetSecurityDescriptorDacl, SetSecurityDescriptorOwner, CopySid, IsValidSid, GetLengthSid, OpenThreadToken, OpenProcessToken, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetSecurityDescriptorControl, GetAclInformation, InitializeAcl, AddAce, RegDeleteValueW, RegDeleteKeyW, RegOpenKeyW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExA, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey

kernel32.dll

DllMain

ole32.dll

CoDisconnectObject, CLSIDFromProgID, CoResumeClassObjects, CoInitializeSecurity, CoRegisterClassObject, CoUninitialize, CoInitializeEx, CoTaskMemRealloc, CoLoadLibrary, CoFreeLibrary, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoRevokeClassObject, CoImpersonateClient, CoRevertToSelf, CoGetClassObject, CoSuspendClassObjects

psapi.dll

EnumProcessModules, EnumProcesses, GetModuleBaseNameW

shell32.dll

SHGetFolderPathW

user32.dll

LoadStringW, PostThreadMessageW, GetMessageW, DispatchMessageW, CharUpperW, CharNextW, UnregisterClassA, TranslateMessage, PeekMessageW, MsgWaitForMultipleObjects, wsprintfW

userenv.dll

UnloadUserProfile

version.dll

GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

wintrust.dll

WinVerifyTrust

Export table

_ClosePerfMon@0

_CollectPerfMon@16

_OpenPerfMon@4

mcsysmon.exe

McAfee VirusScan API by McAfee (Signed)

Remove mcsysmon.exe

Version:	13,0,220,0
MD5:	64cbf6b5effcd7c689dafb44b4e8834f
SHA1:	75f37a4e4fe92f76c2c96aeb394b32da8ac434f8
SHA256:	e203aa49521f82f49bd4f71e6b64ad87d1d5a8cadd5eaf14417ae4c1644bc466

Overview

mcsysmon.exe runs as a service under the name McSysmon (McSysmon) within the local user context. The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).

Details

File name:	mcsysmon.exe
Publisher:	McAfee, Inc.
Product name:	McAfee VirusScan API
Description:	McAfee SystemGuards Service
Typical file path:	C:\Program Files\McAfee\VirusScan\mcsysmon.exe
Original name:	sysmon.exe
File version:	13,0,220,0
Product version:	13,0,0,0
Size:	591.32 KB (605,512 bytes)
Build date:	6/20/2008 11:28 PM
Certificate
Issued to:	McAfee
Authority (CA):	VeriSign
Effective date:	Friday, September 12, 2008
Expiration date:	Sunday, October 9, 2011
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No