Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

13,15,102,0 25.00%
13,11,103,0 25.00%
13,0,220,0 25.00%
11,0,281,0 25.00%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegSetValueExA, EqualSid, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, RegEnumValueW, RegisterServiceCtrlHandlerW, RegQueryInfoKeyW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, SetServiceStatus, StartServiceCtrlDispatcherW, AllocateAndInitializeSid, SetEntriesInAclW, FreeSid, RegEnumKeyExW, RegCreateKeyExW, RegNotifyChangeKeyValue, SetSecurityInfo, GetTokenInformation, GetAce, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, SetSecurityDescriptorDacl, SetSecurityDescriptorOwner, CopySid, IsValidSid, GetLengthSid, OpenThreadToken, OpenProcessToken, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetSecurityDescriptorControl, GetAclInformation, InitializeAcl, AddAce, RegDeleteValueW, RegDeleteKeyW, RegOpenKeyW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExA, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey
kernel32.dll
DllMain
ole32.dll
CoDisconnectObject, CLSIDFromProgID, CoResumeClassObjects, CoInitializeSecurity, CoRegisterClassObject, CoUninitialize, CoInitializeEx, CoTaskMemRealloc, CoLoadLibrary, CoFreeLibrary, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoRevokeClassObject, CoImpersonateClient, CoRevertToSelf, CoGetClassObject, CoSuspendClassObjects
psapi.dll
EnumProcessModules, EnumProcesses, GetModuleBaseNameW
shell32.dll
SHGetFolderPathW
user32.dll
LoadStringW, PostThreadMessageW, GetMessageW, DispatchMessageW, CharUpperW, CharNextW, UnregisterClassA, TranslateMessage, PeekMessageW, MsgWaitForMultipleObjects, wsprintfW
userenv.dll
UnloadUserProfile
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
wintrust.dll
WinVerifyTrust
Export table
_ClosePerfMon@0
_CollectPerfMon@16
_OpenPerfMon@4

mcsysmon.exe

McAfee VirusScan API by McAfee (Signed)

Remove mcsysmon.exe
Version:   13,11,103,0
MD5:   a6dfa048299d05bddb08fc59ffe090f6
SHA1:   ce4606ec5caeb01e5a7f4ddc7927de616e213af8
SHA256:   89828d022eafd8729cb1cfc5acfa61fff2e1b82634e3ffd29fe64d02bd79db81

Overview

mcsysmon.exe runs as a service under the name McSysmon (McSysmon) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:mcsysmon.exe
Publisher:McAfee, Inc.
Product name:McAfee VirusScan API
Description:McAfee SystemGuards Service
Typical file path:C:\Program Files\McAfee\VirusScan\mcsysmon.exe
Original name:sysmon.exe
File version:13,11,103,0
Product version:13,11,0,0
Size:592.52 KB (606,736 bytes)
Certificate
Issued to:McAfee
Authority (CA):VeriSign
Effective date:Friday, September 12, 2008
Expiration date:Sunday, October 9, 2011
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • McSysmon
  • 'McSysmon' (McAfee SystemGuards)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00016647%
0.028634%
Kernel CPU:0.00013854%
0.013761%
User CPU:0.00002793%
0.014873%
Kernel CPU time:7,894 ms/min
100,923,805ms/min
CPU cycles:120,232/sec
17,470,203/sec
Memory
Private memory:5.8 MB
21.59 MB
Private (maximum):7.05 MB
Private (minimum):548 KB
Non-paged memory:5.8 MB
21.59 MB
Virtual memory:92.8 MB
140.96 MB
Virtual memory (peak):104.52 MB
169.69 MB
Working set:2.91 MB
18.61 MB
Working set (peak):9.04 MB
37.95 MB
Page faults:89,397/min
2,039/min
I/O
I/O read transfer:611 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:0 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:122 Bytes/sec
448.09 KB/min
I/O other operations:6/sec
1,671/min
Resource allocations
Threads:17
12
Handles:344
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:C:\progra~1\mcafee\viruss~1\mcsysmon.exe
Owner:SYSTEM
Windows Service
Service name:McSysmon
Display name:McSysmon
Description:“Monitors potentially unauthorized changes to this computer.”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
mfehida.dll (SYSCORE.14.0.0.345.x86 by McAfee)
Total CPU:0.00205614%
0.272967%
Kernel CPU:0.00061372%
0.107585%
User CPU:0.00144241%
0.165382%
CPU cycles:31,232/sec
5,741,424/sec
Memory:28 KB
1.16 MB
ole32.dll
Total CPU:0.00017926%
Kernel CPU:0.00011453%
User CPU:0.00006473%
CPU cycles:3,151/sec
Memory:1.36 MB
sechost.dll
Total CPU:0.00016738%
Kernel CPU:0.00010338%
User CPU:0.00006400%
CPU cycles:2,832/sec
Memory:100 KB
mcsysmon.exe (main module)
Total CPU:0.00010929%
Kernel CPU:0.00003741%
User CPU:0.00007187%
CPU cycles:1,983/sec
Memory:608 KB
ntdll.dll
Total CPU:0.00004773%
Kernel CPU:0.00003291%
User CPU:0.00001482%
CPU cycles:824/sec
Memory:1.23 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 50.00%
Windows Vista Home Premium 25.00%
Windows 7 Starter 25.00%

Distribution by countryDistribution by country

United States installs about 75.00% of McAfee VirusScan API.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 33.33%
Acer 33.33%
Sony 33.33%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE