Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

13,15,102,0 25.00%
13,11,103,0 25.00%
13,0,220,0 25.00%
11,0,281,0 25.00%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegSetValueExA, EqualSid, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, RegEnumValueW, RegisterServiceCtrlHandlerW, RegQueryInfoKeyW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, SetServiceStatus, StartServiceCtrlDispatcherW, AllocateAndInitializeSid, SetEntriesInAclW, FreeSid, RegEnumKeyExW, RegCreateKeyExW, RegNotifyChangeKeyValue, SetSecurityInfo, GetTokenInformation, GetAce, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, SetSecurityDescriptorDacl, SetSecurityDescriptorOwner, CopySid, IsValidSid, GetLengthSid, OpenThreadToken, OpenProcessToken, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetSecurityDescriptorControl, GetAclInformation, InitializeAcl, AddAce, RegDeleteValueW, RegDeleteKeyW, RegOpenKeyW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExA, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey
kernel32.dll
DllMain
ole32.dll
CoDisconnectObject, CLSIDFromProgID, CoResumeClassObjects, CoInitializeSecurity, CoRegisterClassObject, CoUninitialize, CoInitializeEx, CoTaskMemRealloc, CoLoadLibrary, CoFreeLibrary, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoRevokeClassObject, CoImpersonateClient, CoRevertToSelf, CoGetClassObject, CoSuspendClassObjects
psapi.dll
EnumProcessModules, EnumProcesses, GetModuleBaseNameW
shell32.dll
SHGetFolderPathW
user32.dll
LoadStringW, PostThreadMessageW, GetMessageW, DispatchMessageW, CharUpperW, CharNextW, UnregisterClassA, TranslateMessage, PeekMessageW, MsgWaitForMultipleObjects, wsprintfW
userenv.dll
UnloadUserProfile
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
wintrust.dll
WinVerifyTrust
Export table
_ClosePerfMon@0
_CollectPerfMon@16
_OpenPerfMon@4

mcsysmon.exe

McAfee VirusScan API by McAfee (Signed)

Remove mcsysmon.exe
Version:   13,15,102,0
MD5:   f2a433e0ea959028e349fb1d5bae01e7
SHA1:   988cd5d7a0722fda899f33eed2ae74fa69ce524a
SHA256:   97967c19a9fa4f48039c377a3471afa7fe68f6c96dedd3e7f48e157015c8bfe0

Overview

mcsysmon.exe runs as a service under the name McSysmon (McSysmon) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:mcsysmon.exe
Publisher:McAfee, Inc.
Product name:McAfee VirusScan API
Description:McAfee SystemGuards Service
Typical file path:C:\Program Files\McAfee\VirusScan\mcsysmon.exe
Original name:sysmon.exe
File version:13,15,102,0
Product version:13,15,0,0
Size:592.52 KB (606,736 bytes)
Build date:9/16/2009 9:17 AM
Certificate
Issued to:McAfee
Authority (CA):VeriSign
Effective date:Friday, September 12, 2008
Expiration date:Sunday, October 9, 2011
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • McSysmon
  • 'McSysmon' (McAfee SystemGuards)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00021127%
0.028634%
Kernel CPU:0.00002892%
0.013761%
User CPU:0.00018235%
0.014873%
Kernel CPU time:1,154 ms/min
100,923,805ms/min
CPU cycles:42,398/sec
17,470,203/sec
Memory
Private memory:5.38 MB
21.59 MB
Private (maximum):7.41 MB
Private (minimum):832 KB
Non-paged memory:5.38 MB
21.59 MB
Virtual memory:84.89 MB
140.96 MB
Virtual memory (peak):98.14 MB
169.69 MB
Working set:4.13 MB
18.61 MB
Working set (peak):10.08 MB
37.95 MB
Page faults:49,346/min
2,039/min
I/O
I/O read transfer:304 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:53 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:81 Bytes/sec
448.09 KB/min
I/O other operations:4/sec
1,671/min
Resource allocations
Threads:17
12
Handles:341
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:C:\progra~1\mcafee\viruss~1\mcsysmon.exe
Owner:SYSTEM
Windows Service
Service name:McSysmon
Display name:McSysmon
Description:“Monitors potentially unauthorized changes to this computer.”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
mfehida.dll (SYSCORE.14.0.0.351.x86 by McAfee)
Total CPU:0.00061135%
0.272967%
Kernel CPU:0.00016346%
0.107585%
User CPU:0.00044789%
0.165382%
CPU cycles:13,158/sec
5,741,424/sec
Memory:28 KB
1.16 MB
ole32.dll
Total CPU:0.00007302%
Kernel CPU:0.00002655%
User CPU:0.00004647%
CPU cycles:1,683/sec
Memory:1.36 MB
ntdll.dll
Total CPU:0.00005261%
Kernel CPU:0.00002631%
User CPU:0.00002631%
CPU cycles:804/sec
Memory:1.23 MB
sechost.dll
Total CPU:0.00005231%
Kernel CPU:0.00003923%
User CPU:0.00001308%
CPU cycles:1,421/sec
Memory:100 KB
mcsysmon.exe (main module)
Total CPU:0.00004904%
Kernel CPU:0.00001471%
User CPU:0.00003433%
CPU cycles:1,933/sec
Memory:608 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 50.00%
Windows Vista Home Premium 25.00%
Windows 7 Starter 25.00%

Distribution by countryDistribution by country

United States installs about 75.00% of McAfee VirusScan API.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 33.33%
Acer 33.33%
Sony 33.33%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE