Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

4.5.0218.0 7.33%
4.5.0216.0 7.05%
4.4.0304.0 4.23%
4.4.0304.0 0.28%
4.4.0304.0 0.42%
4.3.0219.0 6.21%
4.3.0219.0 2.82%
4.3.0216.0 0.85%
4.3.0216.0 1.55%
4.3.0215.0 3.24%
4.3.0215.0 0.99%
4.2.0223.0 11.00%
4.2.0223.0 20.87%
4.2.0216.0 0.42%
4.1.0522.0 19.89%
4.1.0522.0 12.83%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
GetTraceEnableFlags, GetTraceLoggerHandle, TraceEvent, GetTraceEnableLevel, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, StartServiceCtrlDispatcherW, IsValidSid, GetLengthSid, CopySid, ConvertSidToStringSidW, LookupAccountSidW, RegQueryValueExW, RegNotifyChangeKeyValue, RegOpenKeyExA, RegQueryValueExA, RegisterServiceCtrlHandlerExW, SetServiceStatus, TraceMessage
kernel32.dll
InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetProcessId, GetCurrentProcess, FreeLibrary, LoadLibraryExW, lstrcmpiW, LeaveCriticalSection, RaiseException, EnterCriticalSection, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceExW, GetModuleFileNameW, InitializeCriticalSection, SetProcessWorkingSetSize, CloseHandle, Sleep, InterlockedExchangeAdd, GetSystemTimeAsFileTime, DeleteTimerQueueTimer, DeviceIoControl, CreateSemaphoreW, WaitForSingleObject, InterlockedExchange, ReleaseSemaphore, SetEvent, CreateEventW, ResetEvent, ExpandEnvironmentStringsW, QueryDosDeviceW, SetErrorMode, VerifyVersionInfoW, CompareFileTime, VerSetConditionMask, CreateFileW, InterlockedIncrement, CreateTimerQueueTimer, GetNativeSystemInfo, ReadFile, GetFileSizeEx, GetFileAttributesW, LoadLibraryW, GetModuleHandleExW, WaitForSingleObjectEx, CreateEventA, GetProcessHeap, LoadLibraryA, InterlockedCompareExchange64, DuplicateHandle, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, GetModuleHandleA, OutputDebugStringA, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, SwitchToThread, InterlockedCompareExchange, HeapDestroy, GetLastError, HeapSetInformation, HeapCreate, LocalFree, LocalAlloc, GetProcAddress, GetVersionExW, GetModuleHandleW, GetSystemDirectoryW, ChangeTimerQueueTimer
mpclient.dll
MpConfigGetValue, MpConfigGetValueAlloc, MpConfigIteratorOpen, MpConfigOpen, MpConfigClose, MpTelemetrySetDWORD, MpTelemetryIncrementDWORD, MpClientUtilExportFunctions, MpConfigIteratorEnum, MpConfigInitialize, MpTelemetryInitialize, MpTelemetryUninitialize, MpConfigUninitialize, MpAllocMemory, MpConfigUnregisterNotifications, MpHandleClose, MpConfigRegisterForNotifications, MpNotificationRegister, MpManagerOpen, MpTelemetrySetIfMaxDWORD, MpTelemetryAddToAverageDWORD, MpFreeMemory, MpUtilsExportFunctions, MpConfigIteratorClose, MpTelemetrySetString
msvcrt.dll
DllMain
nislog.dll
NisLogOnServiceStart, NisLogOnSignatureEntry, NisLogOnSignatureMatch, NisLogOnParseError, NisLogInitialize, NisLogSPrintfW, NisLogWrite, NisLogCleanup
ole32.dll
CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, CoInitializeEx, CoCreateInstance, CoUninitialize, IIDFromString, CoRevokeClassObject
user32.dll
CharNextW, CharLowerBuffW, UnregisterClassA
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW

NisSrv.exe

Microsoft Malware Protection by Microsoft Corporation (Signed)

Remove NisSrv.exe
Version:   4.5.0218.0
MD5:   ca9e3db0d7c822f35d55d356f731fd2f
SHA1:   59399b4557958fa8a92607beda6eaadd7d7e838f

What is NisSrv.exe?

Network Inspection System (NIS), which is the signature-based part of the Forefront TMG Intrusion Prevention System and Microsoft Security Essentials. NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center to help detect and block malicious traffic. NIS, which is enabled by default, can be configured from the Getting Started Wizard.

About NisSrv.exe (from Microsoft Corporation)

Microsoft Security Essentials is our fully featured, real-time antivirus solution for your home or small business. It runs quietly and efficiently in the background, with no annoying pop-ups.
It ca

DetailsDetails

File name:nissrv.exe
Publisher:Microsoft Corporation
Product name:Microsoft Malware Protection
Description:Microsoft Network Realtime Inspection Service
Typical file path:C:\Program Files\microsoft security client\nissrv.exe
File version:4.5.0218.0
Size:339.73 KB (347,880 bytes)
Build date:3/21/2014 1:54 PM
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Thursday, July 26, 2012
Expiration date:Saturday, October 26, 2013
Digital DNA
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'WdNisSvc' (Windows Defender-Netzwerkinspektionsdienst)
  • WdNisSvc

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 47.00%
Windows 8.1 14.50%
Windows 7 Ultimate 12.50%
Windows 7 Professional 10.00%
Windows 8.1 Pro 6.50%
Windows Vista Home Premium 3.50%
Windows 8.1 Single Language 3.00%
Windows 8.1 Pro with Media Center 2.00%
Windows 8.1 N 0.50%
Windows 8.1 Enterprise Evaluation 0.50%

Distribution by countryDistribution by country

United States installs about 52.50% of Microsoft Malware Protection.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 24.60%
Hewlett-Packard 16.27%
ASUS 13.49%
Acer 13.10%
Toshiba 9.52%
Lenovo 7.94%
Sony 4.76%
GIGABYTE 2.38%
Intel 1.59%
Gateway 1.59%
MSI 1.59%
NEC 1.59%
Samsung 1.19%
Alienware 0.40%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE