Should I block it?

No, this file is 100% safe to run.

Relationships

PE file structure

Show functions

Import table

advapi32.dll

StartServiceCtrlDispatcherA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, ControlService, RegDeleteValueA, OpenSCManagerA, OpenServiceA, DeleteService, QueryServiceStatus, CreateServiceA, CloseServiceHandle, RegSetValueExA, RegCloseKey, StartServiceA, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegisterServiceCtrlHandlerA, SetServiceStatus, RegDeleteKeyW, RegQueryValueExW

kernel32.dll

GetTickCount, GetPrivateProfileStringA, InterlockedExchange, TerminateThread, GetPrivateProfileIntA, GetWindowsDirectoryA, GetModuleFileNameA, GetCurrentProcessId, CreateEventA, CreateMutexA, WideCharToMultiByte, WaitForMultipleObjects, GetVersionExA, MoveFileExA, CopyFileA, MoveFileA, CreateDirectoryA, InterlockedDecrement, InterlockedIncrement, RaiseException, DeleteCriticalSection, InitializeCriticalSection, FindNextFileA, FindFirstFileA, DeleteFileA, WaitForSingleObject, FindClose, OpenEventA, IsBadReadPtr, SetEvent, Sleep, EnterCriticalSection, CloseHandle, MultiByteToWideChar, GetLastError, LeaveCriticalSection, IsBadWritePtr, GetCurrentProcess, LoadLibraryA, GetProcAddress, ReleaseMutex, ResetEvent, FlushFileBuffers, ExitProcess, GetCommandLineA, GetFileAttributesA, HeapFree, GetLocaleInfoW, SetEnvironmentVariableA, CompareStringW, CompareStringA, SetConsoleCtrlHandler, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetStringTypeW, GetStringTypeA, IsBadCodePtr, SetUnhandledExceptionFilter, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, HeapSize, GetOEMCP, GetACP, GetCPInfo, LCMapStringW, LCMapStringA, ReadFile, SetEndOfFile, SetFilePointer, SetHandleCount, SetStdHandle, FatalAppExitA, HeapReAlloc, VirtualAlloc, ExitThread, TlsFree, GetStartupInfoA, FreeLibrary, GetModuleHandleA, TerminateProcess, CreateFileA, GetFileType, RtlUnwind, HeapAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, UnhandledExceptionFilter, GetCurrentThread, TlsGetValue, SetLastError, GetPrivateProfileStringW, TlsAlloc, GetStdHandle, WriteFile, GetVersion, GetSystemDefaultLangID, LoadLibraryW, GetModuleFileNameW, GetSystemTime, GetVersionExW, lstrlenA, GetTimeZoneInformation, GetLocalTime, CreateThread, GetCurrentThreadId, TlsSetValue

ofcpfwcommon.dll

PFWFreePolicySpace, fpkCreate, fpkExtract, PFWSetAllModifiedInformation, PFWFlushPolicyContentA, fpkDestroy, PFWResolvePolicyId, PFWGetAllModifiedInformation, PFWFetchAllExceptionsFromPolicyFile, PFWGetGeneralInformationOfPolicyA, fpkMake, PFWFreeProfileSet, PFWAddExceptionW, PFWGetGeneralInformationOfPolicyW, PFWFlushPolicyContentW, PFWAddExceptionA, fpkAppend, PFWGetProfilePrivilege, PFWFetchAExceptionW, PFWGetProfilePolicyIDA, PFWOpenProfileSetFileA, PFWGetProfilePolicyIDW

ofcpipc.dll

OIPC_CreateCommand, OIPC_FreeCommand, OIPC_ReceiveStop, OIPC_ReplyCommand, OIPC_SendData, OIPC_Init, OIPC_DeInit, OIPC_ReceiveStart, OIPC_CmdDataCopy

ole32.dll

StringFromGUID2, CoUninitialize, CoInitialize, CoCreateInstance

snmpapi.dll

SnmpUtilOidNCmp, SnmpUtilVarBindFree, SnmpUtilOidFree, SnmpUtilOidCmp, SnmpUtilOidCpy

user32.dll

LoadStringA, GetMessageA, RegisterClassExA, CreateWindowExA, PostMessageA, TranslateMessage, DispatchMessageA, LoadStringW, PostQuitMessage, DefWindowProcA

version.dll

VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoW, GetFileVersionInfoSizeW, GetFileVersionInfoSizeA

OfcPfwSvc.exe

Trend Micro OfficeScan by Trend Micro

Remove OfcPfwSvc.exe

Version:	7.0.0.1040
MD5:	123c6c1c266e26c4367fa4ba21c4539c
SHA1:	56559033a466d786893d8d5c29bfbea78b9f6a28

Overview

ofcpfwsvc.exe runs as a service under the name OfficeScanNT Personal Firewall (OfcPfwSvc) with extensive SYSTEM privileges (full administrator access). This particular version is usually found on Microsoft Windows XP (5.1.2600.131072).

Details

File name:	ofcpfwsvc.exe
Publisher:	Trend Micro Inc.
Product name:	Trend Micro OfficeScan
Description:	OfcPfwSvc
Typical file path:	C:\Program Files\trend micro\officescan client\ofcpfwsvc.exe
File version:	7.0.0.1040
Product version:	7.0
Size:	224.08 KB (229,456 bytes)
Build date:	3/15/2005 12:53 PM
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'OfcPfwSvc' (OfficeScanNT Personal Firewall)

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00256207%	0.028634%
Kernel CPU:	0.00155107%	0.013761%
User CPU:	0.00101100%	0.014873%
Kernel CPU time:	359 ms/min	100,923,805ms/min
Memory
Private memory:	2.36 MB	21.59 MB
Private (maximum):	5 MB
Private (minimum):	4.99 MB
Non-paged memory:	2.36 MB	21.59 MB
Virtual memory:	37.53 MB	140.96 MB
Virtual memory (peak):	39.81 MB	169.69 MB
Working set:	5 MB	18.61 MB
Working set (peak):	5.46 MB	37.95 MB
Resource allocations
Threads:	8	12
Handles:	147	600
GUI GDI count:	11	103
GUI USER count:	5	49

Process properties

Integrety level:	Undefined
Platform:	32-bit
Command line:	"C:\Program Files\trend micro\officescan client\ofcpfwsvc.exe"
Owner:	SYSTEM
Windows Service
Service name:	OfcPfwSvc
Display name:	OfficeScanNT Personal Firewall
Type:	Win32OwnProcess, InteractiveProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads

Averages

OfcPfwSvc.exe (main module)
Total CPU:	0.00169601%	0.272967%
Kernel CPU:	0.00094977%	0.107585%
User CPU:	0.00074625%	0.165382%
Memory:	236 KB	1.16 MB
ADVAPI32.dll
Total CPU:	0.00067313%
Kernel CPU:	0.00040388%
User CPU:	0.00026925%
Memory:	620 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Distribution by Windows OS

OS version	distribution
Microsoft Windows XP	100.00%

Distribution by PC manufacturer

PC Manufacturer	distribution
Toshiba	100.00%

Remove Adware and Spyware Programs, FREE Download!