Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

7.0.302.0 10.29%
6.0.316.0 11.27%
6.0.314.0 0.49%
6.0.308.0 11.27%
6.0.306.0 7.35%
6.0.115.0 RC 2.45%
5.2.7.0 16.67%
5.2.15.0 4.41%
5.0.94.0 4.41%
5.0.93.7 1.47%
5.0.93.0 2.45%
4.2.71.2 4.41%
4.2.67.10 0.49%
4.2.64.12 4.41%
4.2.58.3 0.49%
4.2.42.7 0.49%
4.2.42.0 0.49%
4.0.474.10 0.49%
4.0.474.0 1.47%
4.0.468.0 0.49%
4.0.467.0 0.49%
4.0.437.0 0.49%
4.0.417 6.86%
4.0.314 1.47%
3.0.710 0.49%
View more

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
DuplicateToken, RegEnumKeyW, DuplicateTokenEx, GetTokenInformation, OpenThreadToken, StartServiceW, RegQueryInfoKeyW, RegEnumKeyExW, OpenSCManagerW, RevertToSelf, RegOpenKeyW, ControlService, OpenProcessToken, CreateProcessAsUserW, SetServiceStatus, RegisterServiceCtrlHandlerW, CreateServiceW, StartServiceCtrlDispatcherW, QueryServiceStatus, DeleteService, RegDeleteKeyW, AllocateAndInitializeSid, EqualSid, FreeSid, RegEnumValueW, RegDeleteValueW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetSecurityDescriptorDacl, GetKernelObjectSecurity, SetKernelObjectSecurity, RegOpenKeyA, RegUnLoadKeyW, RegLoadKeyW, LookupPrivilegeValueW, AdjustTokenPrivileges, LookupAccountNameW, GetSidSubAuthority, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, SetThreadToken, RegOpenKeyExW, CloseServiceHandle, OpenServiceW, RegCloseKey, LookupAccountSidW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExA, RegDeleteKeyA, GetNamedSecurityInfoW, SetNamedSecurityInfoW, LogonUserW, LsaNtStatusToWinError, LsaAddAccountRights, LsaRemoveAccountRights, GetAclInformation, GetLengthSid, InitializeAcl, AddAccessAllowedAceEx, AddAccessDeniedAceEx, GetAce, AddAce, DeleteAce, LsaStorePrivateData, LsaRetrievePrivateData, ReportEventW, RegisterEventSourceW, DeregisterEventSource
gdi32.dll
SelectObject, CreateCompatibleDC, GetObjectW, DeleteDC, DeleteObject, GetDIBits
kernel32.dll
MoveFileExW, MoveFileW, GetVersion, LocalFree, SetFileAttributesW, FileTimeToLocalFileTime, GetComputerNameA, GetLocalTime, GetACP, VirtualAlloc, ReleaseMutex, OpenFileMappingW, DuplicateHandle, UnmapViewOfFile, CreateMutexW, MapViewOfFile, OpenMutexW, GetDriveTypeW, QueryDosDeviceW, GetEnvironmentVariableW, GetLogicalDriveStringsW, FindResourceW, FindResourceExW, LoadResource, LockResource, FreeResource, SizeofResource, LocalAlloc, GlobalMemoryStatus, ReadProcessMemory, GetModuleHandleA, lstrcmpA, InterlockedExchangeAdd, GetLocaleInfoW, LoadLibraryExW, GetLogicalDrives, GetModuleFileNameA, VirtualProtect, GetFileTime, SetFileTime, SetFilePointer, SetEndOfFile, GetTempFileNameW, FlushFileBuffers, GetFileInformationByHandle, GetDiskFreeSpaceW, LockFileEx, UnlockFileEx, GetSystemInfo, VirtualFree, TryEnterCriticalSection, CreateSemaphoreW, ReleaseSemaphore, GetExitCodeThread, SetUnhandledExceptionFilter, TlsFree, TlsGetValue, TlsSetValue, GetExitCodeProcess, InterlockedExchange, QueryPerformanceCounter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoA, InterlockedCompareExchange, GetVersionExA, RaiseException, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, lstrcpynW, lstrlenW, GetFullPathNameW, GetFileAttributesW, GetModuleFileNameW, WaitForMultipleObjects, WriteFile, FileTimeToSystemTime, CreateProcessW, GetShortPathNameW, SetThreadPriority, CopyFileW, CreateDirectoryW, GetTempPathW, GetCurrentThread, FindClose, FindNextFileW, InterlockedDecrement, InterlockedIncrement, FindFirstFileW, GetModuleHandleW, GetTimeZoneInformation, GetCurrentThreadId, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, GetLastError, SystemTimeToFileTime, CompareFileTime, EnterCriticalSection, GetSystemTime, WaitForSingleObject, ReadFile, GetFileSize, FreeLibrary, SetEvent, LoadLibraryW, Sleep, GetProcAddress, ExpandEnvironmentStringsW, ResetEvent, WideCharToMultiByte, lstrlenA, MultiByteToWideChar, TlsAlloc, GetTickCount, GetCurrentProcess, GetCurrentProcessId, GetTimeFormatW, SetErrorMode, TerminateThread, GetDateFormatW, GetSystemTimeAsFileTime, GetComputerNameW, LocalFileTimeToFileTime, OpenProcess, DeleteFileW, SetLastError, GetSystemPowerStatus, GetFileAttributesA, GetFullPathNameA, AreFileApisANSI, lstrcpynA, CreateFileA, CreateFileMappingW, CreateFileMappingA, DeviceIoControl, CreateEventW, CreateFileW, CreateThread, CloseHandle, ResumeThread, IsBadReadPtr, GetOverlappedResult, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, lstrcpyW, lstrcatW, CreatePipe, GetWindowsDirectoryW, SetHandleInformation, RemoveDirectoryW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GlobalFree, IsProcessorFeaturePresent
msvcp110.dll
DllMain
msvcp80.dll
DllMain
msvcr110.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoCreateGuid
secur32.dll
FreeCredentialsHandle, AcquireCredentialsHandleW, LsaFreeReturnBuffer, LsaEnumerateLogonSessions, LsaGetLogonSessionData
shell32.dll
SHGetMalloc, SHGetDesktopFolder, SHGetPathFromIDListW, SHGetPathFromIDListA, SHGetSpecialFolderPathW
user32.dll
UnregisterClassA, PostMessageW, GetDC, PeekMessageW, TranslateMessage, DispatchMessageW, MsgWaitForMultipleObjects, wsprintfW, SendMessageW, KillTimer, DefWindowProcW, LoadStringW, RegisterClassW, CreateWindowExW, SetTimer, GetIconInfo, DestroyIcon, GetMessageW
ws2_32.dll
WSAIoctl
wtsapi32.dll
WTSLogoffSession, WTSOpenServerW, WTSCloseServer

ekrn.exe

ESET Smart Security by ESET (Signed)

Remove ekrn.exe
Version:   6.0.316.0
MD5:   7fe34fd5652c54bda8d2df8ac92e833a
SHA1:   d0a5e1e3a700796fbcba8b10c7f60adb4067f517
SHA256:   2b2836f47398aad173f0d5c016b3b4dab13f4eec991b05d3c8b1df310b25a96a

What is ekrn.exe?

ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package from ESET. ESET's use of assembly language in its products contributes to their low system requirements and disk space utilization. ESET calls its scanning engine ThreatSense, and makes extensive use of generic signatures and heuristics.

About ekrn.exe (from ESET)

Protect your family with ESET’s complete Internet security suite, built on the award-winning ThreatSense antivirus and antispyware engine. Our proactive heuristic technology intercepts and eliminates

DetailsDetails

File name:ekrn.exe
Publisher:ESET
Product name:ESET Smart Security
Description:ESET Service
Typical file path:C:\Program Files\eset\eset nod32 antivirus\ekrn.exe
File version:6.0.316.0
Size:1.28 MB (1,341,664 bytes)
Build date:3/21/2013 3:04 PM
Certificate
Issued to:ESET
Authority (CA):VeriSign
Expiration date:Wednesday, June 12, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
ESET NOD32 Antivirus
 ESET spol. s r.o.
8% remove
ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET.
ESET Smart Security
 ESET spol. s r.o.
6% remove
ESET Smart Security is an all-in-one Internet Security solution with new Anti-theft feature that locates your missing laptop and gives you tools to help recover it. Personal Firewall and Anti-Phishing keep your data safe from identity theft and other scams. Delivering top protection right from the start, the solution lets you address security issues directly from the main screen. Quickly find the settings you need and fine-tune your sec...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'ekrn' (ESET Service)
  • ekrn
Network connections
  • [UDP] listens on port 58265
  • [UDP] listens on port 61979
  • [UDP] listens on port 51929

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00335305%
    0.028634%
    Kernel CPU:0.00215995%
    0.013761%
    User CPU:0.00119309%
    0.014873%
    Kernel CPU time:1,679,936,380 ms/min
    100,923,805ms/min
    CPU cycles:7,827,174/sec
    17,470,203/sec
    Context switches:133/sec
    284/sec
    Memory
    Private memory:105.79 MB
    21.59 MB
    Private (maximum):119.98 MB
    Private (minimum):58.09 MB
    Non-paged memory:105.79 MB
    21.59 MB
    Virtual memory:239.61 MB
    140.96 MB
    Virtual memory (peak):314.33 MB
    169.69 MB
    Working set:89.18 MB
    18.61 MB
    Working set (peak):155.69 MB
    37.95 MB
    Page faults:7,356,137/min
    2,039/min
    I/O
    I/O read transfer:4.59 MB/sec
    1.02 MB/min
    I/O read operations:317/sec
    343/min
    I/O write transfer:509.83 KB/sec
    274.99 KB/min
    I/O write operations:218/sec
    227/min
    I/O other transfer:29.3 KB/sec
    448.09 KB/min
    I/O other operations:1,782/sec
    1,671/min
    Resource allocations
    Threads:29
    12
    Handles:493
    600
    GUI GDI count:12
    103
    GUI USER count:7
    49

    BehaviorsProcess properties

    Integrety level:System
    Platform:64-bit
    Command lines:
    • "C:\Program Files\eset\eset smart security\x86\ekrn.exe"
    • "C:\Program Files\eset\eset nod32 antivirus\ekrn.exe"
    • "C:\Program Files\eset\eset nod32 antivirus\x86\ekrn.exe"
    • "C:\Program Files\eset\eset smart security\ekrn.exe"
    Owner:SYSTEM
    Windows Service
    Service name:ekrn
    Display name:ESET Service
    Description:“ESET Service”
    Type:Win32OwnProcess, InteractiveProcess
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    ekrn.exe (main module)
    Total CPU:0.24987824%
    0.272967%
    Kernel CPU:0.07063271%
    0.107585%
    User CPU:0.17924553%
    0.165382%
    CPU cycles:5,586,368/sec
    5,741,424/sec
    Context switches:5/sec
    79/sec
    Memory:1.27 MB
    1.16 MB
    ekrnhips.dll (ESET Smart Security by ESET)
    Total CPU:0.06177912%
    Kernel CPU:0.04649356%
    User CPU:0.01528555%
    CPU cycles:1,356,780/sec
    Context switches:3/sec
    Memory:132 KB
    sechost.dll
    Total CPU:0.06070737%
    Kernel CPU:0.00739884%
    User CPU:0.05330853%
    CPU cycles:1,668,645/sec
    Context switches:1/sec
    Memory:100 KB
    ekrnamon.dll (ESET Smart Security by ESET)
    Total CPU:0.04832199%
    Kernel CPU:0.01317452%
    User CPU:0.03514747%
    CPU cycles:712,861/sec
    Context switches:2/sec
    Memory:288 KB
    ekrnepfw.dll (ESET Smart Security by ESET)
    Total CPU:0.01047831%
    Kernel CPU:0.00376843%
    User CPU:0.00670988%
    CPU cycles:126,716/sec
    Memory:552 KB
    wow64.dll
    Total CPU:0.00242587%
    Kernel CPU:0.00063565%
    User CPU:0.00179021%
    CPU cycles:159,721/sec
    Memory:252 KB
    wow64cpu.dll
    Total CPU:0.00175896%
    Kernel CPU:0.00024966%
    User CPU:0.00150930%
    CPU cycles:227,083/sec
    Context switches:1/sec
    Memory:32 KB
    advapi32.dll (Advanced Windows 32 Base API by Microsoft)
    Total CPU:0.00130327%
    Kernel CPU:0.00017354%
    User CPU:0.00112973%
    Memory:620 KB
    ntdll.dll
    Total CPU:0.00003808%
    Kernel CPU:0.00003808%
    User CPU:0.00000000%
    CPU cycles:445/sec
    Memory:1.24 MB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Ultimate 40.50%
    Microsoft Windows XP 23.50%
    Windows 7 Home Premium 11.50%
    Windows 8 Pro 7.00%
    Windows 7 Professional 6.50%
    Windows 7 Ultimate N 2.50%
    Windows 7 Home Basic 1.50%
    Windows 8.1 N 1.00%
    Windows 8.1 Single Language 1.00%
    Windows 8.1 1.00%
    Windows 8 Enterprise 1.00%
    Windows 8 1.00%
    Windows Vista Home Premium 1.00%
    Windows 8 Consumer Preview 0.50%
    Windows 8 Pro with Media Center 0.50%

    Distribution by countryDistribution by country

    Ireland installs about 14.50% of ESET Smart Security.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 18.54%
    Hewlett-Packard 13.17%
    Dell 12.68%
    Intel 11.71%
    Acer 9.27%
    Lenovo 8.78%
    Sony 8.78%
    GIGABYTE 7.32%
    Toshiba 6.83%
    Sahara 0.98%
    Samsung 0.98%
    American Megatrends 0.98%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE