Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

Anti-Malware Core.1.1.3.164.x64 55.88%
Anti-Malware Core.1.1.3.136.x64 1.47%
Anti-Malware Core.1.1.2.123.x64 19.12%
Anti-Malware Core.1.1.2.118.x64 1.47%
Anti-Malware Core.1.1.1.244.x86 1.47%
Anti-Malware Core.1.1.1.244.x64 1.47%
Anti-Malware Core.1.0.1.118.x64 16.18%
Anti-Malware Core.1.0.0.1921.x86 1.47%
Anti-Malware Core.1.0.0.1921.x64 1.47%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
AddAccessDeniedAceEx, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegQueryValueExW, RegOpenKeyW, FreeSid, RevertToSelf, ImpersonateLoggedOnUser, ConvertStringSecurityDescriptorToSecurityDescriptorW, CreateWellKnownSid, LookupPrivilegeValueW, AdjustTokenPrivileges, GetUserNameW, GetSidLengthRequired, LookupAccountNameW, ReportEventW, DeregisterEventSource, RegisterEventSourceW, SetServiceObjectSecurity, InitializeSecurityDescriptor, InitializeAcl, TraceEvent, AddAccessAllowedAceEx, SetSecurityDescriptorDacl, OpenSCManagerW, OpenServiceW, CloseServiceHandle, AllocateAndInitializeSid, OpenThreadToken, OpenProcessToken, GetLengthSid, CopySid, GetTokenInformation, GetSecurityDescriptorDacl, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, RegSetValueExW, RegEnumKeyExW, RegQueryInfoKeyW, RegEnumValueW, RegCreateKeyW, RegDeleteKeyW, RegOpenKeyExW, RegDeleteValueW, RegCloseKey, RegDisablePredefinedCache, AllocateLocallyUniqueId, SetSecurityInfo, GetSecurityInfo, SetEntriesInAclW, QueryServiceObjectSecurity, ConvertSecurityDescriptorToStringSecurityDescriptorW, EqualSid, DuplicateTokenEx
kernel32.dll
GetModuleHandleW, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, InterlockedCompareExchange, GetOverlappedResult, CancelIo, Process32FirstW, Process32NextW, OpenThread, GetExitCodeProcess, DuplicateHandle, MultiByteToWideChar, WideCharToMultiByte, CreateToolhelp32Snapshot, Module32FirstW, GetCurrentThread, GetFileAttributesExW, LoadLibraryExW, RemoveDirectoryW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetVersionExW, LoadLibraryA, GetFileSizeEx, GetFileTime, SetFilePointerEx, SetEndOfFile, WriteFile, CopyFileW, ResetEvent, InterlockedExchange, InterlockedDecrement, InterlockedIncrement, GetCurrentProcess, IsWow64Process, MoveFileExW, GetDriveTypeW, GetLogicalDrives, Sleep, SetFilePointer, ReadFile, DeleteFileW, WaitForMultipleObjects, FindClose, SignalObjectAndWait, FindFirstFileW, GetCurrentProcessId, SetLastError, OpenEventW, GetTickCount, DisconnectNamedPipe, CreateNamedPipeW, CreateFileW, OpenProcess, ProcessIdToSessionId, GetCurrentThreadId, GetModuleFileNameW, GetLastError, GetSystemDirectoryW, WaitForSingleObject, SetEvent, GetSystemTime, GetLocalTime, CreateEventW, CloseHandle, LocalFree, LocalAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, SetUnhandledExceptionFilter
msvcp90.dll
DllMain
msvcr90.dll
DllMain
ole32.dll
CoTaskMemFree, StringFromCLSID, CLSIDFromString, CoTaskMemAlloc
rpcrt4.dll
RpcRevertToSelfEx, RpcImpersonateClient, RpcServerUnregisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcBindingInqLocalClientPID, RpcMgmtStopServerListening, RpcServerListen, NdrServerCall2, UuidCreate, UuidToStringW, RpcStringFreeW
shlwapi.dll
SHCreateStreamOnFileW, SHDeleteKeyW
user32.dll
GetSystemMetrics
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationW, WTSQueryUserToken

mcshield.exe

Anti-Malware Core by McAfee (Signed)

Remove mcshield.exe
Version:   Anti-Malware Core.1.0.0.1921.x64
MD5:   e5759231e02261a45fa3cb4d5b89191f
SHA1:   e6a28c260b14d5582792d1a8770e25730ecf764d
SHA256:   4fa6fec3c25fc7e22e6c065f9d873ccd40dba4f76f7549751b13ff2676e41482

What is mcshield.exe?

McAfee On-Access Scanner service features true blocking On Access Scanning. It scans every file being accessed from or written to the machine and blocks infections if any. On Access Scanner can be configured to scan on Read Only, Write only or both. It can also be configured to scan files on network volumes.

Overview

mcshield.exe runs as a service under the name McAfee Anti-Malware Core (mfecore) with extensive SYSTEM privileges (full administrator access). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:mcshield.exe
Publisher:McAfee, Inc.
Product name:Anti-Malware Core
Description:McAfee On-Access Scanner service
Typical file path:C:\Program Files\common files\mcafee\amcore\mcshield.exe
File version:Anti-Malware Core.1.0.0.1921.x64
Size:970.11 KB (993,392 bytes)
Certificate
Issued to:McAfee
Authority (CA):VeriSign
Effective date:Friday, June 10, 2011
Digital DNA
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'mfecore' (McAfee Anti-Malware Core)
Network connections
  • [TCP] 161.69.225.6:443

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00008405%
    0.028634%
    Kernel CPU:0.00006797%
    0.013761%
    User CPU:0.00001608%
    0.014873%
    Kernel CPU time:2,467,842 ms/min
    100,923,805ms/min
    Memory
    Private memory:411.37 MB
    21.59 MB
    Private (maximum):517.58 MB
    Private (minimum):34.96 MB
    Non-paged memory:411.37 MB
    21.59 MB
    Virtual memory:642.32 MB
    140.96 MB
    Virtual memory (peak):1.1 GB
    169.69 MB
    Working set:211.47 MB
    18.61 MB
    Working set (peak):722.87 MB
    37.95 MB
    Resource allocations
    Threads:49
    12
    Handles:783
    600

    BehaviorsProcess properties

    Integrety level:System
    Platform:64-bit
    Command line:"C:\Program Files\common files\mcafee\amcore\mcshield.exe"
    Owner:SYSTEM
    Windows Service
    Service name:mfecore
    Display name:McAfee Anti-Malware Core
    Description:“McAfee OnAccess Scanner”
    Type:Win32OwnProcess
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    ncapi.dll (Anti-Malware Core by McAfee)
    Total CPU:0.19853878%
    0.272967%
    Kernel CPU:0.00726319%
    0.107585%
    User CPU:0.19127559%
    0.165382%
    CPU cycles:4,371,727/sec
    5,741,424/sec
    Context switches:1/sec
    79/sec
    Memory:112 KB
    1.16 MB
    MCNormalizer.dat
    Total CPU:0.08822455%
    Kernel CPU:0.02718003%
    User CPU:0.06104452%
    CPU cycles:1,859,003/sec
    Memory:188 KB
    sechost.dll (Host for SCM/SDDL/LSA Lookup APIs by Microsoft)
    Total CPU:0.03304714%
    Kernel CPU:0.00689970%
    User CPU:0.02614744%
    CPU cycles:693,243/sec
    Memory:124 KB
    emmain.dll (Anti-Malware Core by McAfee)
    Total CPU:0.01407198%
    Kernel CPU:0.00265069%
    User CPU:0.01142129%
    CPU cycles:314,467/sec
    Context switches:3/sec
    Memory:284 KB
    ntdll.dll
    Total CPU:0.01017062%
    Kernel CPU:0.00673504%
    User CPU:0.00343558%
    CPU cycles:217,592/sec
    Memory:1.66 MB
    MSVCR90.dll
    Total CPU:0.00118829%
    Kernel CPU:0.00015499%
    User CPU:0.00103330%
    CPU cycles:25,101/sec
    Memory:652 KB
    ts.dat
    Total CPU:0.00083297%
    Kernel CPU:0.00041648%
    User CPU:0.00041648%
    CPU cycles:16,489/sec
    Memory:1.18 MB
    mcshield.exe (main module)
    Total CPU:0.00001134%
    Kernel CPU:0.00001134%
    User CPU:0.00000000%
    CPU cycles:261/sec
    Memory:980 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 27.94%
    Windows 8.1 22.06%
    Windows 8.1 Single Language 16.18%
    Windows 8 16.18%
    Windows 8 Single Language 5.88%
    Windows 8.1 Pro with Media Center 2.94%
    Windows 8 Pro 2.94%
    Windows 7 Professional 1.47%
    Windows 7 Ultimate 1.47%
    Windows Vista Home Premium 1.47%
    Windows 7 Starter 1.47%

    Distribution by countryDistribution by country

    United States installs about 50.00% of Anti-Malware Core.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 29.13%
    Dell 23.30%
    Acer 12.62%
    Lenovo 11.65%
    Hewlett-Packard 11.65%
    Sony 7.77%
    Toshiba 3.88%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE