Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

Anti-Malware Core.1.1.3.164.x64 55.88%
Anti-Malware Core.1.1.3.136.x64 1.47%
Anti-Malware Core.1.1.2.123.x64 19.12%
Anti-Malware Core.1.1.2.118.x64 1.47%
Anti-Malware Core.1.1.1.244.x86 1.47%
Anti-Malware Core.1.1.1.244.x64 1.47%
Anti-Malware Core.1.0.1.118.x64 16.18%
Anti-Malware Core.1.0.0.1921.x86 1.47%
Anti-Malware Core.1.0.0.1921.x64 1.47%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
AddAccessDeniedAceEx, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegQueryValueExW, RegOpenKeyW, FreeSid, RevertToSelf, ImpersonateLoggedOnUser, ConvertStringSecurityDescriptorToSecurityDescriptorW, CreateWellKnownSid, LookupPrivilegeValueW, AdjustTokenPrivileges, GetUserNameW, GetSidLengthRequired, LookupAccountNameW, ReportEventW, DeregisterEventSource, RegisterEventSourceW, SetServiceObjectSecurity, InitializeSecurityDescriptor, InitializeAcl, TraceEvent, AddAccessAllowedAceEx, SetSecurityDescriptorDacl, OpenSCManagerW, OpenServiceW, CloseServiceHandle, AllocateAndInitializeSid, OpenThreadToken, OpenProcessToken, GetLengthSid, CopySid, GetTokenInformation, GetSecurityDescriptorDacl, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, RegSetValueExW, RegEnumKeyExW, RegQueryInfoKeyW, RegEnumValueW, RegCreateKeyW, RegDeleteKeyW, RegOpenKeyExW, RegDeleteValueW, RegCloseKey, RegDisablePredefinedCache, AllocateLocallyUniqueId, SetSecurityInfo, GetSecurityInfo, SetEntriesInAclW, QueryServiceObjectSecurity, ConvertSecurityDescriptorToStringSecurityDescriptorW, EqualSid, DuplicateTokenEx
kernel32.dll
GetModuleHandleW, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, InterlockedCompareExchange, GetOverlappedResult, CancelIo, Process32FirstW, Process32NextW, OpenThread, GetExitCodeProcess, DuplicateHandle, MultiByteToWideChar, WideCharToMultiByte, CreateToolhelp32Snapshot, Module32FirstW, GetCurrentThread, GetFileAttributesExW, LoadLibraryExW, RemoveDirectoryW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetVersionExW, LoadLibraryA, GetFileSizeEx, GetFileTime, SetFilePointerEx, SetEndOfFile, WriteFile, CopyFileW, ResetEvent, InterlockedExchange, InterlockedDecrement, InterlockedIncrement, GetCurrentProcess, IsWow64Process, MoveFileExW, GetDriveTypeW, GetLogicalDrives, Sleep, SetFilePointer, ReadFile, DeleteFileW, WaitForMultipleObjects, FindClose, SignalObjectAndWait, FindFirstFileW, GetCurrentProcessId, SetLastError, OpenEventW, GetTickCount, DisconnectNamedPipe, CreateNamedPipeW, CreateFileW, OpenProcess, ProcessIdToSessionId, GetCurrentThreadId, GetModuleFileNameW, GetLastError, GetSystemDirectoryW, WaitForSingleObject, SetEvent, GetSystemTime, GetLocalTime, CreateEventW, CloseHandle, LocalFree, LocalAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, SetUnhandledExceptionFilter
msvcp90.dll
DllMain
msvcr90.dll
DllMain
ole32.dll
CoTaskMemFree, StringFromCLSID, CLSIDFromString, CoTaskMemAlloc
rpcrt4.dll
RpcRevertToSelfEx, RpcImpersonateClient, RpcServerUnregisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcBindingInqLocalClientPID, RpcMgmtStopServerListening, RpcServerListen, NdrServerCall2, UuidCreate, UuidToStringW, RpcStringFreeW
shlwapi.dll
SHCreateStreamOnFileW, SHDeleteKeyW
user32.dll
GetSystemMetrics
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationW, WTSQueryUserToken

mcshield.exe

Anti-Malware Core by McAfee (Signed)

Remove mcshield.exe
Version:   Anti-Malware Core.1.1.2.118.x64
MD5:   f5a673eb9fc14deffc5d7154b72a9c06
SHA1:   2df581012296bc5403c4058915b09cb7d02f8ab5
SHA256:   60f6487ddbfaf6bb1474bc94cbeaa41a5b36e35d255ad7ab140a5da7c1b2276d

What is mcshield.exe?

McAfee On-Access Scanner service features true blocking On Access Scanning. It scans every file being accessed from or written to the machine and blocks infections if any. On Access Scanner can be configured to scan on Read Only, Write only or both. It can also be configured to scan files on network volumes.

Overview

mcshield.exe runs as a service under the name McAfee Anti-Malware Core (mfecore) with extensive SYSTEM privileges (full administrator access). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:mcshield.exe
Publisher:McAfee, Inc.
Product name:Anti-Malware Core
Description:McAfee On-Access Scanner service
Typical file path:C:\Program Files\common files\mcafee\amcore\mcshield.exe
File version:Anti-Malware Core.1.1.2.118.x64
Size:993.18 KB (1,017,016 bytes)
Build date:8/5/2013 5:40 AM
Certificate
Issued to:McAfee
Authority (CA):VeriSign
Effective date:Friday, June 10, 2011
Digital DNA
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'mfecore' (McAfee Anti-Malware Core)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00101374%
0.028634%
Kernel CPU:0.00040342%
0.013761%
User CPU:0.00061032%
0.014873%
Kernel CPU time:94,677 ms/min
100,923,805ms/min
Context switches:33/sec
284/sec
Memory
Private memory:329.09 MB
21.59 MB
Private (maximum):313.21 MB
Private (minimum):82.32 MB
Non-paged memory:329.09 MB
21.59 MB
Virtual memory:529.93 MB
140.96 MB
Virtual memory (peak):538.18 MB
169.69 MB
Working set:312.56 MB
18.61 MB
Working set (peak):317.45 MB
37.95 MB
Resource allocations
Threads:50
12
Handles:749
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command line:"C:\Program Files\common files\mcafee\amcore\mcshield.exe"
Owner:SYSTEM
Windows Service
Service name:mfecore
Display name:McAfee Anti-Malware Core
Description:“McAfee OnAccess Scanner”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
ncapi.dll
Total CPU:0.11650760%
0.272967%
Kernel CPU:0.00636740%
0.107585%
User CPU:0.11014020%
0.165382%
CPU cycles:2,979,319/sec
5,741,424/sec
Memory:120 KB
1.16 MB
sechost.dll (Host for SCM/SDDL/LSA Lookup APIs by Microsoft)
Total CPU:0.08164409%
Kernel CPU:0.02295700%
User CPU:0.05868708%
CPU cycles:1,956,941/sec
Memory:124 KB
MCNormalizer.dat
Total CPU:0.07684217%
Kernel CPU:0.02680842%
User CPU:0.05003375%
CPU cycles:1,849,956/sec
Memory:208 KB
ntdll.dll
Total CPU:0.01029175%
Kernel CPU:0.00743845%
User CPU:0.00285330%
CPU cycles:281,178/sec
Memory:1.66 MB
MSVCR90.dll
Total CPU:0.00450668%
Kernel CPU:0.00075813%
User CPU:0.00374855%
CPU cycles:104,845/sec
Memory:628 KB
EMMain.dll
Total CPU:0.00361723%
Kernel CPU:0.00110775%
User CPU:0.00250948%
CPU cycles:125,532/sec
Memory:284 KB
ts.dat
Total CPU:0.00081437%
Kernel CPU:0.00042981%
User CPU:0.00038456%
CPU cycles:24,194/sec
Memory:1.32 MB
mcshield.exe (main module)
Total CPU:0.00004315%
Kernel CPU:0.00004315%
User CPU:0.00000000%
CPU cycles:1,252/sec
Memory:1004 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 27.94%
Windows 8.1 22.06%
Windows 8.1 Single Language 16.18%
Windows 8 16.18%
Windows 8 Single Language 5.88%
Windows 8.1 Pro with Media Center 2.94%
Windows 8 Pro 2.94%
Windows 7 Professional 1.47%
Windows 7 Ultimate 1.47%
Windows Vista Home Premium 1.47%
Windows 7 Starter 1.47%

Distribution by countryDistribution by country

United States installs about 50.00% of Anti-Malware Core.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 29.13%
Dell 23.30%
Acer 12.62%
Lenovo 11.65%
Hewlett-Packard 11.65%
Sony 7.77%
Toshiba 3.88%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE