"MsMpEng.exe" Process on Windows 7

Q

What is the "MsMpEng.exe" process on windows 7? Is the "MsMpEng.exe" process a virus? Can I terminate the "MsMpEng.exe" process?

✍: FYIcenter.com

A

"MsMpEng.exe" process represents "Antimalware Service Executable" program. "MsMpEng.exe" is a service that helps protect users from malware and other potentially unwanted software.

"MsMpEng.exe" process is normally running under the parent process "services" as shown in the process tree below:

Boot
   wininit
      services
         MsMpEng

On the Processes tab of "Task Manager", "MsMpEng.exe" process may be listed as:

Image Name                 Memory   Description
--------------------   ----------   -----------
MsMpEng.exe             186,668 K   Antimalware Service Executable

Additional information about "MsMpEng.exe" process:

Command line:
   "c:\Program Files\Microsoft Security Client\MsMpEng.exe"

Programe file information:
   Name: MsMpEng.exe
   Location: c:\Program Files\Microsoft Security Client\MsMpEng.exe
   Description: Antimalware Service Executable
   Version: 4.10.0207.0
   Size: 120888 bytes
   Last modified: 10/19/2016 12:08:38 AM
   Company Name: Microsoft Corporation

Some data files used:
C:\Windows\System32
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-12152016-115419.log
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPLog-12152016-115419.log
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\8EBC9C90-6B27-472E-99BF-F378665755E7-0.bin
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin
\FileSystem\Filters\FltMgrMsg
\FileSystem\Filters\FltMgrMsg
C:\ProgramData\Microsoft\Microsoft Antimalware\IMpServiceDDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB.lock
C:\Program Files\Microsoft Security Client\DbgHelp.dll
C:\Program Files\Microsoft Security Client\NisWFP.dll

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
HKLM\SOFTWARE\Policies\Microsoft
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
HKU\.DEFAULT\Control Panel\International
HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\ADVAPI32.dll
C:\windows\system32\msvcrt.dll
C:\windows\SYSTEM32\sechost.dll
C:\windows\system32\RPCRT4.dll
C:\windows\system32\CRYPT32.dll
C:\windows\system32\MSASN1.dll
C:\windows\system32\WINTRUST.dll

"MsMpEng.exe" process is not a virus. You can terminate "MsMpEng.exe" process, or disable the "Microsoft Antimalware Service". if it consumes too much CPU resources. And you enable and start "Microsoft Antimalware Service" later if you want it back.

 

System Service Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2016-07-25, 1586👍, 0💬