"NisSrv.exe" Process on Windows 7

Q

What is the "NisSrv.exe" process on windows 7? Is the "NisSrv.exe" process a virus? Can I terminate the "NisSrv.exe" process?

✍: FYIcenter.com

A

"NisSrv.exe" process represents "Microsoft Network Realtime Inspection Service" program. "NisSrv.exe" is for "Microsoft Network Inspection" service which helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols.

"NisSrv.exe" process is normally running under the parent process "services" as shown in the process tree below:

Boot
   wininit
      services
         NisSrv

On the Processes tab of "Task Manager", "NisSrv.exe" process may be listed as:

Image Name                 Memory   Description
--------------------   ----------   -----------
NisSrv.exe               13,968 K   Microsoft Network Realtime Inspection Service

Additional information about "NisSrv.exe" process:

Command line:
   "c:\Program Files\Microsoft Security Client\NisSrv.exe"

Programe file information:
   Name: NisSrv.exe
   Location: c:\Program Files\Microsoft Security Client\NisSrv.exe
   Description: Microsoft Network Realtime Inspection Service
   Version: 4.10.0207.0
   Size: 361816 bytes
   Last modified: 10/19/2016 12:08:38 AM
   Company Name: Microsoft Corporation
   
Some data files used:
C:\Windows\System32
C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt
C:\Windows\System32\en-US\crypt32.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Windows\System32\en-US\KernelBase.dll.mui

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
HKLM\SOFTWARE\Policies\Microsoft
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
HKLM\SYSTEM\ControlSet001\services\crypt32
HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\CA

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\ADVAPI32.dll
C:\windows\system32\msvcrt.dll
C:\windows\SYSTEM32\sechost.dll
C:\windows\system32\RPCRT4.dll
c:\Program Files\Microsoft Security Client\NisLog.dll
c:\Program Files\Microsoft Security Client\mpclient.dll
C:\windows\system32\OLEAUT32.dll

"NisSrv.exe" process is not a virus. You should not terminate "NisSrv.exe" process.

 

System Service Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2016-07-22, 1987👍, 0💬