Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP

"mcshield.exe" Process on Windows 7

Q

What is the "mcshield.exe" process on windows 7? Is the "mcshield.exe" process a virus? Can I terminate the "mcshield.exe" process?

✍: FYIcenter.com

A

"mcshield.exe" process represents "McAfee Scanner service" program. "mcshield.exe" process is created by the "Manages McAfee Services" service.

"mcshield.exe" process is normally running under the parent process "mfemms" as shown in the process tree below: 

Boot
   wininit
      services
         mfemms
            mcshield

On the Processes tab of "Task Manager", "mcshield.exe" process may be listed as: 

Image Name                 Memory   Description
--------------------   ----------   -----------
mcshield.exe            108,212 K   McAfee Scanner service

Additional information about "mcshield.exe" process: 

Command line:
   "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe"

Programe file information:
   Name: mcshield.exe
   Location: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
   Description: McAfee Scanner service
   Version: Anti-Malware Core.1.4.1.459.x64
   Size: 1058656 bytes
   Last modified: 1/28/2016 5:47:30 PM
   Company Name: McAfee, Inc.
   
Some data files used:
C:\Windows\System32\en-US\setupapi.dll.mui
C:\Windows\System32\en-US\crypt32.dll.mui
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Program Files\Common Files\McAfee\AMCore
C:\Program Files\Common Files\McAfee\AMCore\quarantine.dll
C:\Program Files\Common Files\McAfee\AMCore\EM\EMSystemWideDataStore_01.PTF
C:\Program Files\Common Files\McAfee\amcontent\content\amcore\contain\2004.0\amcontain.dat
C:\Program Files\Common Files\McAfee\amcontent\content\avengine\prf\236.0\prfscan.dat
C:\Program Files\Common Files\McAfee\amcontent\content\avengine\med\2983.0\medscan.dat
C:\Windows\System32\en-US\KernelBase.dll.mui

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SYSTEM\ControlSet001\services\crypt32
HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKU\.DEFAULT\Software\Microsoft\SystemCertificates\My
HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT
HKU\.DEFAULT\Software\Microsoft\SystemCertificates\CA
HKLM\SOFTWARE\Microsoft\SystemCertificates\CA
HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\CA

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\RPCRT4.dll
C:\Program Files\Common Files\McAfee\AMCore\MSVCR120.dll
C:\Program Files\Common Files\McAfee\AMCore\MSVCP120.dll
C:\windows\system32\WTSAPI32.dll
C:\windows\system32\msvcrt.dll
C:\windows\system32\USER32.dll
C:\windows\system32\GDI32.dll

"mcshield.exe" process is not a virus. You should not terminate "mcshield.exe" process.

 

⇒McAfee Program Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2016-12-21, 2582👍, 0💬

Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP