Microsoft Forefront Endpoint Protection
What is Microsoft Forefront Endpoint Protection?
Microsoft Forefront is a family of line-of-business security software that are designed to help protect computer networks, network servers (such as Microsoft Exchange Server and Microsoft SharePoint Server) and individual devices.
About (from Microsoft)
Security and management have traditionally existed as two separate disciplines, yet both play a central role in keeping your users safe and productive. Microsoft System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection) allows you to consolidate desktop security and management in a sing... Read more
Overview
The most used version is 2.1.1116.0, with over 98% of all installations currently using this version. Upon installation and setup, it defines an auto-start registry entry which makes this program run on each Windows boot for all user logins. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager. A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The software is designed to connect to the Internet and adds a Windows Firewall exception in order to do so without being interfered with. When installed, it will add a context menu handler to the Windows shell in order to provide quick access to the program. The software installer includes 55 files and is usually about 28.04 MB (29,401,189 bytes).
Program details
URL: go.microsoft.com/fwlink/?LinkID=195301&mkt=en-us
Installation folder: C:\Program Files\Microsoft Security Client
Uninstaller: C:\Program Files\Microsoft Security Client\Setup.exe /x
Estimated size: 28.04 MB
Files installed by Microsoft Forefront Endpoint Protection
-
AMMonitoringProvider.dll - Microsoft Client Security Antimalware Monitoring Provider
-
MpEvMsg.dll - Protection contre les programmes malveillants Microsoft (Module de ressources d'événement)
-
FirewallStateProvider.dll - Microsoft Security Client FirewallStateProvider
-
MpProvider.dll - Microsoft Security Client Antimalware Provider
-
MpAsDesc.dll - Proteção da Microsoft Contra Software Maligno (Descrições de Atualização de Definições)
-
DcmNotifier.exe - Microsoft Forefront Endpoint Protection 2010 (Microsoft Forefront Endpoint Protection DCM Notifier)
-
EppManifest.dll - Microsoft Forefront Endpoint Protection Resource Module
-
ConfigSecurityPolicy.exe - Microsoft Security Client Policy Configure
-
NisLog.dll - Microsoft Network Inspection System (Microsoft Network Inspection System Logging Provider)
-
NisWFP.dll
-
DbgHelp.dll - Debugging Tools for Windows(R) (Windows Image Helper)
-
SymSrv.dll - Symbol Server
-
MSESysprep.dll - Microsoft Security Essentials (Microsoft Security Essentials Sysprep Module)
-
msseoobe.exe - Microsoft Security Essentials OOBE Wizard
-
msseooberes.dll - Microsoft Security Client OOBE Wizard Resources
-
MsseWat.dll - Microsoft Security Essentials WGA module
-
ProtectionManagement.dll - Microsoft Endpoint Protection (Microsoft Endpoint Protection Management Provider)
-
MpAzSubmit.dll - Microsoft Malware Protection (MpAzSubmit Module)
-
MpClient.dll - Client Interface
-
MpCmdRun.exe - Microsoft Malware Protection Command Line Utility
-
MpCommu.dll - Communication Module
-
MpOAv.dll - IOfficeAntiVirus Module
-
MpRTP.dll - AntiMalware Realtime Monitor
-
MpSvc.dll - Service Module
-
MpTpmAtt.dll - TPM Attestation
-
MsMpCom.dll - COM Utility
-
MsMpEng.exe - Antimalware Service Executable
-
NisIpsPlugin.dll - Microsoft Network Realtime Inspection Plugin
-
NisSrv.exe - Microsoft Network Realtime Inspection Service
-
LegitLib.dll - Microsoft Genuine Advantage (Windows Genuine Advantage Validation Library)
-
mpuxhostproxyoob.dll - Microsoft Security Client (COM Proxy for mpuxhost (MP Modern shell host))
-
MpUxSrvOob.exe - MP modern host server
-
MsMpRes.dll - User Interface Resource Module
-
msseces.exe - Microsoft Security Client User Interface
-
setup.exe - Microsoft Security Client Setup
-
setupres.dll - Microsoft Security Client Setup Resources
-
shellext.dll - Microsoft Security Client Shell Extension
-
WindowsFirewallConfigurationProvider.dll - Microsoft® Policy Platform Windows® Firewall Provider
-
MsMpLics.dll - Microsoft Antimalware (License Module)
-
sqmapi.dll - SQM Client
Behaviors exhibited
Autoplay Handler
- shellext.dll is registered as an AutoPlay event handler named 'DVDFabHDDecrypterOnDVDArrival' with the ProgID of 'DVDFabHDDecrypterOpen' and the action verb 'Open.
Context Menu Handler
- shellext.dll added to Windows Explorer under the name 'OpenWithCtxMenuExt' with a class of {BC654325-1273-C2A9-2B7C-45D29BCE68FB}.
Mozilla Plugin
- shellext.dll is loaded into Mozilla Firefox under the product name 'Microsoft SharePoint Plug-in for Firefox' with a plugin key of '@microsoft.com/SharePoint,version=14.0' for all users of the PC.
5 Scheduled Tasks
- msseces.exe is scheduled as a task with the class '{6FA94EF8-7B88-4C31-9AF5-D831F612AF54}' (runs on registration).
- MpCmdRun.exe is scheduled as a task named 'Microsoft Security Essentials Scan' (runs daily at 11:00 PM).
- MsMpEng.exe is scheduled as a task with the class '{36EFC519-FFC0-44BA-A865-06780C54FA6D}' (runs on registration).
- Setup.exe is scheduled as a task with the class '{EAC44AF3-B6F9-401D-8A78-249D0D819684}' (runs on registration).
- MsMpRes.dll is scheduled as a task named 'Microsoft-Windows-TaskScheduler_Operational_Microsoft-Windows-TaskScheduler_103'.
2 Scheduled Tasks (Boot/Login)
- msseces.exe is automatically launched at startup through a scheduled task named 5.
- MpCmdRun.exe is automatically launched at startup through a scheduled task named MS-AntiVir-Update.
2 Services
- NisSrv.exe runs as a service named 'Microsoft Netwerkinspectie' (NisSrv) "Biedt bescherming tegen inbraakpogingen die gericht zijn op bekende en recentelijk gevonden zwakke plekken in netwerkprotocollen".
- MsMpEng.exe runs as a service named 'Microsoft Antimalware Service' (MsMpSvc) "Helps protect users from malware and other potentially unwanted software".
3 Startup Files (User Run)
- msseces.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Security Client User Interface' and executes as C:\Program Files\Microsoft Security Client\msseces.exe.
- MpCmdRun.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Malware Protection Command Line Utility' and executes as C:\Program Files\Microsoft Security Client\MpCmdRun.exe.
- MsMpEng.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'New startup' and executes as "C:\Program Files\Microsoft Security Client\MsMpEng.exe".
Startup File (User Run Once)
- msseces.exe is loaded once in the current user (HKCU) registry as a startup file name 'Application Restart #1' which loads as C:\Program Files\Microsoft Security Client\msseces.exe -Recover.
2 Startup Files (All Users Run)
- msseces.exe is loaded in the all users (HKLM) registry as a startup file name 'msseces.exe' which loads as "C:\Program Files\Microsoft Security Client\msseces.exe".
- MsMpEng.exe is loaded in the all users (HKLM) registry as a startup file name 'Microsoft Security' which loads as C:\Program Files\Microsoft Security Client\MsMpEng.exe.
5 Windows Firewall Allowed Programs
- shellext.dll is added as a firewall exception for 'C:\Program Files2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe'.
- msseces.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\msseces.exe'.
- MsMpEng.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MsMpEng.exe'.
- Setup.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\setup.exe'.
- MpCmdRun.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MpCmdRun.exe'.
Resource utilization averages
Show technical details
| MpCmdRun.exe |
| Memory: | 564 KB | |
| Total CPU: | 0.1615348063% | |
| Kernel CPU: | 0.13167757% | |
| User CPU: | 0.02985724% | |
| MsMpEng.exe |
| Memory: | 93.98 MB | |
| Total CPU: | 0.0073768926% | |
| Kernel CPU: | 0.00499648% | |
| User CPU: | 0.00238042% | |
| CPU cycles/sec: | 31,319,887 | |
| Switches/sec: | 24 | |
| I/O reads/min: | 5.84 MB | |
| I/O writes/min: | 1.78 MB | |
| NisSrv.exe |
| Memory: | 9.39 MB | |
| Total CPU: | 0.0019590863% | |
| Kernel CPU: | 0.00047169% | |
| User CPU: | 0.00148740% | |
| CPU cycles/sec: | 29,554 | |
| I/O reads/min: | 2 Bytes | |
| I/O writes/min: | 23 Bytes | |
How do I remove Microsoft Forefront Endpoint Protection?
You can uninstall Microsoft Forefront Endpoint Protection from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program Microsoft Forefront Endpoint Protection, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove Microsoft Forefront Endpoint Protection.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by Microsoft Forefront Endpoint Protection you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
OS VERSIONS
Win 7 (SP1) 82%
Win Vista 0%
|
|
HOW IT STARTS
Automatically starts? Yes
(Found in the run registry)
|
|
USER ACTIONS
 |
Uninstall it 1%
Keep it 99%
|
|
Windows
Which Windows OS versions does it run on?
| Windows 7 |
84.36% |
|
| Windows 10 |
11.00% |
|
| Windows XP |
3.67% |
|
| Windows Vista |
0.97% |
|
Which OS releases does it run on? |
| Windows 7 Enterprise |
43.54% |
|
| Windows 7 Professional |
27.41% |
|
| Windows 7 Home Premium |
7.09% |
|
| Windows 7 Ultimate |
4.86% |
|
| Windows 8.1 Pro |
3.69% |
|
| Microsoft Windows XP |
3.69% |
|
Geography
49.65% of installs come from the United States
Which countries install it?
| United States |
49.65% |
| Sweden |
7.11% |
| Netherlands |
4.14% |
| Mexico |
2.35% |
| Norway |
2.35% |
| Australia |
2.27% |
| France |
2.11% |
| Canada |
1.88% |
| United Kingdom |
1.72% |
| Germany |
1.64% |
| India |
1.49% |
| Colombia |
1.41% |
| Romania |
1.17% |
| South Africa |
1.09% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
| Dell |
47.33% |
|
| Hewlett-Packard |
31.68% |
|
| Lenovo |
9.22% |
|
| ASUS |
2.67% |
|
| American Megatrends |
2.14% |
|
| GIGABYTE |
2.01% |
|
| Acer |
1.87% |
|
| Samsung |
1.47% |
|
| Intel |
1.07% |
|
| Toshiba |
0.53% |
|
Common models |
| HP EliteBook 8570p |
3.43% |
|
| HP EliteBook 8460p |
3.00% |
|
| Dell Latitude E6420 |
3.00% |
|
| Dell OptiPlex 780 |
2.36% |
|
| HP EliteBook 8560p |
2.36% |
|
| Dell OptiPlex 990 |
2.36% |
|
About Microsoft
Microsoft Corporation develops, manufactures, licenses and supports a variety of products and services related to computing.
Publisher URL: www.microsoft.com