System Center Endpoint Protection
What is System Center Endpoint Protection? (from Microsoft)
Endpoint Protection uses the monitoring and deployment capabilities of Configuration Manager to streamline the deployment of antimalware definitions and uses Configuration Manager to provide an in-console monitoring solution. You can also use Endpoint Protection to configure Windows Firewall settings on computers in yo... Read more
Overview
System Center Endpoint Protection is a program developed by Microsoft. The most used version is 4.5.216.0, with over 98% of all installations currently using this version. Upon installation and setup, it defines an auto-start registry entry which makes this program run on each Windows boot for all user logins. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager. A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The software is designed to connect to the Internet and adds a Windows Firewall exception in order to do so without being interfered with. When installed, it will add a context menu handler to the Windows shell in order to provide quick access to the program. The software installer includes 50 files and is usually about 29.86 MB (31,314,931 bytes). In comparison to the total number of users, most PCs are running the OS Windows 7 (SP1) as well as Windows 10. While about 56% of users of System Center Endpoint Protection come from the United States, it is also popular in Australia and Norway.
Program details
URL: go.microsoft.com/fwlink/?LinkId=225780&mkt=en-us
Installation folder: C:\Program Files\Microsoft Security Client
Uninstaller: "C:\Program Files\Microsoft Security Client\Setup.exe" /x
Estimated size: 29.86 MB
Files installed by System Center Endpoint Protection
-
mpevmsg.dll - Protection contre les programmes malveillants Microsoft (Module de ressources d'événement)
-
MpAsDesc.dll - Descriptions des mises à jour des définitions
-
DcmNotifier.exe - Microsoft Forefront Endpoint Protection 2010 (Microsoft Forefront Endpoint Protection DCM Notifier)
-
MsMpRes.dll - Benutzeroberflächen-Ressourcenmodul
-
NisLog.dll - Microsoft Network Inspection System (Microsoft Network Inspection System Logging Provider)
-
NisWFP.dll
-
EppManifest.dll - System Center Endpoint Protection (User Interface Customization Resource Module)
-
DbgHelp.dll - Debugging Tools for Windows(R) (Windows Image Helper)
-
SymSrv.dll - Symbol Server
-
AMMonitoringProvider.dll - Microsoft Endpoint Protection (Microsoft Security Client Antimalware Monitoring Provider)
-
ConfigSecurityPolicy.exe - Microsoft Security Client Policy Configuration Tool
-
FirewallStateProvider.dll - Microsoft Security Client Firewall State Provider
-
MpProvider.dll - Microsoft Security Client Antimalware Provider
-
MsseWat.dll - Microsoft Security Essentials (Microsoft Security Essentials WGA module)
-
MpAzSubmit.dll - Microsoft Malware Protection (MpAzSubmit Module)
-
MpClient.dll - Client Interface
-
MpCmdRun.exe - Microsoft Malware Protection Command Line Utility
-
MpCommu.dll - Communication Module
-
MpOAv.dll - IOfficeAntiVirus Module
-
MpRTP.dll - AntiMalware Realtime Monitor
-
MpSvc.dll - Service Module
-
MpTpmAtt.dll - TPM Attestation
-
MsMpCom.dll - COM Utility
-
MsMpEng.exe - Antimalware Service Executable
-
NisIpsPlugin.dll - Microsoft Network Realtime Inspection Plugin
-
NisSrv.exe - Microsoft Network Realtime Inspection Service
-
LegitLib.dll - Microsoft Genuine Advantage (Windows Genuine Advantage Validation Library)
-
mpuxhostproxyoob.dll - Microsoft Security Client (COM Proxy for mpuxhost (MP Modern shell host))
-
MpUxSrvOob.exe - MP modern host server
-
msseces.exe - Microsoft Security Client User Interface
-
Setup.exe - Microsoft Security Client Setup
-
SetupRes.dll - Microsoft Security Client Setup Resources
-
shellext.dll - Microsoft Security Client Shell Extension
-
WindowsFirewallConfigurationProvider.dll - Microsoft® Policy Platform Windows® Firewall Provider
-
MsMpLics.dll - Microsoft Antimalware (License Module)
-
ProtectionMgmt.dll - Protection Management WMIv2 Provider
-
sqmapi.dll - SQM Client
Behaviors exhibited
Autoplay Handler
- shellext.dll is registered as an AutoPlay event handler named 'DVDFabHDDecrypterOnDVDArrival' with the ProgID of 'DVDFabHDDecrypterOpen' and the action verb 'Open.
Context Menu Handler
- shellext.dll added to Windows Explorer under the name 'EPP' with a class of {09A47860-11B0-4DA5-AFA5-26D86198A780}.
Mozilla Plugin
- shellext.dll is loaded into Mozilla Firefox under the product name 'McAfee Total Protection' with a plugin key of '@mcafee.com/MSC,version=10' for all users of the PC.
5 Scheduled Tasks
- msseces.exe is scheduled as a task with the class '{D300CC09-EC38-4DD4-B614-9579AFFC3A46}' (runs on registration).
- MpCmdRun.exe is scheduled as a task named 'Microsoft Antimalware Scan' (runs weekly on Sundays at 2:00 AM).
- MsMpEng.exe is scheduled as a task with the class '{36EFC519-FFC0-44BA-A865-06780C54FA6D}' (runs on registration).
- Setup.exe is scheduled as a task with the class '{EAC44AF3-B6F9-401D-8A78-249D0D819684}' (runs on registration).
- MsMpRes.dll is scheduled as a task named 'Microsoft-Windows-TaskScheduler_Operational_Microsoft-Windows-TaskScheduler_103'.
2 Scheduled Tasks (Boot/Login)
- MpCmdRun.exe is automatically launched at startup through a scheduled task named MS-AntiVir-Update.
- msseces.exe is automatically launched at startup through a scheduled task named MSC (2).
2 Services
- NisSrv.exe runs as a service named 'Microsoft Netwerkinspectie' (NisSrv) "Biedt bescherming tegen inbraakpogingen die gericht zijn op bekende en recentelijk gevonden zwakke plekken in netwerkprotocollen".
- MsMpEng.exe runs as a service named 'Microsoft Antimalware Service' (MsMpSvc) "Helps protect users from malware and other potentially unwanted software".
3 Startup Files (User Run)
- msseces.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Security Client User Interface' and executes as C:\Program Files\Microsoft Security Client\msseces.exe.
- MpCmdRun.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Malware Protection Command Line Utility' and executes as C:\Program Files\Microsoft Security Client\MpCmdRun.exe.
- MsMpEng.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'New startup' and executes as "C:\Program Files\Microsoft Security Client\MsMpEng.exe".
Startup File (User Run Once)
- msseces.exe is loaded once in the current user (HKCU) registry as a startup file name 'Application Restart #0' which loads as C:\Program Files\Microsoft Security Client\msseces.exe -Recover.
2 Startup Files (All Users Run)
- msseces.exe is loaded in the all users (HKLM) registry as a startup file name 'MSC' which loads as "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey.
- MsMpEng.exe is loaded in the all users (HKLM) registry as a startup file name 'Microsoft Security' which loads as C:\Program Files\Microsoft Security Client\MsMpEng.exe.
5 Windows Firewall Allowed Programs
- shellext.dll is added as a firewall exception for 'C:\Program Files2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe'.
- msseces.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\msseces.exe'.
- MsMpEng.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MsMpEng.exe'.
- Setup.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\setup.exe'.
- MpCmdRun.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MpCmdRun.exe'.
Resource utilization averages
Show technical details
MpCmdRun.exe |
Memory: | 564 KB | |
Total CPU: | 0.1615348063% | |
Kernel CPU: | 0.13167757% | |
User CPU: | 0.02985724% | |
MsMpEng.exe |
Memory: | 93.98 MB | |
Total CPU: | 0.0073768926% | |
Kernel CPU: | 0.00499648% | |
User CPU: | 0.00238042% | |
CPU cycles/sec: | 31,319,887 | |
Switches/sec: | 24 | |
I/O reads/min: | 5.84 MB | |
I/O writes/min: | 1.78 MB | |
NisSrv.exe |
Memory: | 9.39 MB | |
Total CPU: | 0.0019590863% | |
Kernel CPU: | 0.00047169% | |
User CPU: | 0.00148740% | |
CPU cycles/sec: | 29,554 | |
I/O reads/min: | 2 Bytes | |
I/O writes/min: | 23 Bytes | |
How do I remove System Center Endpoint Protection?
You can uninstall System Center Endpoint Protection from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program System Center Endpoint Protection, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove System Center Endpoint Protection.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by System Center Endpoint Protection you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
OS VERSIONS
Win 7 (SP1) 64%
Win Server 2003 0%
|
|
HOW IT STARTS
Automatically starts? Yes
(Found in the run registry)
|
|
USER ACTIONS
|
Uninstall it 4%
Keep it 96%
|
|
Windows
Which Windows OS versions does it run on?
Windows 7 |
64.64% |
|
Windows 10 |
34.47% |
|
Windows XP |
0.84% |
|
Windows Server 2003 |
0.05% |
|
Which OS releases does it run on? |
Windows 7 Enterprise |
43.05% |
|
Windows 7 Professional |
19.27% |
|
Windows 8.1 Enterprise |
16.02% |
|
Windows 8.1 Pro |
5.50% |
|
Windows 10 Enterprise |
3.90% |
|
Windows 8 Enterprise |
2.26% |
|
Geography
55.95% of installs come from the United States
Which countries install it?
United States |
55.95% |
Australia |
4.26% |
Norway |
3.43% |
Sweden |
3.25% |
Canada |
2.87% |
United Kingdom |
2.43% |
DK |
2.20% |
South Africa |
1.90% |
Germany |
1.87% |
France |
1.64% |
India |
1.42% |
Netherlands |
1.42% |
Mexico |
1.12% |
Italy |
1.12% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
Dell |
52.59% |
|
Hewlett-Packard |
28.59% |
|
Lenovo |
9.04% |
|
Acer |
3.19% |
|
Toshiba |
2.93% |
|
Intel |
2.06% |
|
ASUS |
1.00% |
|
GIGABYTE |
0.60% |
|
Common models |
Dell Latitude E6430 |
3.29% |
|
Dell Latitude E5440 |
3.19% |
|
Dell Latitude E6420 |
3.09% |
|
Dell OptiPlex 7010 |
3.09% |
|
TOSHIBA PORTEGE Z10t-A |
2.80% |
|
Dell Latitude E7440 |
2.51% |
|
About Microsoft
Microsoft Corporation develops, manufactures, licenses and supports a variety of products and services related to computing.
Publisher URL: www.microsoft.com