Microsoft Forefront Endpoint Protection
What is Microsoft Forefront Endpoint Protection?
Microsoft Forefront Endpoint Protection is software application developed by Microsoft Corporation. It is most commonly found on computers running Windows 7 with nearly 84.36% of installations running this operating system. Microsoft Forefront Endpoint Protection's installer is typically 28.00 MB in size and installs around 47 files. The most common release is 2.1.1116.0 with 21.93% of all installations currently using this version.
Microsoft Forefront Endpoint Protection is most popular in the United States with 50.65% of installations residing in this country.
Microsoft Forefront Endpoint Protection adds 5 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times. When using a computer that is connected to the internet, Microsoft Forefront Endpoint Protection is known to create 5 firewall exceptions to allow inbound and outbound connectivity.
About Microsoft Forefront Endpoint Protection?
Microsoft Forefront is a suite of enterprise security solutions specifically designed to safeguard computer networks, network servers (including Microsoft Exchange Server and Microsoft SharePoint Server), and individual devices. These products are designed to provide advanced protection against a wide range of cyber threats.
Software Behaviors
- Services:
-
- NisSrv.exe runs as a service named 'Microsoft Netwerkinspectie' (NisSrv) "Biedt bescherming tegen inbraakpogingen die gericht zijn op bekende en recentelijk gevonden zwakke plekken in netwerkprotocollen".
- MsMpEng.exe runs as a service named 'Microsoft Antimalware Service' (MsMpSvc) "Helps protect users from malware and other potentially unwanted software".
- Firewall:
-
- shellext.dll is added as a firewall exception for 'C:\Program Files2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe'.
- msseces.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\msseces.exe'.
- MsMpEng.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MsMpEng.exe'.
- Setup.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\setup.exe'.
- MpCmdRun.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MpCmdRun.exe'.
- Scheduled tasks:
-
- msseces.exe is scheduled as a task with the class '{6FA94EF8-7B88-4C31-9AF5-D831F612AF54}' (runs on registration).
- MpCmdRun.exe is scheduled as a task named 'Microsoft Security Essentials Scan' (runs daily at 11:00 PM).
- MsMpEng.exe is scheduled as a task with the class '{36EFC519-FFC0-44BA-A865-06780C54FA6D}' (runs on registration).
- Setup.exe is scheduled as a task with the class '{EAC44AF3-B6F9-401D-8A78-249D0D819684}' (runs on registration).
- MsMpRes.dll is scheduled as a task named 'Microsoft-Windows-TaskScheduler_Operational_Microsoft-Windows-TaskScheduler_103'.
Startup Entries
- Startup tasks:
-
- msseces.exe is automatically launched at startup through a scheduled task named 5.
- MpCmdRun.exe is automatically launched at startup through a scheduled task named MS-AntiVir-Update.
- Registry entries:
-
- msseces.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Security Client User Interface' and executes as C:\Program Files\Microsoft Security Client\msseces.exe.
- MpCmdRun.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Malware Protection Command Line Utility' and executes as C:\Program Files\Microsoft Security Client\MpCmdRun.exe.
- MsMpEng.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'New startup' and executes as "C:\Program Files\Microsoft Security Client\MsMpEng.exe".
- Registry entries (User):
-
- msseces.exe is loaded once in the current user (HKCU) registry as a startup file name 'Application Restart #1' which loads as C:\Program Files\Microsoft Security Client\msseces.exe -Recover.
Software Details
- URL:
- https://go.microsoft.com/fwlink/?linkid=195301&mkt=en-us
- Support:
- –
- Installation path:
- C:\Program Files\Microsoft Security Client
- Uninstaller:
- C:\Program Files\Microsoft Security Client\Setup.exe /x
- Size:
- 28.00 MB
- Language:
- English
Microsoft Forefront Endpoint Protection Executable Details
- Primary executable:
- sqmapi.dll
- Name:
- Microsoft Forefront Endpoint Protection
- Path:
- C:\Program Files\Microsoft Security Client\sqmapi.dll
- MD5:
- 93812fdc01aa864195816cd814445f95
- SHA-1:
- –
- SHA-256:
- –
File Type | Filename | MD5 |
---|---|---|
DLL
|
93812fdc01aa864195816cd814445f95 | |
DLL
|
a5e4b3ff51cf5b7926d9651908feb666 | |
EXE
|
6ff84af91ff29fd7abb877ed8ddf060d | |
DLL
|
166a0a49f0f49974ae8e71a14bc30d1f | |
DLL
|
47553e5b76383c1ab339ee56298ba50d | |
DLL
|
bfb5315e95f3efc9f4f662bef6f2d4e4 | |
DLL
|
a26e0a6a7ebb45815a3583e170c27031 | |
EXE
|
89f2aedc2788696702141ab82c3e7866 | |
DLL
|
6038b87e64552b0e7f863f20fd87b2ff | |
DLL
|
92a0fce28889ee68552c0d9132096639 |