What is System Center Endpoint Protection?

System Center Endpoint Protection is software application developed by Microsoft Corporation. It is most commonly found on computers running Windows 7 with nearly 64.64% of installations running this operating system. System Center Endpoint Protection's installer is typically 29.00 MB in size and installs around 45 files. The most common release is 4.5.216.0 with 23.97% of all installations currently using this version.

System Center Endpoint Protection is most popular in the United States with 55.95% of installations residing in this country.

System Center Endpoint Protection adds 5 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times. When using a computer that is connected to the internet, System Center Endpoint Protection is known to create 5 firewall exceptions to allow inbound and outbound connectivity.

Software Behaviors

Services:

NisSrv.exe runs as a service named 'Microsoft Netwerkinspectie' (NisSrv) "Biedt bescherming tegen inbraakpogingen die gericht zijn op bekende en recentelijk gevonden zwakke plekken in netwerkprotocollen".
MsMpEng.exe runs as a service named 'Microsoft Antimalware Service' (MsMpSvc) "Helps protect users from malware and other potentially unwanted software".

Firewall:

shellext.dll is added as a firewall exception for 'C:\Program Files2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe'.
msseces.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\msseces.exe'.
MsMpEng.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MsMpEng.exe'.
Setup.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\setup.exe'.
MpCmdRun.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MpCmdRun.exe'.

Scheduled tasks:

msseces.exe is scheduled as a task with the class '{D300CC09-EC38-4DD4-B614-9579AFFC3A46}' (runs on registration).
MpCmdRun.exe is scheduled as a task named 'Microsoft Antimalware Scan' (runs weekly on Sundays at 2:00 AM).
MsMpEng.exe is scheduled as a task with the class '{36EFC519-FFC0-44BA-A865-06780C54FA6D}' (runs on registration).
Setup.exe is scheduled as a task with the class '{EAC44AF3-B6F9-401D-8A78-249D0D819684}' (runs on registration).
MsMpRes.dll is scheduled as a task named 'Microsoft-Windows-TaskScheduler_Operational_Microsoft-Windows-TaskScheduler_103'.

Startup Entries

Startup tasks:

MpCmdRun.exe is automatically launched at startup through a scheduled task named MS-AntiVir-Update.
msseces.exe is automatically launched at startup through a scheduled task named MSC (2).

Registry entries:

msseces.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Security Client User Interface' and executes as C:\Program Files\Microsoft Security Client\msseces.exe.
MpCmdRun.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Malware Protection Command Line Utility' and executes as C:\Program Files\Microsoft Security Client\MpCmdRun.exe.
MsMpEng.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'New startup' and executes as "C:\Program Files\Microsoft Security Client\MsMpEng.exe".

Registry entries (User):

msseces.exe is loaded once in the current user (HKCU) registry as a startup file name 'Application Restart #0' which loads as C:\Program Files\Microsoft Security Client\msseces.exe -Recover.

Software Details

URL:

https://go.microsoft.com/fwlink/?linkid=225780&mkt=en-us

Support:

–

Installation path:

C:\Program Files\Microsoft Security Client

Uninstaller:

"C:\Program Files\Microsoft Security Client\Setup.exe" /x

Size:

29.00 MB

Language: