What is Windows Intune Endpoint Protection?

Windows Intune Endpoint Protection is software application developed by Microsoft Corporation. It is most commonly found on computers running Windows 7 with nearly 50.75% of installations running this operating system. Windows Intune Endpoint Protection's installer is typically 22.00 MB in size and installs around 35 files. The most common release is 4.5.216.0 with 43.28% of all installations currently using this version.

Windows Intune Endpoint Protection is most popular in the United States with 50.00% of installations residing in this country.

Windows Intune Endpoint Protection adds 5 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times. When using a computer that is connected to the internet, Windows Intune Endpoint Protection is known to create 4 firewall exceptions to allow inbound and outbound connectivity.

Software Behaviors

Services:

NisSrv.exe runs as a service named '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243' (NisSrv) "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols".
MsMpEng.exe runs as a service named 'MsMpSvc' (MsMpSvc).

Firewall:

msseces.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\msseces.exe'.
shellext.dll is added as a firewall exception for 'C:\users\user\appdata\Local\Temp\30985.exe'.
MsMpEng.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MsMpEng.exe'.
MpCmdRun.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MpCmdRun.exe'.

Scheduled tasks:

msseces.exe is scheduled as a task with the class '{70A48729-EDA2-4C43-BD2A-622C1FE1B158}' (runs on registration).
MpCmdRun.exe is scheduled as a task named 'MSE' (runs weekly on Sundays at 22:52).
MsMpEng.exe is scheduled as a task with the class '{36EFC519-FFC0-44BA-A865-06780C54FA6D}' (runs on registration).
Setup.exe is scheduled as a task with the class '{EAC44AF3-B6F9-401D-8A78-249D0D819684}' (runs on registration).
MsMpRes.dll is scheduled as a task named 'Microsoft-Windows-TaskScheduler_Operational_Microsoft-Windows-TaskScheduler_103'.

Startup Entries

Startup tasks:

MpCmdRun.exe is automatically launched at startup through a scheduled task named Microsoft Security Essentials-Startup.
msseces.exe is automatically launched at startup through a scheduled task named MSC (5).

Registry entries:

MpCmdRun.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Malware Protection Command Line Utility' and executes as C:\Program Files\Microsoft Security Client\MpCmdRun.exe.
msseces.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Security Client User Interface' and executes as C:\Program Files\Microsoft Security Client\msseces.exe.
MsMpEng.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'New startup' and executes as "C:\Program Files\Microsoft Security Client\MsMpEng.exe".

Registry entries (User):

msseces.exe is loaded once in the current user (HKCU) registry as a startup file name 'Application Restart #0' which loads as C:\Program Files\Microsoft Security Client\msseces.exe -Recover.

Software Details

URL:

https://go.microsoft.com/fwlink/?linkid=206391&mkt=en-us

Support:

–

Installation path:

C:\Program Files\Microsoft Security Client

Uninstaller:

C:\Program Files\Microsoft Security Client\Setup.exe /x

Size:

22.00 MB

Language: