Windows Intune Endpoint Protection
What is Windows Intune Endpoint Protection?
Windows Intune Endpoint Protection is software application developed by Microsoft Corporation. It is most commonly found on computers running Windows 7 with nearly 50.75% of installations running this operating system. Windows Intune Endpoint Protection's installer is typically 22.00 MB in size and installs around 35 files. The most common release is 4.5.216.0 with 43.28% of all installations currently using this version.
Windows Intune Endpoint Protection is most popular in the United States with 50.00% of installations residing in this country.
Windows Intune Endpoint Protection adds 5 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times. When using a computer that is connected to the internet, Windows Intune Endpoint Protection is known to create 4 firewall exceptions to allow inbound and outbound connectivity.
Software Behaviors
- Services:
-
- NisSrv.exe runs as a service named '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243' (NisSrv) "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols".
- MsMpEng.exe runs as a service named 'MsMpSvc' (MsMpSvc).
- Firewall:
-
- msseces.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\msseces.exe'.
- shellext.dll is added as a firewall exception for 'C:\users\user\appdata\Local\Temp\30985.exe'.
- MsMpEng.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MsMpEng.exe'.
- MpCmdRun.exe is added as a firewall exception for 'C:\Program Files\Microsoft Security Client\MpCmdRun.exe'.
- Scheduled tasks:
-
- msseces.exe is scheduled as a task with the class '{70A48729-EDA2-4C43-BD2A-622C1FE1B158}' (runs on registration).
- MpCmdRun.exe is scheduled as a task named 'MSE' (runs weekly on Sundays at 22:52).
- MsMpEng.exe is scheduled as a task with the class '{36EFC519-FFC0-44BA-A865-06780C54FA6D}' (runs on registration).
- Setup.exe is scheduled as a task with the class '{EAC44AF3-B6F9-401D-8A78-249D0D819684}' (runs on registration).
- MsMpRes.dll is scheduled as a task named 'Microsoft-Windows-TaskScheduler_Operational_Microsoft-Windows-TaskScheduler_103'.
Startup Entries
- Startup tasks:
-
- MpCmdRun.exe is automatically launched at startup through a scheduled task named Microsoft Security Essentials-Startup.
- msseces.exe is automatically launched at startup through a scheduled task named MSC (5).
- Registry entries:
-
- MpCmdRun.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Malware Protection Command Line Utility' and executes as C:\Program Files\Microsoft Security Client\MpCmdRun.exe.
- msseces.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Security Client User Interface' and executes as C:\Program Files\Microsoft Security Client\msseces.exe.
- MsMpEng.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'New startup' and executes as "C:\Program Files\Microsoft Security Client\MsMpEng.exe".
- Registry entries (User):
-
- msseces.exe is loaded once in the current user (HKCU) registry as a startup file name 'Application Restart #0' which loads as C:\Program Files\Microsoft Security Client\msseces.exe -Recover.
Software Details
- URL:
- https://go.microsoft.com/fwlink/?linkid=206391&mkt=en-us
- Support:
- –
- Installation path:
- C:\Program Files\Microsoft Security Client
- Uninstaller:
- C:\Program Files\Microsoft Security Client\Setup.exe /x
- Size:
- 22.00 MB
- Language:
- English
Windows Intune Endpoint Protection Executable Details
- Primary executable:
- sqmapi.dll
- Name:
- Windows Intune Endpoint Protection
- Path:
- C:\Program Files\Microsoft Security Client\sqmapi.dll
- MD5:
- 93812fdc01aa864195816cd814445f95
- SHA-1:
- –
- SHA-256:
- –