NisSrv.exe

File Path: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe
Description: Microsoft Network Realtime Inspection Service

Hashes

Type	Hash
MD5	`21814BCBEAB160F1D98C05C4D472337B`
SHA1	`25269C3E27F8D6257E311B2C94E4CBA05005765A`
SHA256	`80B5D7927E0983C81AE45B41883E4A3CE4AF78AB676F4443007C5818B19B2E64`
SHA384	`83CA179DB2E83ABDA55FA1A21F2B17B4DB4265EFBF77D776F66F69664F8B38B900183190FB7EB5E45616CE7733DD17CB`
SHA512	`9CD96CDE656B6AAADF6A9D73B309A7CE7519ABE1B45BED46F30AEF4796614E5C6D3434986D7C170BC0BEAF6C0E2D22C0E68260795A4B5DD190E5BE4772059871`
SSDEEP	`49152:1sKlU2m8XeUbRNGsVt5nSdVPFzI7+wLzrtmnN8r37Un2ZI:WMT/Dnr37U`

Signature

Status: Signature verified.
Serial: 330000024A0E8AFDF15C662D2B00000000024A
Thumbprint: 96384A7F5F1C438F32E2454697DC6D312A74517B
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: NisSrv.exe
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 4.18.2003.8 (WinBuild.160101.0800)
Product Version: 4.18.2003.8
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of NisSrv.exe being misused. While NisSrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	proc_creation_win_susp_reg_disable_sec_services.yml	`- '\NisSrv'`	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.