NisSrv.exe

  • File Path: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe
  • Description: Microsoft Network Realtime Inspection Service

Hashes

Type Hash
MD5 21814BCBEAB160F1D98C05C4D472337B
SHA1 25269C3E27F8D6257E311B2C94E4CBA05005765A
SHA256 80B5D7927E0983C81AE45B41883E4A3CE4AF78AB676F4443007C5818B19B2E64
SHA384 83CA179DB2E83ABDA55FA1A21F2B17B4DB4265EFBF77D776F66F69664F8B38B900183190FB7EB5E45616CE7733DD17CB
SHA512 9CD96CDE656B6AAADF6A9D73B309A7CE7519ABE1B45BED46F30AEF4796614E5C6D3434986D7C170BC0BEAF6C0E2D22C0E68260795A4B5DD190E5BE4772059871
SSDEEP 49152:1sKlU2m8XeUbRNGsVt5nSdVPFzI7+wLzrtmnN8r37Un2ZI:WMT/Dnr37U

Signature

  • Status: Signature verified.
  • Serial: 330000024A0E8AFDF15C662D2B00000000024A
  • Thumbprint: 96384A7F5F1C438F32E2454697DC6D312A74517B
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NisSrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.2003.8 (WinBuild.160101.0800)
  • Product Version: 4.18.2003.8
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of NisSrv.exe being misused. While NisSrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\NisSrv' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.