Microsoft Network Realtime Inspection Service (NisSrv.exe) information

If you open the task manager on a device running a recent version of Windows, you may notice the Microsoft Network Realtime Inspection Service (NisSrv.exe) as one of the tasks running on the PC.

It may not be clear immediately if the process is legitimate or not, and what its purpose is. If you run Windows 10, you can expand the name to get Windows Defender Antivirus Network Inspection Service listed underneath the original entry.

Microsoft Network Realtime Inspection Service is a module of Microsoft security software. Which program depends on the version of Windows; on Windows 10 it is the built-in Windows Defender for instance.

The module is a legitimate process, provided that it is located in the right directory on the Windows machine.

microsoft network realtime inspection service

The easiest way to find out about that is to right-click on the item and select open file location from the context menu.

The location that opens should be C:\Program Files\Windows Defender and the file in question NisSrv.exe on Windows 10 machines. On earlier versions of Windows, the location is different as a different program may be used for security. Windows 7 users should find the file listed under c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" for instance.

nissrv.exe

If you are unsure about the legitimacy of the file, you may want to run additional verification checks. One option that you have is to upload it to Virustotal.com to have it scanned for malicious content.

You may also use the information provided by the Windows Services Manager to verify the legitimacy of the process and file.

windows defender antivirus network inspection service

Open the Services Manager afterwards to look up additional information on the service:

  1. Tap on the Windows-key, type services.msc and hit the Enter-key on the keyboard.
  2. Locate Windows Defender Antivirus Network Inspection Service and double-click on the entry to open the properties.
Read also:  Change Network Adapter Priorities in Windows 10

Information listed there include:

  • Service Name: WdNisSvc
  • Display Name: Windows Defender Antivirus Network Inspection Service
  • Path to excutable: "C:\Program Files\Windows Defender\NisSrv.exe"
  • Description: Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols

The Network Inspection System is a real-time protection module that monitors network traffic for malicious patterns. You can check out this Microsoft Technet article from 2013 for information on the feature.

Microsoft launched the feature back in October 2012 in Microsoft Security Essentials, and it has been a part of Microsoft's security solutions ever since.

Can you disable the Microsoft Network Realtime Inspection Service?

Microsoft Network Realtime Inspection Service is linked to Windows Defender's real-time protection. You may turn off real-time protection, but it is only temporarily according to the Windows Defender Security Center.

Real-time protection

Locates and stops malware from installing or running on your device. You can turn off this setting for a short time before it turns back on automatically.

So, there is no direct way of disabling the network realtime inspection service using Windows Defender's settings.

Note: The service cannot be disabled.

Generally speaking, it is recommended to keep the service activated. If it causes issues on a machine, you may want to consider switching to another antivirus solution instead as this will disable Windows Defender on the machine.

Summary
Article Name
Microsoft Network Realtime Inspection Service (NisSrv.exe) information
Description
The troubleshooting guide offers information on the Microsoft Network Realtime Inspection Service (NisSrv.exe) on Windows 10 machines.
Author
Publisher
Ghacks Technology News
Logo
Advertisement
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail


Filed under:


Responses to Microsoft Network Realtime Inspection Service (NisSrv.exe) information

  1. CHEF-KOCH August 29, 2017 at 7:56 pm #

    NisSrv.exe does exist since MSE v2 (Microsoft Security Essentials). It's possible to disable it via:

    sc stop "NisSrv"
    sc config "NisSrv" start= disabled

    or if you want to delete it:
    sc delete "NisSrv"

    Of course the better thing would be to change 'Start' via registry to 4 or just rename the executable so that you can re-store it at any time.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NisSrv.

    Automatic - 2
    Manual - 3
    Disabled - 4
    Automatic (Delayed Start) - 2

    However if you use WD I recommend to let it enabled.

  2. Simone August 29, 2017 at 11:36 pm #

    Nope, it doesn't do a thing for the end user, it's just another piece of microsoft spying and "telemetry". From their own blog post:

    "...doesn’t take on the threat directly, its telemetry 'can' trigger actions that result in malware removal".

    https://blogs.microsoft.com/firehose/2013/06/25/network-real-time-inspection-is-latest-tool-to-fight-malware-detect-suspicious-activity/

    Recommendation: Disable or Uninstall it.

    • D August 30, 2017 at 2:42 pm #

      It's not spying your activity, you idiot.

      • Simone August 30, 2017 at 3:25 pm #

        Well, that's a relief. Thank you ‘D’ for your personally-vouched reassurance, and surprisingly accurate assessment of my intelligence. And here’s me idiotically (see what I did there) believing everything I read in Microsoft’s own blog post on this tool. Glad you stopped by, ‘D’, to set the record straight.

  3. TelV August 30, 2017 at 12:36 pm #

    I disabled Windows Defender a long time ago by using Autoruns.

    • electronictonic September 23, 2017 at 5:38 pm #

      Yep used that to disable Nvidia Telemetry also
      Process Lasso is very useful also with the "Terminate Always" feature.

Leave a Reply