If you open the task manager on a device running a recent version of Windows, you may notice the Microsoft Network Realtime Inspection Service (NisSrv.exe) as one of the tasks running on the PC.
It may not be clear immediately if the process is legitimate or not, and what its purpose is. If you run Windows 10, you can expand the name to get Windows Defender Antivirus Network Inspection Service listed underneath the original entry.
Microsoft Network Realtime Inspection Service is a module of Microsoft security software. Which program depends on the version of Windows; on Windows 10 it is the built-in Windows Defender for instance.
The module is a legitimate process, provided that it is located in the right directory on the Windows machine.
The easiest way to find out about that is to right-click on the item and select open file location from the context menu.
The location that opens should be C:\Program Files\Windows Defender and the file in question NisSrv.exe on Windows 10 machines. On earlier versions of Windows, the location is different as a different program may be used for security. Windows 7 users should find the file listed under c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" for instance.
If you are unsure about the legitimacy of the file, you may want to run additional verification checks. One option that you have is to upload it to Virustotal.com to have it scanned for malicious content.
You may also use the information provided by the Windows Services Manager to verify the legitimacy of the process and file.
Open the Services Manager afterwards to look up additional information on the service:
Information listed there include:
The Network Inspection System is a real-time protection module that monitors network traffic for malicious patterns. You can check out this Microsoft Technet article from 2013 for information on the feature.
Microsoft launched the feature back in October 2012 in Microsoft Security Essentials, and it has been a part of Microsoft's security solutions ever since.
Microsoft Network Realtime Inspection Service is linked to Windows Defender's real-time protection. You may turn off real-time protection, but it is only temporarily according to the Windows Defender Security Center.
Locates and stops malware from installing or running on your device. You can turn off this setting for a short time before it turns back on automatically.
So, there is no direct way of disabling the network realtime inspection service using Windows Defender's settings.
Note: The service cannot be disabled.
Generally speaking, it is recommended to keep the service activated. If it causes issues on a machine, you may want to consider switching to another antivirus solution instead as this will disable Windows Defender on the machine.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.