Microsoft Network Realtime Inspection Service (NisSrv.exe) information

Martin Brinkmann
Aug 29, 2017
Updated • Aug 23, 2017
Antivirus, Windows
|
7

If you open the task manager on a device running a recent version of Windows, you may notice the Microsoft Network Realtime Inspection Service (NisSrv.exe) as one of the tasks running on the PC.

It may not be clear immediately if the process is legitimate or not, and what its purpose is. If you run Windows 10, you can expand the name to get Windows Defender Antivirus Network Inspection Service listed underneath the original entry.

Microsoft Network Realtime Inspection Service is a module of Microsoft security software. Which program depends on the version of Windows; on Windows 10 it is the built-in Windows Defender for instance.

The module is a legitimate process, provided that it is located in the right directory on the Windows machine.

microsoft network realtime inspection service

The easiest way to find out about that is to right-click on the item and select open file location from the context menu.

The location that opens should be C:\Program Files\Windows Defender and the file in question NisSrv.exe on Windows 10 machines. On earlier versions of Windows, the location is different as a different program may be used for security. Windows 7 users should find the file listed under c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" for instance.

nissrv.exe

If you are unsure about the legitimacy of the file, you may want to run additional verification checks. One option that you have is to upload it to Virustotal.com to have it scanned for malicious content.

You may also use the information provided by the Windows Services Manager to verify the legitimacy of the process and file.

windows defender antivirus network inspection service

Open the Services Manager afterwards to look up additional information on the service:

  1. Tap on the Windows-key, type services.msc and hit the Enter-key on the keyboard.
  2. Locate Windows Defender Antivirus Network Inspection Service and double-click on the entry to open the properties.

Information listed there include:

  • Service Name: WdNisSvc
  • Display Name: Windows Defender Antivirus Network Inspection Service
  • Path to excutable: "C:\Program Files\Windows Defender\NisSrv.exe"
  • Description: Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols

The Network Inspection System is a real-time protection module that monitors network traffic for malicious patterns. You can check out this Microsoft Technet article from 2013 for information on the feature.

Microsoft launched the feature back in October 2012 in Microsoft Security Essentials, and it has been a part of Microsoft's security solutions ever since.

Can you disable the Microsoft Network Realtime Inspection Service?

Microsoft Network Realtime Inspection Service is linked to Windows Defender's real-time protection. You may turn off real-time protection, but it is only temporarily according to the Windows Defender Security Center.

Real-time protection

Locates and stops malware from installing or running on your device. You can turn off this setting for a short time before it turns back on automatically.

So, there is no direct way of disabling the network realtime inspection service using Windows Defender's settings.

Note: The service cannot be disabled.

Generally speaking, it is recommended to keep the service activated. If it causes issues on a machine, you may want to consider switching to another antivirus solution instead as this will disable Windows Defender on the machine.

Summary
Microsoft Network Realtime Inspection Service (NisSrv.exe) information
Article Name
Microsoft Network Realtime Inspection Service (NisSrv.exe) information
Description
The troubleshooting guide offers information on the Microsoft Network Realtime Inspection Service (NisSrv.exe) on Windows 10 machines.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. TelV said on August 30, 2017 at 12:36 pm
    Reply

    I disabled Windows Defender a long time ago by using Autoruns.

    1. electronictonic said on September 23, 2017 at 5:38 pm
      Reply

      Yep used that to disable Nvidia Telemetry also
      Process Lasso is very useful also with the “Terminate Always” feature.

  2. Simone said on August 29, 2017 at 11:36 pm
    Reply

    Nope, it doesn’t do a thing for the end user, it’s just another piece of microsoft spying and “telemetry”. From their own blog post:

    “…doesn’t take on the threat directly, its telemetry ‘can’ trigger actions that result in malware removal”.

    https://blogs.microsoft.com/firehose/2013/06/25/network-real-time-inspection-is-latest-tool-to-fight-malware-detect-suspicious-activity/

    Recommendation: Disable or Uninstall it.

    1. D said on August 30, 2017 at 2:42 pm
      Reply

      It’s not spying your activity, you idiot.

      1. Simone said on August 30, 2017 at 3:25 pm
        Reply

        Well, that’s a relief. Thank you ‘D’ for your personally-vouched reassurance, and surprisingly accurate assessment of my intelligence. And here’s me idiotically (see what I did there) believing everything I read in Microsoft’s own blog post on this tool. Glad you stopped by, ‘D’, to set the record straight.

  3. CHEF-KOCH said on August 29, 2017 at 7:56 pm
    Reply

    NisSrv.exe does exist since MSE v2 (Microsoft Security Essentials). It’s possible to disable it via:

    sc stop “NisSrv”
    sc config “NisSrv” start= disabled

    or if you want to delete it:
    sc delete “NisSrv”

    Of course the better thing would be to change ‘Start’ via registry to 4 or just rename the executable so that you can re-store it at any time.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NisSrv.

    Automatic – 2
    Manual – 3
    Disabled – 4
    Automatic (Delayed Start) – 2

    However if you use WD I recommend to let it enabled.

    1. anne said on February 24, 2018 at 8:22 pm
      Reply

      does not work for me, the command promt returns 1060 error and also says cannot find service, the registry location you gave does not have any NisSrv located in it so i’m no wiser, i am using Win10 and NisSrv is running all the time, it’s interefering with my firewall so need to stop it.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.