If you open the task manager on a device running a recent version of Windows, you may notice the Microsoft Network Realtime Inspection Service (NisSrv.exe) as one of the tasks running on the PC.
It may not be clear immediately if the process is legitimate or not, and what its purpose is. If you run Windows 10, you can expand the name to get Windows Defender Antivirus Network Inspection Service listed underneath the original entry.
Microsoft Network Realtime Inspection Service is a module of Microsoft security software. Which program depends on the version of Windows; on Windows 10 it is the built-in Windows Defender for instance.
The module is a legitimate process, provided that it is located in the right directory on the Windows machine.
The easiest way to find out about that is to right-click on the item and select open file location from the context menu.
The location that opens should be C:\Program Files\Windows Defender and the file in question NisSrv.exe on Windows 10 machines. On earlier versions of Windows, the location is different as a different program may be used for security. Windows 7 users should find the file listed under c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" for instance.
If you are unsure about the legitimacy of the file, you may want to run additional verification checks. One option that you have is to upload it to Virustotal.com to have it scanned for malicious content.
You may also use the information provided by the Windows Services Manager to verify the legitimacy of the process and file.
Open the Services Manager afterwards to look up additional information on the service:
- Tap on the Windows-key, type services.msc and hit the Enter-key on the keyboard.
- Locate Windows Defender Antivirus Network Inspection Service and double-click on the entry to open the properties.
Information listed there include:
- Service Name: WdNisSvc
- Display Name: Windows Defender Antivirus Network Inspection Service
- Path to excutable: "C:\Program Files\Windows Defender\NisSrv.exe"
- Description: Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols
The Network Inspection System is a real-time protection module that monitors network traffic for malicious patterns. You can check out this Microsoft Technet article from 2013 for information on the feature.
Microsoft launched the feature back in October 2012 in Microsoft Security Essentials, and it has been a part of Microsoft's security solutions ever since.
Can you disable the Microsoft Network Realtime Inspection Service?
Microsoft Network Realtime Inspection Service is linked to Windows Defender's real-time protection. You may turn off real-time protection, but it is only temporarily according to the Windows Defender Security Center.
Locates and stops malware from installing or running on your device. You can turn off this setting for a short time before it turns back on automatically.
So, there is no direct way of disabling the network realtime inspection service using Windows Defender's settings.
Note: The service cannot be disabled.
Generally speaking, it is recommended to keep the service activated. If it causes issues on a machine, you may want to consider switching to another antivirus solution instead as this will disable Windows Defender on the machine.