Windows 10 includes Windows Defender, which protects your PC against viruses and other threats. The “Microsoft Network Realtime Inspection Service” process, also known as NisSrv.exe, is part of Microsoft’s antivirus software.
Windows 10包含Windows Defender,可保护您的PC免受病毒和其他威胁的侵害。 “ Microsoft网络实时检查服务”过程(也称为NisSrv.exe)是Microsoft防病毒软件的一部分。
This process is also present on Windows 7 if you’ve installed the Microsoft Security Essentials antivirus software. It’s part of other Microsoft anti-malware products, as well.
如果您已安装Microsoft Security Essentials防病毒软件,则Windows 7上也会出现此过程。 它也是其他Microsoft反恶意软件产品的一部分。
This article is part of our ongoing series explaining various processes found in Task Manager, like Runtime Broker, svchost.exe, dwm.exe, ctfmon.exe, rundll32.exe, Adobe_Updater.exe, and many others. Don’t know what those services are? Better start reading!
本文是我们正在进行的系列文章的一部分,介绍了在任务管理器中找到的各种过程,例如Runtime Broker , svchost.exe , dwm.exe , ctfmon.exe , rundll32.exe , Adobe_Updater.exe 等 。 不知道这些服务是什么? 最好开始阅读!
Windows Defender基础 (Windows Defender Basics)
On Windows 10, Microsoft’s Windows Defender antivirus is installed by default. Windows Defender automatically runs in the background, scanning files for malware before you open them and protecting your PC against other types of attacks.
在Windows 10上,默认情况下会安装Microsoft的Windows Defender防病毒软件 。 Windows Defender自动在后台运行,在打开文件之前扫描文件是否存在恶意软件,并保护PC免受其他类型的攻击。
The main Windows Defender process is named “Antimalware Service Executable,” and has the file name MsMpEng.exe. This process checks files for malware when you open them and scans your PC in the background.
Windows Defender的主要进程名为“ Antimalware Service Executable ”,文件名为MsMpEng.exe。 当您打开文件时,此过程将检查文件中是否存在恶意软件,并在后台扫描您的PC。
On Windows 10, you can interact with Windows Defender by launching the “Windows Defender Security Center” application from your Start menu. You can also find it by heading to Settings > Update & Security > Windows Security > Open Windows Defender Security Center. On Windows 7, launch the “Microsoft Security Essentials” application instead. This interface lets you scan for malware manually, and configure the antivirus software.
在Windows 10上,您可以通过从“开始”菜单启动“ Windows Defender安全中心”应用程序来与Windows Defender进行交互。 您也可以通过转到设置>更新和安全> Windows安全>打开Windows Defender安全中心来找到它。 在Windows 7上,启动“ Microsoft Security Essentials”应用程序。 该界面使您可以手动扫描恶意软件,并配置防病毒软件。
NisSrv.exe会做什么? (What Does NisSrv.exe Do?)
The NisSrv.exe process is also known as the “Windows Defender Antivirus Network Inspection Service.” According to Microsoft’s description of the service, it “helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols.”
NisSrv.exe进程也称为“ Windows Defender防病毒网络检查服务”。 根据Microsoft对服务的描述,它“有助于防止针对网络协议中已知和新发现的漏洞的入侵尝试。”
In other words, this service always runs in the background in your PC, monitoring and inspecting network traffic in real time. It’s looking for suspicious behavior that suggests an attacker is attempting to exploit a security hole in a network protocol to attack your PC. If such an attack is detected, Windows Defender immediately shuts it down.
换句话说,此服务始终在您的PC后台运行,实时监视和检查网络流量。 它正在寻找可疑的行为,这表明攻击者正试图利用网络协议中的安全漏洞来攻击您的PC。 如果检测到此类攻击,Windows Defender会立即将其关闭。
Updates for the network inspection service that contain information about new threats arrive through definition updates for Windows Defender—or Microsoft Security Essentials, if you’re using a Windows 7 PC.
包含有关新威胁的信息的网络检查服务更新通过Windows Defender或Microsoft Security Essentials的定义更新(如果使用的是Windows 7 PC)到达。
This feature was originally added to Microsoft’s antivirus programs back in 2012. A Microsoft blog post explains it in a bit more detail, saying that this “is our zero-day vulnerability shielding feature that can block network traffic matching known exploits against unpatched vulnerabilities.” So, when a new security hole is found in either Windows or an application, Microsoft can immediately release a network inspection service update that temporarily protects it. Microsoft—or the application vendor—can then work on a security update that permanently patches the security hole, which may take a while.
该功能最初于2012年添加到Microsoft的防病毒程序中。Microsoft 博客文章对其进行了更详细的解释,称此功能是“我们的零日漏洞屏蔽功能,可以阻止与已知漏洞利用网络通信匹配未修补的漏洞。” 因此,当在Windows或应用程序中发现新的安全漏洞时,Microsoft可以立即发布可暂时保护它的网络检查服务更新。 然后,Microsoft(或应用程序供应商)可以进行安全更新,以永久修补安全漏洞,这可能需要一段时间。
是在监视我吗? (Is It Spying on Me?)
The name “Microsoft Network Realtime Inspection Service” may sound a little creepy at first, but it’s really just a process that’s watching your network traffic for evidence of any known attacks. If an attack is detected, it gets shut down. This works just like standard antivirus file scanning, which watches the files you open and checks if they’re dangerous. If you try opening a dangerous file, the antimalware service stops you.
起初,“ Microsoft网络实时检查服务”这个名称听起来有点令人毛骨悚然,但这实际上只是一个过程,它在监视您的网络流量以查找任何已知攻击的证据。 如果检测到攻击,它将被关闭。 就像标准防病毒文件扫描一样,它可以监视您打开的文件并检查它们是否危险。 如果您尝试打开危险文件,则反恶意软件服务将阻止您。
This particular service is not reporting information about your web browsing and other normal network activity to Microsoft. However, with the default “Full” system-wide telemetry setting, information about web addresses you visit in Microsoft Edge and Internet Explorer may be sent to Microsoft.
此特定服务不会向Microsoft报告有关您的Web浏览和其他正常网络活动的信息。 但是,使用默认的“全”系统范围的遥测设置 ,您在Microsoft Edge和Internet Explorer中访问的网址的有关信息可能会发送给Microsoft。
Windows Defender is configured to report any attacks it detects to Microsoft. You can disable this, if you like. To do so, open the Windows Defender Security Center application, click “Virus & Threat Protection” in the sidebar, and then click the ” Virus & Threat Protection Settings” setting. Disable the “Cloud-delivered protection” and “Automatic sample submission” options.
Windows Defender配置为向Microsoft报告检测到的任何攻击。 您可以根据需要禁用此功能。 为此,请打开Windows Defender安全中心应用程序,单击边栏中的“病毒和威胁防护”,然后单击“病毒和威胁防护设置”设置。 禁用“云交付保护”和“自动提交样品”选项。
We don’t recommend you disable this feature, as information about attacks sent to Microsoft can help protect others. The Cloud-delivered protection feature can help your PC receive new definitions much more quickly, too, which can help protect you against zero-day attacks.
我们不建议您禁用此功能,因为有关发送给Microsoft的攻击的信息可以帮助保护他人。 云提供的保护功能还可以帮助您的PC更快地接收新定义,这可以帮助您抵御零时差攻击 。
我可以禁用它吗? (Can I Disable It?)
This service is a crucial part of Microsoft’s antimalware software, and you can’t easily disable it on Windows 10. You can temporarily disable real-time protection in the Windows Defender Security Center, but it will re-enable itself.
该服务是Microsoft反恶意软件的重要组成部分,您无法在Windows 10上轻松禁用它。您可以在Windows Defender安全中心暂时禁用实时保护,但会重新启用它。
However, if you install another antivirus program, Windows Defender will automatically disable itself. This will disable the Microsoft Network Realtime Inspection Service, too. That other antivirus app probably has its own network protection component.
但是,如果您安装其他防病毒程序,则Windows Defender将自动禁用自身。 这也将禁用Microsoft网络实时检查服务。 该其他防病毒应用程序可能具有自己的网络保护组件。
In other words: You can’t disable this feature, and you shouldn’t. It helps protect your PC. If you install another antivirus tool, it will be disabled, but only because that other antivirus tool is doing the same job and Windows Defender doesn’t want to get in its way.
换句话说:您不能禁用此功能,也不应禁用。 它有助于保护您的PC。 如果安装了另一个防病毒工具,它将被禁用,但这仅是因为该其他防病毒工具正在执行相同的工作,并且Windows Defender不想妨碍它。
是病毒吗? (Is It a Virus?)
This software is not a virus. It’s part of the Windows 10 operating system, and it’s installed on Windows 7 if you have Microsoft Security Essentials on your system. It may also be installed as part of other Microsoft anti-malware tools, such as Microsoft System Center Endpoint Protection.
该软件不是病毒。 它是Windows 10操作系统的一部分,如果您的系统上装有Microsoft Security Essentials,则它已安装在Windows 7上。 它还可能作为其他Microsoft反恶意软件工具(例如Microsoft System Center Endpoint Protection)的一部分安装。
Viruses and other malware do often attempt to disguise themselves as legitimate processes, but we haven’t seen any reports of malware impersonating the NisSrv.exe process. Here’s how to check the files are legitimate if you’re concerned anyway.
病毒和其他恶意软件经常会伪装成合法进程,但我们还没有看到任何恶意软件冒充NisSrv.exe进程的报告。 无论如何,这是检查文件是否合法的方法。
On Windows 10, right-click the “Microsoft Network Realtime Inspection Service” process in the Task Manager and select “Open File Location.”
在Windows 10上,右键单击任务管理器中的“ Microsoft网络实时检查服务”进程,然后选择“打开文件位置”。
On the latest versions of Windows 10, you should see the process in a folder like C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0, although the number of the folder will likely be different.
在最新版本的Windows 10上,您应该在C:\ ProgramData \ Microsoft \ Windows Defender \ Platform \ 4.16.17656.18052-0这样的文件夹中看到该过程,尽管该文件夹的数量可能会有所不同。
On Windows 7, the NisSrv.exe file will appear under C:\Program Files\Microsoft Security Client.
在Windows 7上,NisSrv.exe文件将出现在C:\ Program Files \ Microsoft安全客户端下。
If the NisSrv.exe file is in a different location—or if you’re just suspicious and want to give your PC a double-check—we recommend scanning your PC with your antivirus program of choice.
如果NisSrv.exe文件位于其他位置,或者您只是可疑并希望对PC进行仔细检查,我们建议您使用所选的防病毒程序来扫描PC。