If you check your task manager for programs running, you might have seen the nissrv.exe running and you might be wondering what it is and what it does.
The name doesn’t do it any favors either. It sounds like something that will harm computers. Some sort of malware.
I will be explaining what the program is, what it does, and so much other important info you should know about the process, and why it’s running on your system.
What Is the nissrv.exe Process?
I will be explaining a lot about the process mentioned above using Windows 10 settings and features.
This is because this process is commonly available in Windows 10 and only available in some Windows 7 enabled systems.
If it’s available on your Windows 7 system, it is because you installed Microsoft’s Security Essentials antivirus program or any related Microsoft anti-malware programs.
It is available in Windows 10 default. This means you don’t need to download any programs for the process to run.
The nissrv.exe instead comes with your preinstalled Windows 10 Defender program (more on this when I’m explaining what the process does).
The Official Name Of The Process
Before I go into the process itself, I’ll give you the actual name of the process.
Maybe that will help you see the process in a better light –
Microsoft Network Realtime Inspection Service
Although it will show in your system as the nissrv.exe process, the name of the process or service it performs is what I’ve written above.
At least you should get a little bit of reassurance from the fact that it has “Microsoft” in its name. So it must be quite official, right? Well, yeah. Read on and you’ll find out why.
What The Process Does In The Windows Defender Program
I have already established which program uses the process. Windows Defender. So the question that will be answered below is what the process does.
I will explain more about Windows Defender below just to help people get up to speed about the info they need to know but for now, let’s go into the process.
Microsoft explained what the process does and the simplified version of their statement is that the process helps keep away hackers or exploiters that are using known or unknown loopholes to gain access.
This is all run under the Windows Defender program so it is an important component of the Windows Defender Antivirus program.
nissrv.exe Process Explained
Running quietly in the background of your system, the process searches through online traffic and flags potential threats.
It is most effective when it comes to flagging up intruders especially malware, hackers, or viruses trying to sneak in through formerly discovered vulnerable network protocols.
It also does the same job but for newly discovered chinks in your system’s armor.
So, this process is a real-time (hence the name) continuous process. As soon as the process finds one, it’ll tell Windows Defender to shut it down.
Updating The Process
The straightforward answer is that you can’t really update the process by itself.
However if you ever update the Windows Defender program, then you should get updates to that process automatically too.
When Microsoft Started Using nissrv.exe Process And Why
Well, the process has been around for a while now.
About 8 years ago, Microsoft explained that they were going to release a feature or process that is literally a stopgap measure against viruses, malware, or intruders intent on exploiting known and unknown vulnerabilities.
This is why this process is important because based on what Microsoft explained and what happens normally, at least there will be some sort of short-run protection to block vulnerable system processes.
Security patches aren’t always done fast enough, sometimes before the patches are released, the damage may have already been done. This is essentially why the nissrv.exe process was made.
How The Process Works
Let’s say a new vulnerability has been found or an old one has not been patched yet, Microsoft will then immediately release a temporary fix.
The temporary fix is a Network Inspection Service Update.
What it does is block matching traffic that tallies with how known vulnerabilities are exploited.
To explain in easier terms, the process will flag the traffic that leads to a particular vulnerability being exploited (when there’s no security patch).
So the process of exploitation will be stopped even before it begins because of the stopgap security measure the process provides.
When the fix is in place, this gives whoever has the vulnerability (app vendor) time to figure out a security patch for the new or already known vulnerability.
What To Do If You Feel Viruses Are Imitating The Process
You are well within your rights to still be distrustful. Maybe you’ve had serious issues with malware in the past.
I can categorically say that the process isn’t a virus. It is a vital component of the Windows Defender available in Windows 10.
It can also be found in Windows 7 if the user installed Microsoft security programs.
Don’t take my word for it though, there’s a way to confirm that it isn’t a virus.
As usual, the way is to confirm its path. If the path is the same with the path I’ll explain below, then it isn’t a virus and you should rest easy.
Checking Its Path
The first step is to open your task manager in Windows 10.
You can do that by either using the shortcut keys (Ctrl + Shift + ESC) or right-clicking the Windows taskbar and then choosing Task Manager from the list of options that appear.
Whichever method you use, as long as the task manager is open, you’re on the right track.
Scroll through the processes running and select the official name – Microsoft Network Realtime Inspection Service
Right-click on the name to open a list of options. In the list, choose Open File Location. It is the third option from the bottom of the list.
This should immediately take you to the file location. The navigation should show the following if it’s the real deal and not malware or a virus.
C:\ProgramData\Microsoft\WindowsDefender\Platform\(A set of numbers)
Why I didn’t write out the set of numbers is because yours is probably different from mine and I don’t want to raise any unnecessary alarm bells.
If the navigation already followed the pattern until the number part, then it’s the real deal.
Running A Check To Confirm System Status
You can also run a full system check on a dependable antivirus program to confirm your suspicions about the process being malware or a virus.
Concerns About The Process Being Spyware Resolved
Many users have this fear and with good reason too. Nowadays browsing information is a valuable commodity and many online corporations are always trying to gather user browsing info.
This process isn’t however spying on the user. I understand the fear especially when I explained that it will block attacks by checking online traffic.
The good part is that it will not report the traffic it checks back to Microsoft. It will only use information about how attacks are carried out to prevent new attacks.
Is There Any Info Sent Back To Microsoft?
No, not with this process.
But you should know that if you’re using browsers like Microsoft Edge or the now-retired Internet Explorer, diagnostics including browsing info are sent back to Microsoft.
Some users have said it is exploitative but Microsoft has suggested they use it to protect others and there are some elements of truth in their statement.
You can disable it if you want but I’ll advise you not to. There are a lot of attacks that are avoided because this info gets to Microsoft on time.
Disabling Feature Allowing Info Sent Back To Microsoft
Here’s how to disable it though in case you don’t agree with my recommendation.
Follow this navigation –
Windows Defender Security Center > Virus & Threat Protection > Virus & Threat Protection Settings
When you follow the navigation above and you’re in the V & TP Settings menu, disable these options below –
Automatic Sample Submission
Disabling The nirssv.exe Process
This option is here just in case you insist on it even though I will absolutely advise against it.
There is no reason to remove it and every reason to keep it. Technically you cannot remove the process alone because it is part of a full program.
There’s a very short term fix, disabling real-time protection in the Windows Defender Security Center menu.
The only problem is that the feature will be re-enabled, this is to show you how important the feature is.
There is however a long term fix. You can simply install another antivirus program.
When you run that program, Windows Defender will become inactive and that antivirus program you installed will take over.
Like the short-term fix, this one has its own drawback too.
Odds are the new antivirus program you installed also has its own equivalent of the process you’re trying to remove.
The nissrv.exe is a vital component of your Windows Defender security system. Without it, you will be open to attacks your security can’t handle yet.
Security patches can take a while before they are ready and sent in updates. The only thing keeping your system safe is the process.
Removing it is unnecessary because it doesn’t cause harm to your system, it doesn’t even use that much CPU resources.
I hope this article helped you understand what the process is, what it does, and other important tips you should know. Thanks for reading.
If you have conflicting experiences with the process, please share your experience in the comments section below.