Windows 10 includes Windows Defender, which protects your PC against viruses and other threats. The “Microsoft Network Realtime Inspection Service” process, also known as NisSrv.exe, is part of Microsoft’s antivirus software.

Windows 10包含Windows Defender，可保護(hù)您的PC免受病毒和其他威脅的侵害。 “ Microsoft網(wǎng)絡(luò)實(shí)時(shí)檢查服務(wù)”過(guò)程(也稱為NisSrv.exe)是Microsoft防病毒軟件的一部分。

This process is also present on Windows 7 if you’ve installed the?Microsoft Security Essentials?antivirus software. It’s part of other Microsoft anti-malware products, as well.

如果您已安裝Microsoft Security Essentials防病毒軟件，則Windows 7上也會(huì)出現(xiàn)此過(guò)程。 它也是其他Microsoft反惡意軟件產(chǎn)品的一部分。

This article is part of?our ongoing series?explaining various processes found in Task Manager, like?Runtime Broker,?svchost.exe,?dwm.exe,?ctfmon.exe,?rundll32.exe,?Adobe_Updater.exe, and?many others.?Don’t?know what those services are? Better start reading!

本文是我們正在進(jìn)行的系列文章的一部分，介紹了在任務(wù)管理器中找到的各種過(guò)程，例如Runtime Broker?，?svchost.exe?，?dwm.exe?，?ctfmon.exe?，?rundll32.exe?，?Adobe_Updater.exe?等?。 不知道這些服務(wù)是什么？ 最好開(kāi)始閱讀！

Windows Defender基礎(chǔ)?(Windows Defender Basics)

On Windows 10,?Microsoft’s Windows Defender antivirus?is installed by default. Windows Defender automatically runs in the background, scanning files for malware before you open them and protecting your PC against other types of attacks.

在Windows 10上，默認(rèn)情況下會(huì)安裝Microsoft的Windows Defender防病毒軟件?。 Windows Defender自動(dòng)在后臺(tái)運(yùn)行，在打開(kāi)文件之前掃描文件是否存在惡意軟件，并保護(hù)PC免受其他類型的攻擊。

The main Windows Defender process is named “Antimalware Service Executable,” and has the file name MsMpEng.exe. This process checks files for malware when you open them and scans your PC in the background.

Windows Defender的主要進(jìn)程名為“?Antimalware Service Executable?”，文件名為MsMpEng.exe。 當(dāng)您打開(kāi)文件時(shí)，此過(guò)程將檢查文件中是否存在惡意軟件，并在后臺(tái)掃描您的PC。

On Windows 10, you can interact with Windows Defender by launching the “Windows Defender Security Center” application from your Start menu. You can also find it by heading to Settings > Update & Security > Windows Security > Open Windows Defender Security Center. On Windows 7, launch the “Microsoft Security Essentials” application instead. This interface lets you scan for malware manually, and configure the antivirus software.

在Windows 10上，您可以通過(guò)從“開(kāi)始”菜單啟動(dòng)“ Windows Defender安全中心”應(yīng)用程序來(lái)與Windows Defender進(jìn)行交互。 您也可以通過(guò)轉(zhuǎn)到設(shè)置>更新和安全> Windows安全>打開(kāi)Windows Defender安全中心來(lái)找到它。 在Windows 7上，啟動(dòng)“ Microsoft Security Essentials”應(yīng)用程序。 該界面使您可以手動(dòng)掃描惡意軟件，并配置防病毒軟件。

NisSrv.exe會(huì)做什么？?(What Does NisSrv.exe Do?)

The NisSrv.exe process is also known as the “Windows Defender Antivirus Network Inspection Service.” According to Microsoft’s description of the?service, it?“helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols.”

NisSrv.exe進(jìn)程也稱為“ Windows Defender防病毒網(wǎng)絡(luò)檢查服務(wù)”。 根據(jù)Microsoft對(duì)服務(wù)的描述，它“有助于防止針對(duì)網(wǎng)絡(luò)協(xié)議中已知和新發(fā)現(xiàn)的漏洞的入侵嘗試?！?/p>

In other words, this service always runs in the background in your PC, monitoring and inspecting network traffic in real time. It’s looking for suspicious behavior that suggests an attacker is attempting to exploit a security hole in a network protocol to attack your PC. If such an attack is detected, Windows Defender immediately shuts it down.

換句話說(shuō)，此服務(wù)始終在您的PC后臺(tái)運(yùn)行，實(shí)時(shí)監(jiān)視和檢查網(wǎng)絡(luò)流量。 它正在尋找可疑的行為，這表明攻擊者正試圖利用網(wǎng)絡(luò)協(xié)議中的安全漏洞來(lái)攻擊您的PC。 如果檢測(cè)到此類攻擊，Windows Defender會(huì)立即將其關(guān)閉。

Updates for the network inspection service that contain information about new threats arrive through definition updates for Windows Defender—or Microsoft Security Essentials, if you’re using a Windows 7 PC.

包含有關(guān)新威脅的信息的網(wǎng)絡(luò)檢查服務(wù)更新通過(guò)Windows Defender或Microsoft Security Essentials的定義更新(如果使用的是Windows 7 PC)到達(dá)。

This feature was originally added to Microsoft’s antivirus programs back in 2012. A Microsoft?blog post?explains it in a bit more detail, saying that this “is our zero-day vulnerability shielding feature that can block network traffic matching known exploits against unpatched vulnerabilities.” So, when a new security hole is found in either Windows or an application, Microsoft can immediately release a network inspection service update that temporarily protects it. Microsoft—or the application vendor—can then work on a security update that permanently patches the security hole, which may take a while.

該功能最初于2012年添加到Microsoft的防病毒程序中。Microsoft?博客文章對(duì)其進(jìn)行了更詳細(xì)的解釋，稱此功能是“我們的零日漏洞屏蔽功能，可以阻止與已知漏洞利用網(wǎng)絡(luò)通信匹配未修補(bǔ)的漏洞?！?因此，當(dāng)在Windows或應(yīng)用程序中發(fā)現(xiàn)新的安全漏洞時(shí)，Microsoft可以立即發(fā)布可暫時(shí)保護(hù)它的網(wǎng)絡(luò)檢查服務(wù)更新。 然后，Microsoft(或應(yīng)用程序供應(yīng)商)可以進(jìn)行安全更新，以永久修補(bǔ)安全漏洞，這可能需要一段時(shí)間。

是在監(jiān)視我嗎？?(Is It Spying on Me?)

The name?“Microsoft Network Realtime Inspection Service” may sound a little creepy at first, but it’s really just a process that’s watching your network traffic for evidence of any known attacks. If an attack is detected, it gets shut down. This works just like standard antivirus file scanning, which watches the files you open and checks if they’re dangerous. If you try opening a dangerous file, the antimalware service stops you.

起初，“ Microsoft網(wǎng)絡(luò)實(shí)時(shí)檢查服務(wù)”這個(gè)名稱聽(tīng)起來(lái)有點(diǎn)令人毛骨悚然，但這實(shí)際上只是一個(gè)過(guò)程，它在監(jiān)視您的網(wǎng)絡(luò)流量以查找任何已知攻擊的證據(jù)。 如果檢測(cè)到攻擊，它將被關(guān)閉。 就像標(biāo)準(zhǔn)防病毒文件掃描一樣，它可以監(jiān)視您打開(kāi)的文件并檢查它們是否危險(xiǎn)。 如果您嘗試打開(kāi)危險(xiǎn)文件，則反惡意軟件服務(wù)將阻止您。

This particular service is not reporting information about your web browsing and other normal network activity to Microsoft. However, with?the default “Full” system-wide telemetry setting, information about web addresses you visit in Microsoft Edge and Internet Explorer may be sent to Microsoft.

此特定服務(wù)不會(huì)向Microsoft報(bào)告有關(guān)您的Web瀏覽和其他正常網(wǎng)絡(luò)活動(dòng)的信息。 但是，使用默認(rèn)的“全”系統(tǒng)范圍的遙測(cè)設(shè)置?，您在Microsoft Edge和Internet Explorer中訪問(wèn)的網(wǎng)址的有關(guān)信息可能會(huì)發(fā)送給Microsoft。

Windows Defender is configured to report any attacks it detects to Microsoft. You can disable this, if you like. To do so, open the Windows Defender Security Center application, click “Virus & Threat Protection” in the sidebar, and then click the ” Virus & Threat Protection Settings” setting. Disable the “Cloud-delivered protection” and “Automatic sample submission” options.

Windows Defender配置為向Microsoft報(bào)告檢測(cè)到的任何攻擊。 您可以根據(jù)需要禁用此功能。 為此，請(qǐng)打開(kāi)Windows Defender安全中心應(yīng)用程序，單擊邊欄中的“病毒和威脅防護(hù)”，然后單擊“病毒和威脅防護(hù)設(shè)置”設(shè)置。 禁用“云交付保護(hù)”和“自動(dòng)提交樣品”選項(xiàng)。

We don’t recommend you disable this feature, as information about attacks sent to Microsoft can help protect others. The Cloud-delivered protection feature can help your PC receive new definitions much more quickly, too, which can help protect you against?zero-day attacks.

我們不建議您禁用此功能，因?yàn)橛嘘P(guān)發(fā)送給Microsoft的攻擊的信息可以幫助保護(hù)他人。 云提供的保護(hù)功能還可以幫助您的PC更快地接收新定義，這可以幫助您抵御零時(shí)差攻擊?。

我可以禁用它嗎？?(Can I Disable It?)

This service is a crucial part of Microsoft’s antimalware software, and you can’t easily disable it on Windows 10. You can temporarily disable real-time protection in the Windows Defender Security Center, but it will re-enable itself.

該服務(wù)是Microsoft反惡意軟件的重要組成部分，您無(wú)法在Windows 10上輕松禁用它。您可以在Windows Defender安全中心暫時(shí)禁用實(shí)時(shí)保護(hù)，但會(huì)重新啟用它。

However, if you install another antivirus program, Windows Defender will automatically disable itself. This will disable the Microsoft Network Realtime Inspection Service, too. That other antivirus app probably has its own network protection component.

但是，如果您安裝其他防病毒程序，則Windows Defender將自動(dòng)禁用自身。 這也將禁用Microsoft網(wǎng)絡(luò)實(shí)時(shí)檢查服務(wù)。 該其他防病毒應(yīng)用程序可能具有自己的網(wǎng)絡(luò)保護(hù)組件。

In other words: You can’t disable this feature, and you shouldn’t. It helps protect your PC. If you install another antivirus tool, it will be disabled, but only because that other antivirus tool is doing the same job and Windows Defender doesn’t want to get in its way.

換句話說(shuō)：您不能禁用此功能，也不應(yīng)禁用。 它有助于保護(hù)您的PC。 如果安裝了另一個(gè)防病毒工具，它將被禁用，但這僅是因?yàn)樵撈渌啦《竟ぞ哒趫?zhí)行相同的工作，并且Windows Defender不想妨礙它。

是病毒嗎？?(Is It a Virus?)

This software is not a virus. It’s part of the Windows 10 operating system, and it’s installed on Windows 7 if you have Microsoft Security Essentials on your system. It may also be installed as part of other Microsoft anti-malware tools, such as Microsoft System Center Endpoint Protection.

該軟件不是病毒。 它是Windows 10操作系統(tǒng)的一部分，如果您的系統(tǒng)上裝有Microsoft Security Essentials，則它已安裝在Windows 7上。 它還可能作為其他Microsoft反惡意軟件工具(例如Microsoft System Center Endpoint Protection)的一部分安裝。

Viruses and other malware do often attempt to disguise themselves as legitimate processes, but we haven’t seen any reports of malware impersonating the NisSrv.exe process. Here’s how to check the files are legitimate if you’re concerned anyway.

病毒和其他惡意軟件經(jīng)常會(huì)偽裝成合法進(jìn)程，但我們還沒(méi)有看到任何惡意軟件冒充NisSrv.exe進(jìn)程的報(bào)告。 無(wú)論如何，這是檢查文件是否合法的方法。

On Windows 10, right-click the “Microsoft Network Realtime Inspection Service” process in the Task Manager and select “Open File Location.”

在Windows 10上，右鍵單擊任務(wù)管理器中的“ Microsoft網(wǎng)絡(luò)實(shí)時(shí)檢查服務(wù)”進(jìn)程，然后選擇“打開(kāi)文件位置”。

On the latest versions of Windows 10, you should see the process in a folder like?C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0, although the number of the folder will likely be different.

在最新版本的Windows 10上，您應(yīng)該在C：\ ProgramData \ Microsoft \ Windows Defender \ Platform \ 4.16.17656.18052-0這樣的文件夾中看到該過(guò)程，盡管該文件夾的數(shù)量可能會(huì)有所不同。

On Windows 7, the NisSrv.exe file will appear under C:\Program Files\Microsoft Security Client.

在Windows 7上，NisSrv.exe文件將出現(xiàn)在C：\ Program Files \ Microsoft安全客戶端下。

If the NisSrv.exe file is in a different location—or if you’re just suspicious and want to give your PC a double-check—we recommend scanning your PC with your antivirus program of choice.

如果NisSrv.exe文件位于其他位置，或者您只是可疑并希望對(duì)PC進(jìn)行仔細(xì)檢查，我們建議您使用所選的防病毒程序來(lái)掃描PC。文章來(lái)源地址http://www.zghlxwxcb.cn/news/detail-779828.html

到了這里，關(guān)于什么是“ Microsoft網(wǎng)絡(luò)實(shí)時(shí)檢查服務(wù)”（NisSrv.exe），為什么它在我的PC上運(yùn)行？的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！