What is Microsoft Network Realtime Inspection Service (NisSrv.exe)?

July 7, 2018 |

greater than 4 minutes

A next generation operating system has to have it all figured out. With Windows 10, it’s almost the case, although there is always room for improvement. For example, Windows Defender, a program that comes pre-installed with your operating system. This built-in feature allows protecting your computer from viruses and various other threats, such as malware and spyware. This feature is stored and run in the computer by another name that users rarely correlate with the service. It’s called the “Microsoft Network Realtime Inspection Service” process and is also known as NisSrv.exe.

If you are looking at programs that are taking up space and deciding which one to get rid off, we strongly advise not to ever consider Nissrv.exe to be part of that list. However, if you are concerned about the power usage that is showing up high for nissrv.exe, you will find some workarounds in this article. So, what is nissrv.exe in Windows?

If you are using Windows 7, you also have the program pre-installed as part of the Microsoft Security Essentials antivirus software

You should also be aware that these anti-malware products are your first line of defense if you have yet to install a protective antivirus. The possible downside of this feature is the large memory usage that it produces while scanning your system for possible infection with malicious programs.

Windows Defender is running in the background but automatically checks and scans the system files for malware and prevents attacks from viruses. Once you install an antivirus of your own, however, Windows Defender stops the active protecting part but still continues with the scans to make sure that your antivirus is updated and active at all times. This is what makes the Windows Defender use a lot of memory power. So, how to fix nissrv.exe high memory usage?

First of all, you should be aware that there is no need to disable the service.

Microsoft Network Realtime Inspection Service is an essential part of the Microsoft’s anti-malware software that is built-in not without reason. Developers are interested in enhancing your protection with new features, and not making your computer vulnerable to new viruses. However, if you decide to install a new program that will be doing things that are of the same caliber, i.e. antivirus software, then Windows Defender will gladly step aside and let the new antivirus take the lead, meaning that the process will automatically disable itself. A great alternative is the Auslogics Anti-Malware tool that will also conduct scheduled scans and checks of your system but will definitely use up less memory than its built-in counterpart.

Scan your system for malicious threats.

The second important point we want to make in this article is…

… that if you have any doubts that a virus is using the name of Windows Defender or nissrv.exe as a break-in technique – then you can check it quite easily. This fear definitely has some ground beneath it, as viruses and malware often have names that are trying to mimic important programs on your computer so that the user is confused and does not delete them. However, there are steps you can take to make sure that you are not being hoodwinked:

  • Step 1. If you are using Windows 10, open Task Manager on your computer. To do that, use the Win+X shortcut keys on your keyboard.
  • Step 2. Find  “Microsoft Network Realtime Inspection Service” and right-click it. Right-click on Microsoft Network Realtime Inspection Service
  • Step 3. In the drop-down menu, select “Open File Location”
  • Step 4. The folder should have this address (with a folder name being different):


  • Step 5. If you see the nissrv.exe file in this folder, then you are most likely dealing with the real installation file of that program. If you do not see the right pathway, you might have been attacked by a virus with a similar name. Locate nissrv.exe.
  • Step 6. Note, that Windows 7 has a different pathway for Windows Defender. It should be here: C:\Program Files\Microsoft Security Client.

The third important side-note that we address is the fear of users that “Microsoft Network Realtime Inspection Service” is spying on them.

The fear is grounded in the apparent ‘supervision’ of the network traffic. Essentially, this is what nissrv.exe does: it surveys all the activity for any possible evidence of an attack or spyware/malware creeping in. Even though this is the same process that your antivirus is working on, some users find it creepy. Probably the most problem users have with this feature is that it reports all the activity to Microsoft, but even with all this system-wide telemetry setting, you are still in charge. To disable the reporting of the detected attacks (and by extension all the scanning information) to Microsoft, take these steps:

  • Step 1. Open the Windows Defender Security Centre application.
  • Step 2. Click “Virus and Threat Protection”.
  • Step 3. Open the Virus and Threat Protection setting.
  • Step 4. Navigate to the following options and disable them:
  1. Cloud-delivered protection
  2. Automatic sample submission

Disable Automatic sample submission

Although it’s not recommended to disable these options, as they may play a great part in receiving new definitions more quickly, you still have a choice. You can either let Microsoft collect information about your browsing preferences or install a tool that will help you protect your computer against malware and at the same time not spy on you.

Share it:
Do you like this post?
1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 5.00 out of 5)