The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5063877. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5063877

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.017

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/12, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5063877

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7558
Should be : 10.0.17763.7671

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5066586. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5066586

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0824

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

The remote host is missing one of the following rollup KBs :
- 5066586

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7558
Should be : 10.0.17763.7919

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5065428. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5065428

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0073

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/09, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5065428

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7558
Should be : 10.0.17763.7786

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5068791. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5068791

Critical

7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0009

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/14

The remote host is missing one of the following rollup KBs :
- 5068791

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7558
Should be : 10.0.17763.8024

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5071544

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.0821

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/17

The remote host is missing one of the following rollup KBs :
- 5071544

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7558
Should be : 10.0.17763.8146

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.4002

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability.

The version of VMware Tools installed on the remote Windows host is 11.x or 12.x prior to 12.5.1. It is, therefore, affected by an authentication bypass vulnerability:

- VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM. (CVE-2025-22230)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to VMware Tools version 12.5.1 or later.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.7

0.0003

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

I

Published: 2025/03/27, Modified: 2025/05/16

Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.4.5.49651
Fixed version : 12.5.1

The virtualization tool suite installed on the remote host is affected by multiple vulnerabilities.

The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.4, or 13.x prior to 13.0.5.
It is, therefore, affected by multiple vulnerabilities as disclosed in the VMSA-2025-0015 advisory:

- VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. (CVE-2025-41244)

- VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX. (CVE-2025-41246)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to VMware Tools version 12.5.4, 13.0.5 or later.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0002

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.6 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/02, Modified: 2025/10/30

Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.4.5.49651
Fixed version : 12.5.4
CVE(s) : CVE-2025-41244 CVE-2025-41246

The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.

The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.

Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:

- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.0

0.7941

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

6.6 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2022/10/26, Modified: 2025/12/17

Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.

Signing is not required on the remote SMB server.

Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.

Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

4.6 (CVSS:3.0/E:U/RL:O/RC:C)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

3.7 (CVSS2#E:U/RL:OF/RC:C)

Published: 2012/01/19, Modified: 2022/10/05

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=NSE-TAP-066
|-Issuer : CN=NSE-TAP-066

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=NSE-TAP-066
|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2012/01/17, Modified: 2022/06/14

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=NSE-TAP-066

The remote service encrypts traffic using an older version of TLS.

The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.

Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.

Medium

6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)

Published: 2017/11/22, Modified: 2023/04/19

TLSv1 is enabled and the server supports at least one cipher.

The remote service encrypts traffic using an older version of TLS.

The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.

Medium

6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)

Published: 2022/04/04, Modified: 2024/05/14

TLSv1.1 is enabled and the server supports at least one cipher.

The virtualization tool suite is installed on the remote host is affected by an insecure file handling vulnerability.

The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.2. It is, therefore, affected by an insecure file handling vulnerability:

- VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. (CVE-2025-22247)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to VMware Tools version 12.5.2 or later.

Medium

6.1 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)

5.0

0.0001

5.2 (CVSS2#AV:L/AC:L/Au:S/C:P/I:C/A:N)

I

Published: 2025/05/16, Modified: 2025/10/02

Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.4.5.49651
Fixed version : 12.5.2

The virtualization tool suite is installed on the remote Windows host is affected by an information disclosure vulnerability.

The version of VMware Tools installed on the remote Windows host is 11.x, 12.x prior to 12.5.3, or 13.x prior to 13.0.1.0. It is, therefore, affected by an information disclosure vulnerbility:

- VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets. (CVE-2025-41239)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to VMware Tools version 12.5.3 or 13.0.1.0 or later.

Medium

6.2 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

4.4

0.0001

4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)

Published: 2025/08/11, Modified: 2025/08/11

Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.4.5.49651
Fixed version : 12.5.3

The remote host has not properly mitigated a series of speculative execution vulnerabilities.

The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by :
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
- Intel Branch History Injection (BHI) (CVE-2022-0001)

Apply vendor recommended settings.

Medium

6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

6.2 (CVSS:3.0/E:H/RL:O/RC:C)

7.9

0.9433

5.4 (CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N)

4.7 (CVSS2#E:H/RL:OF/RC:C)

CANVAS (true)

Published: 2019/12/18, Modified: 2025/08/27

Current Settings:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set

-----------------------------------

Recommended Settings 1:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.

-----------------------------------

Recommended Settings 2:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 3:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00802048 (8396872)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 4:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00800048 (8388680)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading enabled.

It is possible to determine the exact time set on the remote host.

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Low

2.2

0.0037

2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published: 1999/08/01, Modified: 2024/10/07

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The remote clock is synchronized with the local clock.

Nessus has detected potential virtual hosts.

Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.

If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]

None

Published: 2010/04/29, Modified: 2022/08/15

The following hostnames point to the remote host :
- nse-tap-066

An antivirus application is installed on the remote host.

An antivirus application is installed on the remote host, and its engine and virus definitions are up to date.

n/a

None

Published: 2005/01/18, Modified: 2025/05/27

Kaspersky :
Kaspersky Anti-Virus is installed on the remote host :

Product name : Kaspersky Endpoint Security for Windows
Version : 21.18.5.438
Installation path : C:\Program Files (x86)\Kaspersky Lab\KES.12.6.0
Virus signatures : 02/02/2026

Nessus was able to gather application compatibility settings on the remote host.

Nessus was able to generate a report on the application compatibility cache on the remote Windows host.

n/a

None

Published: 2016/07/19, Modified: 2018/05/23

Application compatibility cache report attached.

BIOS info could be read.

It is possible to get information about the BIOS via the host's SMB interface.

n/a

None

Published: 2008/09/08, Modified: 2024/06/11

Version : VMW201.00V.21805430.B64.2305221830
Release date : 20230522000000.000000+000
Secure boot : enabled

The BIOS info could be read.

It is possible to get information about the BIOS via the host's WMI interface.

n/a

None

Published: 2008/09/05, Modified: 2025/12/15

Vendor : VMware, Inc.
Version : VMW201.00V.21805430.B64.2305221830
Release date : 20230522000000.000000+000
UUID : 6F6A1342-7396-47D7-D5E1-5D71192E4BFB
Secure boot : enabled

Nessus was able to enumerate folders that were opened in Windows Explorer.

Nessus was able to enumerate folders that were opened in Windows Explorer. Microsoft Windows maintains folder settings using a registry key known as shellbags or BagMRU. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.

n/a

None

Published: 2016/07/19, Modified: 2018/05/23

BagMRU report attached.

It was possible to enumerate CPE names that matched on the remote system.

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

n/a

None

Published: 2010/04/21, Modified: 2025/09/29

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2019:10.0.17763.7558:-:~~datacenter~~x64~ -> Microsoft Windows Server 2019

Following application CPE's matched on the remote system :

cpe:/a:haxx:curl:8.13.0.0 -> Haxx Curl
cpe:/a:kaspersky:kaspersky_anti-virus:21.18.5.438 -> Kaspersky Anti-virus
cpe:/a:microsoft:.net_framework:4.7.2 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.4126.0 -> Microsoft .NET Framework
cpe:/a:microsoft:ie:11.1790.17763.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_explorer:11.0.17763.7553 -> Microsoft Internet Explorer
cpe:/a:microsoft:remote_desktop_connection:10.0.17763.5830 -> Microsoft Remote Desktop Connection
cpe:/a:microsoft:windows_defender:4.18.1807.18075 -> Microsoft Windows Defender
cpe:/a:smartbedded:meteobridge_firmware
cpe:/a:tenable:nessus:10.11.1 -> Tenable Nessus
cpe:/a:vmware:tools:12.4.5.49651 -> VMWare Tools

It is possible to obtain the name of the remote computer manufacturer.

By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.

n/a

None

Published: 2007/02/02, Modified: 2025/12/15

Computer Manufacturer : VMware, Inc.
Computer Model : VMware20,1
Computer SerialNumber : VMware-42 13 6a 6f 96 73 d7 47-d5 e1 5d 71 19 2e 4b fb
Computer Type : Other

Computer Physical CPU's : 1
Computer Logical CPU's : 2
CPU0
Architecture : x64
Physical Cores: 2
Logical Cores : 2

Computer Memory : 4095 MB
RAM slot #0
Form Factor: DIMM
Type : DRAM
Capacity : 4096 MB

Curl is installed on the remote Windows host.

Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host.

Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself.

n/a

None

Published: 2023/02/23, Modified: 2025/12/15

Nessus detected 2 installs of Curl:

Path : c:\windows\system32\curl.exe
Version : 8.13.0.0
Managed by OS : True

Path : c:\windows\syswow64\curl.exe
Version : 8.13.0.0
Managed by OS : True

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc06EA30

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc06EA30

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2d0cd800983bb9e4d5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : RasmanLrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : VpnikeRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : LRPC-71e08a55eed3fe070e

Object UUID : 5252504b-4950-534e-0489-0ff458130000
UUID : 9b3e3722-6211-ca66-4b50-525250494453, version 124.174
Description : Unknown RPC service
Annotation : PRRUniversal#1FEBD1469293ECBF:4952
Type : Local RPC service
Named pipe : PRRUniversal#1FEBD1469293ECBF:4952

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-3af01a225497ff0ec8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : 5884fd81-ca6a-480e-bb6a-24fe652d9be8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0
Description : Unknown RPC service
Annotation : LicenseManager
Type : Local RPC service
Named pipe : LicenseServiceEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-336d5bac4de04781d3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-336d5bac4de04781d3

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6EC1A789BD42D10EE1CEAB7226C

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9dc03d2eac05e4e02a

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6EC1A789BD42D10EE1CEAB7226C

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9dc03d2eac05e4e02a

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6EC1A789BD42D10EE1CEAB7226C

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9dc03d2eac05e4e02a

Object UUID : 5252504b-4950-534e-cd77-cf9b9c0b0000
UUID : 9b3e3722-852a-0d74-4b50-525250494453, version 239.115
Description : Unknown RPC service
Annotation : PRRUniversal#C7ABD3B64756361C:2972
Type : Local RPC service
Named pipe : PRRUniversal#C7ABD3B64756361C:2972

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:2972

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#C7ABD3B64756361C:2972

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:2972

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#C7ABD3B64756361C:2972

Object UUID : 02f887d4-0000-0000-cd77-cf9b9c0b0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:2972

Object UUID : 02f887d4-0000-0000-cd77-cf9b9c0b0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#C7ABD3B64756361C:2972

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0DBF3B2

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc0DBF3B2

Object UUID : 5252504b-4950-534e-4bd3-70d4b8090000
UUID : 9b3e3722-52a0-d7b0-4b50-525250494453, version 239.115
Description : Unknown RPC service
Annotation : PRRUniversal#004D2F3172D6969E:2488
Type : Local RPC service
Named pipe : PRRUniversal#004D2F3172D6969E:2488

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:2488

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#004D2F3172D6969E:2488

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:2488

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#004D2F3172D6969E:2488

Object UUID : 08d1f4f4-0000-0000-4bd3-70d4b8090000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:2488

Object UUID : 08d1f4f4-0000-0000-4bd3-70d4b8090000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#004D2F3172D6969E:2488

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-44cf645e1211ea6c86

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 5252504b-4950-534e-b555-cd3f70110000
UUID : 9b3e3722-23cf-c32e-4b50-525250494453, version 239.115
Description : Unknown RPC service
Annotation : PRRUniversal#6BA9B19A7613FB41:4464
Type : Local RPC service
Named pipe : PRRUniversal#6BA9B19A7613FB41:4464

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:4464

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#6BA9B19A7613FB41:4464

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:4464

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#6BA9B19A7613FB41:4464

Object UUID : 052a8b8c-0000-0000-b555-cd3f70110000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:4464

Object UUID : 052a8b8c-0000-0000-b555-cd3f70110000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#6BA9B19A7613FB41:4464

Object UUID : d3a92dfc-6b92-4d0c-b2ac-de106de2b0a6
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-5e45b5bd295abead73

Object UUID : 85c63f3f-f6fe-4af8-a7cd-85a3356de1be
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-5e45b5bd295abead73

Object UUID : baa1a221-fdea-44ad-a86a-6c30f7152e58
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-5e45b5bd295abead73

Object UUID : f6999919-213d-477b-ad99-1feb14b70ece
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLE35A0F1A102D13A0C3047BA2A514E

Object UUID : f6999919-213d-477b-ad99-1feb14b70ece
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-626fb2e0936dfc2320

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-4f5ea91d944900c42a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Local RPC service
Named pipe : ipsec

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7a5cc94d4e0f7eb972

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7a5cc94d4e0f7eb972

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7a5cc94d4e0f7eb972

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7a5cc94d4e0f7eb972

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7a5cc94d4e0f7eb972

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7a5cc94d4e0f7eb972

Object UUID : 5252504b-4950-534e-ed29-764fcc090000
UUID : 9b3e3722-f1d3-f026-4b50-525250494453, version 239.115
Description : Unknown RPC service
Annotation : PRRUniversal#7B5285D272D603E1:2508
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 06570fa0-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 06570fa0-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-abb6-0007-4b50-525250524944
UUID : 9b3e3722-7551-7dee-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_MEMMANAGER
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-abb6-0007-4b50-525250524944
UUID : 9b3e3722-7551-7dee-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_MEMMANAGER
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 00000000-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 00000000-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 0513ba64-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 0513ba64-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-8790-000c-4b50-525250524944
UUID : 9b3e3722-1441-c93d-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_TYPE_NAME
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-8790-000c-4b50-525250524944
UUID : 9b3e3722-1441-c93d-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_TYPE_NAME
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-a517-000d-4b50-525250524944
UUID : 9b3e3722-f9a8-d5cb-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_PROFILE_NAME
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-a517-000d-4b50-525250524944
UUID : 9b3e3722-f9a8-d5cb-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_PROFILE_NAME
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-b19c-0002-4b50-525250524944
UUID : 9b3e3722-050c-2b49-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_ID
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-b19c-0002-4b50-525250524944
UUID : 9b3e3722-050c-2b49-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_ID
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-1931-0005-4b50-525250524944
UUID : 9b3e3722-a39b-5baa-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_REQ
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-1931-0005-4b50-525250524944
UUID : 9b3e3722-a39b-5baa-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_REQ
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-4d95-0005-4b50-525250524944
UUID : 9b3e3722-f7aa-5ba3-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_RSP
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-4d95-0005-4b50-525250524944
UUID : 9b3e3722-f7aa-5ba3-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_RSP
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-b87a-0007-4b50-525250524944
UUID : 9b3e3722-86c2-73eb-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MESSAGE_IS_INCOMING
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-b87a-0007-4b50-525250524944
UUID : 9b3e3722-86c2-73eb-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MESSAGE_IS_INCOMING
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-5916-0003-4b50-525250524944
UUID : 9b3e3722-0276-35b6-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MESSAGE_CHECK_ONLY
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-5916-0003-4b50-525250524944
UUID : 9b3e3722-0276-35b6-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MESSAGE_CHECK_ONLY
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-20c7-000f-4b50-525250524944
UUID : 9b3e3722-c49b-fe45-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PROTOCOL_TYPE
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-20c7-000f-4b50-525250524944
UUID : 9b3e3722-c49b-fe45-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : PROTOCOL_TYPE
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-c384-0000-4b50-525250524944
UUID : 9b3e3722-6122-0a2a-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_VIRTUAL_OBJECT_NAME
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-c384-0000-4b50-525250524944
UUID : 9b3e3722-6122-0a2a-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_VIRTUAL_OBJECT_NAME
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-7401-0008-4b50-525250524944
UUID : 9b3e3722-62c7-816c-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npUserContext
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-7401-0008-4b50-525250524944
UUID : 9b3e3722-62c7-816c-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npUserContext
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-0568-0001-4b50-525250524944
UUID : 9b3e3722-1d09-1186-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npAVS_SCAN_AREA_ID
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-0568-0001-4b50-525250524944
UUID : 9b3e3722-1d09-1186-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npAVS_SCAN_AREA_ID
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-618e-000d-4b50-525250524944
UUID : 9b3e3722-7819-d199-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : antimalware.am_core_dll.registered
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-618e-000d-4b50-525250524944
UUID : 9b3e3722-7819-d199-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : antimalware.am_core_dll.registered
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-4dfb-000b-4b50-525250524944
UUID : 9b3e3722-56be-b1b4-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npSCAN_OBJECT_CONTEXT
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-4dfb-000b-4b50-525250524944
UUID : 9b3e3722-56be-b1b4-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npSCAN_OBJECT_CONTEXT
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-5c94-000c-4b50-525250524944
UUID : 9b3e3722-7dc3-c215-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_READONLY_tERROR
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-5c94-000c-4b50-525250524944
UUID : 9b3e3722-7dc3-c215-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_READONLY_tERROR
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-66bb-0002-4b50-525250524944
UUID : 9b3e3722-b130-2d78-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_EXECUTABLE_PARENT_IO_hOBJECT
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-66bb-0002-4b50-525250524944
UUID : 9b3e3722-b130-2d78-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_EXECUTABLE_PARENT_IO_hOBJECT
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-0726-0007-4b50-525250524944
UUID : 9b3e3722-dfbb-7d89-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_SET_WRITE_ACCESS_tERROR
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-0726-0007-4b50-525250524944
UUID : 9b3e3722-dfbb-7d89-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_SET_WRITE_ACCESS_tERROR
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-21ab-0008-4b50-525250524944
UUID : 9b3e3722-da96-8fb3-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_INTEGRAL_PARENT_IO
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-21ab-0008-4b50-525250524944
UUID : 9b3e3722-da96-8fb3-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npENGINE_INTEGRAL_PARENT_IO
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-554f-0006-4b50-525250524944
UUID : 9b3e3722-3fdc-66a9-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npOBJECT_STARTUP
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-554f-0006-4b50-525250524944
UUID : 9b3e3722-3fdc-66a9-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npOBJECT_STARTUP
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-ae59-0004-4b50-525250524944
UUID : 9b3e3722-49dd-4e78-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : antimalware.oas.PenderPtr
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-ae59-0004-4b50-525250524944
UUID : 9b3e3722-49dd-4e78-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : antimalware.oas.PenderPtr
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-e77b-0006-4b50-525250524944
UUID : 9b3e3722-d7d6-630a-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : native file io object is a stream really
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-e77b-0006-4b50-525250524944
UUID : 9b3e3722-d7d6-630a-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : native file io object is a stream really
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-54e6-0005-4b50-525250524944
UUID : 9b3e3722-97cf-5c32-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : native file io object streams
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-54e6-0005-4b50-525250524944
UUID : 9b3e3722-97cf-5c32-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : native file io object streams
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-c572-000b-4b50-525250524944
UUID : 9b3e3722-7d85-bb8f-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npTM_PROFILE
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-c572-000b-4b50-525250524944
UUID : 9b3e3722-7d85-bb8f-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npTM_PROFILE
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-2be7-0004-4b50-525250524944
UUID : 9b3e3722-2175-40a9-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_SYSCACHED
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-2be7-0004-4b50-525250524944
UUID : 9b3e3722-2175-40a9-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_SYSCACHED
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 07111a68-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-b8eb-3e0b-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : TaskManager
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 07111a68-0000-0000-ed29-764fcc090000
UUID : 9b3e3722-b8eb-3e0b-4b50-52524f424a53, version 239.115
Description : Unknown RPC service
Annotation : TaskManager
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-aa75-0009-4b50-525250524944
UUID : 9b3e3722-b9de-913a-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : DEFER_THREAD_INIT
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-aa75-0009-4b50-525250524944
UUID : 9b3e3722-b9de-913a-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : DEFER_THREAD_INIT
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-1e7b-0004-4b50-525250524944
UUID : 9b3e3722-6afd-4748-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MAILER_PID
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-1e7b-0004-4b50-525250524944
UUID : 9b3e3722-6afd-4748-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MAILER_PID
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-487b-0006-4b50-525250524944
UUID : 9b3e3722-2a49-6623-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npMESSAGE_IS_COMPLETE
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-487b-0006-4b50-525250524944
UUID : 9b3e3722-2a49-6623-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : npMESSAGE_IS_COMPLETE
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-cf60-000f-4b50-525250524944
UUID : 9b3e3722-93c9-f5ca-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : NO_NEED_TREATMENT
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-cf60-000f-4b50-525250524944
UUID : 9b3e3722-93c9-f5ca-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : NO_NEED_TREATMENT
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 9b3e3722-7820-0006-4b50-525250524944
UUID : 9b3e3722-9839-6e01-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MAILER_TID
Type : Local RPC service
Named pipe : PRRNameService:2508

Object UUID : 9b3e3722-7820-0006-4b50-525250524944
UUID : 9b3e3722-9839-6e01-4b50-525250524f50, version 239.115
Description : Unknown RPC service
Annotation : MAILER_TID
Type : Local RPC service
Named pipe : PRRUniversal#7B5285D272D603E1:2508

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : LRPC-9e2e294e1a15cd77e0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service
Type : Local RPC service
Named pipe : LRPC-9e2e294e1a15cd77e0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-96299cbc5546a86190

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-96299cbc5546a86190

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-96299cbc5546a86190

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : OLEC3EB35B3E8483ADBE2323ADF932C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-96299cbc5546a86190

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : OLEC3EB35B3E8483ADBE2323ADF932C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0a13f09312b0a892c6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLEA9797F93D814C541EEFB083A1F40

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-db4fc2307f0ed12a7c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLEA9797F93D814C541EEFB083A1F40

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-db4fc2307f0ed12a7c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-4b06617b34190eeabe

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-5efdc90e8065ca52ce

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-5efdc90e8065ca52ce

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f6d6b784613754327c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-5efdc90e8065ca52ce

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f6d6b784613754327c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-952e5f69e7aeab8c81

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-5efdc90e8065ca52ce

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f6d6b784613754327c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-952e5f69e7aeab8c81

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-8678eb243b97463056

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a86bf032188a101670

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a86bf032188a101670

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a86bf032188a101670

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a86bf032188a101670

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a86bf032188a101670

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a86bf032188a101670

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-1f258eebd84f36719e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1f258eebd84f36719e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : LRPC-11e380cb0e8baeaf8c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : LRPC-11e380cb0e8baeaf8c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : LRPC-11e380cb0e8baeaf8c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-6d27b6e348e821ce91

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-63e0a90aea1fa1b2f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-63e0a90aea1fa1b2f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-63e0a90aea1fa1b2f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-63e0a90aea1fa1b2f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-dc45dba9a228854ef3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-63e0a90aea1fa1b2f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-dc45dba9a228854ef3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-63e0a90aea1fa1b2f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-dc45dba9a228854ef3

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-543423c53f6b111a3a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : df4df73a-c52d-4e3a-8003-8437fdf8302a, version 0.0
Description : Unknown RPC service
Annotation : WM_WindowManagerRPC\Server
Type : Local RPC service
Named pipe : LRPC-d8c22ee7810714b6e3

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-c1c81e8d6e48e6a270

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Annotation : Group Policy RPC Interface
Type : Local RPC service
Named pipe : LRPC-84a5b1109165a7b806

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-2eb51f47a4cfb7c979

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-afdc9ed21c6b126690

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-afdc9ed21c6b126690

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-586f7ca952e79a61e8

Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-90e01fe2b04b836427

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-90e01fe2b04b836427

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-56d3fbe4dd41bdd253

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-90e01fe2b04b836427

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-56d3fbe4dd41bdd253

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : OLE96EEFF940B432AD56A30CBE1BF9C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-c61afa6a263e0855ad

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-90e01fe2b04b836427

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-56d3fbe4dd41bdd253

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : OLE96EEFF940B432AD56A30CBE1BF9C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-c61afa6a263e0855ad

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e85482ab7979c755c9

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0706A1

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-7d0c152b2bd2fa7eae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-221716bec83d6a174c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-221716bec83d6a174c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-53082e3b887fd97d91

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-221716bec83d6a174c

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-53082e3b887fd97d91

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-221716bec83d6a174c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-53082e3b887fd97d91

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2d0cd800983bb9e4d5

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-221716bec83d6a174c

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-53082e3b887fd97d91

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2d0cd800983bb9e4d5

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-baaf4bafe343b3d54a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE38B1B914524DBE272D6B86B0D346

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d431099e3eed179f37

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-68c55e574175186159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-221716bec83d6a174c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-53082e3b887fd97d91

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\NSE-TAP-066

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\NSE-TAP-066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\NSE-TAP-066

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available on TCP port 49664 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49664
IP : 172.17.100.66

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available on TCP port 49665 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49665
IP : 172.17.100.66

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available on TCP port 49666 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.66

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.66

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available on TCP port 49667 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49667
IP : 172.17.100.66

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available on TCP port 49668 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49668
IP : 172.17.100.66

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available on TCP port 49669 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49669
IP : 172.17.100.66

A DCE/RPC service is running on the remote host.

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.

n/a

None

Published: 2001/08/26, Modified: 2021/10/04

The following DCERPC services are available on TCP port 49706 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49706
IP : 172.17.100.66

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49706
IP : 172.17.100.66

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49706
IP : 172.17.100.66

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49706
IP : 172.17.100.66

Use DISM to extract package info from the host.

Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages.

n/a

None

Published: 2020/08/25, Modified: 2025/12/15

The following packages were enumerated using the Deployment Image Servicing and Management Tool:

Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Foundation
Install Time : 9/15/2018 7:21 AM

Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:07 AM

Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerDatacenter-GVLK-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 9:11 AM

Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.17763.1
State : Installed
Release Type : Language Pack
Install Time : 9/15/2018 9:07 AM

Package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 7:21 AM

Package : Microsoft-Windows-ServerCore-SKU-Foundation-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 7:21 AM

Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:09 AM

Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.3840.1
State : Superseded
Release Type : Update
Install Time : 8/5/2021 7:24 PM

Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4130.1
State : Superseded
Release Type : Update
Install Time : 4/30/2025 1:11 AM

Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4135.1
State : Installed
Release Type : Update
Install Time : 7/26/2025 3:39 AM

Package : Package_for_KB4589208~31bf3856ad364e35~amd64~~10.0.2.4
State : Installed
Release Type : Update
Install Time : 3/22/2025 5:43 AM

Package : Package_for_KB5005112~31bf3856ad364e35~amd64~~17763.2111.1.0
State : Installed
Release Type : Security Update
Install Time : 8/5/2021 7:24 PM

Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.2114.1.3
State : Superseded
Release Type : Security Update
Install Time : 8/5/2021 7:36 PM

Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.7136.1.10
State : Superseded
Release Type : Security Update
Install Time : 4/30/2025 1:11 AM

Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.7558.1.16
State : Installed
Release Type : Security Update
Install Time : 7/26/2025 3:39 AM

Package : Package_for_ServicingStack_7000~31bf3856ad364e35~amd64~~17763.7000.1.1
State : Installed
Release Type : Security Update
Install Time : 3/22/2025 5:29 AM

Package : Package_for_ServicingStack_7125~31bf3856ad364e35~amd64~~17763.7125.1.4
State : Installed
Release Type : Security Update
Install Time : 4/30/2025 1:02 AM

Package : Package_for_ServicingStack_7557~31bf3856ad364e35~amd64~~17763.7557.1.1
State : Installed
Release Type : Security Update
Install Time : 7/26/2025 3:21 AM

This plugin gathers the logs written by other plugins and reports them.

Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.

n/a

None

Published: 2015/06/17, Modified: 2025/07/14

Plugin debug log(s) have been attached.

It was possible to determine the remote system hostname.

This plugin reports a device's hostname collected via SSH or WMI.

n/a

None

Published: 2011/06/30, Modified: 2025/12/15

Hostname : NSE-TAP-066
NSE-TAP-066 (WMI)

It is possible to guess the remote device type.

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

n/a

None

Published: 2011/05/23, Modified: 2025/03/12

Remote device type : general-purpose
Confidence level : 100

Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering Group data obtained by plugin 171956.

n/a

None

Published: 2013/12/06, Modified: 2025/12/15

Group Name : Access Control Assistance Operators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-579
Members :

Group Name : Administrators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-544
Members :
Name : Production
Domain : NSE-TAP-066
Class : Win32_UserAccount
SID : S-1-5-21-1015422919-854319423-3202675523-500
Name : LKPAdmin
Domain : NSE-TAP-066
Class : Win32_UserAccount
SID : S-1-5-21-1015422919-854319423-3202675523-1000
Name : tidua
Domain : NSE-TAP-066
Class : Win32_UserAccount
SID : S-1-5-21-1015422919-854319423-3202675523-1003

Group Name : Backup Operators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-551
Members :

Group Name : Certificate Service DCOM Access
Host Name : NSE-TAP-066
Group SID : S-1-5-32-574
Members :

Group Name : Cryptographic Operators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-569
Members :

Group Name : Device Owners
Host Name : NSE-TAP-066
Group SID : S-1-5-32-583
Members :

Group Name : Distributed COM Users
Host Name : NSE-TAP-066
Group SID : S-1-5-32-562
Members :

Group Name : Event Log Readers
Host Name : NSE-TAP-066
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : NSE-TAP-066
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : NSE-TAP-066
Class : Win32_UserAccount
SID : S-1-5-21-1015422919-854319423-3202675523-501

Group Name : Hyper-V Administrators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-578
Members :

Group Name : IIS_IUSRS
Host Name : NSE-TAP-066
Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : NSE-TAP-066
Class : Win32_SystemAccount
SID : S-1-5-17

Group Name : Network Configuration Operators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : NSE-TAP-066
Group SID : S-1-5-32-559
Members :

Group Name : Performance Monitor Users
Host Name : NSE-TAP-066
Group SID : S-1-5-32-558
Members :

Group Name : Power Users
Host Name : NSE-TAP-066
Group SID : S-1-5-32-547
Members :

Group Name : Print Operators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-550
Members :

Group Name : RDS Endpoint Servers
Host Name : NSE-TAP-066
Group SID : S-1-5-32-576
Members :

Group Name : RDS Management Servers
Host Name : NSE-TAP-066
Group SID : S-1-5-32-577
Members :

Group Name : RDS Remote Access Servers
Host Name : NSE-TAP-066
Group SID : S-1-5-32-575
Members :

Group Name : Remote Desktop Users
Host Name : NSE-TAP-066
Group SID : S-1-5-32-555
Members :

Group Name : Remote Management Users
Host Name : NSE-TAP-066
Group SID : S-1-5-32-580
Members :

Group Name : Replicator
Host Name : NSE-TAP-066
Group SID : S-1-5-32-552
Members :

Group Name : Storage Replica Administrators
Host Name : NSE-TAP-066
Group SID : S-1-5-32-582
Members :

Group Name : System Managed Accounts Group
Host Name : NSE-TAP-066
Group SID : S-1-5-32-581
Members :
Name : DefaultAccount
Domain : NSE-TAP-066
Class : Win32_UserAccount
SID : S-1-5-21-1015422919-854319423-3202675523-503

Group Name : Users
Host Name : NSE-TAP-066
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : NSE-TAP-066
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : NSE-TAP-066
Class : Win32_SystemAccount
SID : S-1-5-11
Name : LKPAdmin
Domain : NSE-TAP-066
Class : Win32_UserAccount
SID : S-1-5-21-1015422919-854319423-3202675523-1000
Name : tidua
Domain : NSE-TAP-066
Class : Win32_UserAccount
SID : S-1-5-21-1015422919-854319423-3202675523-1003

Group Name : KLAdmins
Host Name : NSE-TAP-066
Group SID : S-1-5-21-1015422919-854319423-3202675523-1001
Members :
Name : ksnproxy
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : KLOperators
Host Name : NSE-TAP-066
Group SID : S-1-5-21-1015422919-854319423-3202675523-1002
Members :

Nessus was able to connect to a host via SMB to retrieve a list of users using WMI.

Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering User data obtained by plugin 171956.

n/a

None

Published: 2014/02/25, Modified: 2025/12/15

Name : DefaultAccount
SID : S-1-5-21-1015422919-854319423-3202675523-503
Disabled : True
Lockout : False
Change password : True
Source : Local

Name : Guest
SID : S-1-5-21-1015422919-854319423-3202675523-501
Disabled : True
Lockout : False
Change password : False
Source : Local

Name : LKPAdmin
SID : S-1-5-21-1015422919-854319423-3202675523-1000
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : Production
SID : S-1-5-21-1015422919-854319423-3202675523-500
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : tidua
SID : S-1-5-21-1015422919-854319423-3202675523-1003
Disabled : False
Lockout : False
Change password : False
Source : Local

Name : WDAGUtilityAccount
SID : S-1-5-21-1015422919-854319423-3202675523-504
Disabled : True
Lockout : False
Change password : True
Source : Local

No. Of Users : 6

Enumerates the PATH variable of the current scan user.

Enumerates the PATH variables of the current scan user.

Ensure that directories listed here are in line with corporate policy.

None

Published: 2022/12/21, Modified: 2025/12/18

Nessus has enumerated the path of the current scan user :

C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files (x86)\Kaspersky Lab\KES.12.6.0\
C:\Users\tidua\AppData\Local\Microsoft\WindowsApps

The manufacturer can be identified from the Ethernet OUI.

Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.

n/a

None

Published: 2009/02/19, Modified: 2020/05/13

The following card manufacturers were identified :

00:50:56:93:0E:B4 : VMware, Inc.
00:50:56:88:22:12 : VMware, Inc.

This plugin gathers MAC addresses from various sources and consolidates them into a list.

This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.

n/a

None

Published: 2015/10/16, Modified: 2025/06/10

The following is a consolidated list of detected MAC addresses:
- 00:50:56:93:0E:B4
- 00:50:56:88:22:12

A firewall is configured on the remote host.

Using the supplied credentials, Nessus was able to get a list of firewall rules from the remote host.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.

n/a

None

Published: 2011/09/28, Modified: 2020/09/11

The Windows Firewall is disabled.

A web server is running on the remote host.

This plugin attempts to determine the type and the version of the remote web server.

n/a

None

Published: 2000/01/04, Modified: 2020/10/30

The remote web server type is :

Microsoft-HTTPAPI/2.0

A web server is running on the remote host.

This plugin attempts to determine the type and the version of the remote web server.

n/a

None

Published: 2000/01/04, Modified: 2020/10/30

The remote web server type is :

NessusWWW

A web server is running on the remote host.

This plugin attempts to determine the type and the version of the remote web server.

n/a

None

Published: 2000/01/04, Modified: 2020/10/30

The remote web server type is :

Microsoft-HTTPAPI/2.0

It was possible to resolve the name of the remote host.

Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.

n/a

None

Published: 2004/02/11, Modified: 2025/03/13

172.17.100.66 resolves as NSE-TAP-066.

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 02 Feb 2026 13:51:13 GMT
Connection: close
Content-Length: 315

Response Body :

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Cache-Control: must-revalidate
X-Frame-Options: DENY
Content-Type: text/html
ETag: 042cb263dca222169cf0e62b98b0b8a0
Connection: close
X-XSS-Protection: 1; mode=block
Server: NessusWWW
Date: Mon, 02 Feb 2026 13:51:13 GMT
X-Content-Type-Options: nosniff
Content-Length: 1578
Content-Security-Policy: upgrade-insecure-requests; block-all-mixed-content; form-action 'self'; frame-ancestors 'none'; frame-src https://store.tenable.com; default-src 'self'; connect-src 'self' www.tenable.com; script-src 'self' www.tenable.com; img-src 'self' data:; style-src 'self' www.tenable.com; object-src 'none'; base-uri 'self';
Strict-Transport-Security: max-age=31536000; includeSubDomains
Expect-CT: max-age=0

Response Body :

<!doctype html>
<html lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests; block-all-mixed-content; form-action 'self'; frame-src https://store.tenable.com; default-src 'self'; connect-src 'self' www.tenable.com; script-src 'self' www.tenable.com; img-src 'self' data:; style-src 'self' www.tenable.com; object-src 'none'; base-uri 'self';" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8" />
<title>Nessus</title>
<link rel="stylesheet" href="nessus6.css?v=1765491899209" id="theme-link" />
<link rel="stylesheet" href="tenable_links.css?v=d41d8cd98f00b204e9800998ecf8427e" />
<link rel="stylesheet" href="wizard_templates.css?v=200e92783edd76dcdb599dd0c25b191f" />
<!--[if lt IE 11]>
<script>
window.location = '/unsupported6.html';
</script>
<![endif]-->
<script src="nessus6.js?v=1765491899209"></script>
<script src="pendo-client.js"></script>
<script
src="https://www.tenable.com/evaluations/api/v1/nessus/10.5.0/resources.js"
integrity="sha384-kPWY46NNVaMzEVTy+PxYmNnuxj3LWj/Tism1JYeUOBuuw+oex+2F/BtIMf0Q4ary"
id="t-nessus-activation-resource-load"
crossorigin="anonymous"
data-env="production"
></script>
</head>
<body>
</body>
</html>

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 02 Feb 2026 13:51:13 GMT
Connection: close
Content-Length: 315

Response Body :

Enumerates the IP address assignment method(static/dynamic).

Enumerates the IP address assignment method(static/dynamic).

n/a

None

Published: 2023/02/14, Modified: 2025/12/15

+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
Assign Method : static
+ LAN_100.66
+ IPv4
- Address : 172.17.100.66
Assign Method : static
+ NSE
+ IPv4
- Address : 10.222.207.98
Assign Method : static

The processor CPUID was detected on the remote host.

The CPUID of the Intel processor was detected on the remote host.

n/a

None

Published: 2023/08/18, Modified: 2025/12/15

Nessus was able to extract the following cpuid: C06F2

Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.

Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.

n/a

None

Published: 2016/07/19, Modified: 2024/05/08

http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://backoffice.lkp.net.in/

Internet Explorer typed URL report attached.

The remote device supports LLMNR.

The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.

Make sure that use of this software conforms to your organization's acceptable use and security policies.

None

Published: 2011/04/21, Modified: 2023/10/17

According to LLMNR, the name of the remote host is 'NSE-TAP-066'.

Verify status of the LLMNR service on the remote host.

The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link

Make sure that use of this software conforms to your organization's acceptable use and security policies.

None

Published: 2022/04/28, Modified: 2022/12/29

LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.

Nessus was able to enumerate recently executed programs on the remote host.

Nessus was able to query the MUIcache registry key to find evidence of program execution.

n/a

None

Published: 2016/07/19, Modified: 2018/05/16

@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service
@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver
@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\das.dll,-100 : Device Association Service
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver
@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy
@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver
@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service
@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver
@%systemroot%\system32\appinfo.dll,-100 : Application Information
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@%systemroot%\system32\wkssvc.dll,-2001 : Browser
@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker
@combase.dll,-5010 : Remote Procedure Call (RPC)
@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol
@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver
@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow
@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider
@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client
@%systemroot%\system32\hnetcfgclient.dll,-201 : HNetCfg Client
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@%programfiles%\windows defender\mpasdesc.dll,-330 : Windows Defender Antivirus Mini-Filter Driver
@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\drivers\mslldp.sys,-211 : Microsoft LLDP Protocol Driver
@%systemroot%\system32\storsvc.dll,-100 : Storage Service
@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS)
@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver
@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service
@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service
@%systemroot%\system32\tapisrv.dll,-10100 : Telephony
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System
@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol
@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD)
@%windir%\system32\drivers\pacer.sys,-100 : Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@netlogon.dll,-1010 : Netlogon Service
@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler
@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter
@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper
@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS)
@gpapi.dll,-114 : Resultant Set of Policy Provider
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service
@%systemroot%\system32\sppsvc.exe,-101 : Software Protection
@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service
@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider
@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver
@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service
@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives
@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV)
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker
@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service
@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA)
@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr
@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface
@%systemroot%\system32\netman.dll,-109 : Network Connections
@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager
@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver
@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector
@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio
@keyiso.dll,-100 : CNG Key Isolation
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\srvsvc.dll,-110 : Allows other computers to access resources on your computer using a Microsoft network.
@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS)
@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver
@%systemroot%\system32\cscsvc.dll,-200 : Offline Files
@%systemroot%\system32\firewallapi.dll,-37302 : mDNS
@%programfiles%\windows defender\mpasdesc.dll,-370 : Windows Defender Antivirus Network Inspection System Driver
@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service
@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder
@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage
@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler
@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver
@%systemroot%\system32\netlogon.dll,-102 : Netlogon
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\drivers\pdc.sys,-100 : PDC
@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver
@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver
@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr
@firewallapi.dll,-50323 : SNMP Trap
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\drivers\wcnfs.sys,-100 : Windows Container Name Virtualization
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter
@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension
@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service
@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\w32time.dll,-200 : Windows Time
@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS)
@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service
@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service
@winlangdb.dll,-1121 : English (United States)
@%systemroot%\system32\walletservice.dll,-1000 : WalletService
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT
@%systemroot%\system32\drivers\ipsecgw.sys,-10001 : Windows IPsec Gateway Driver
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness
@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy
@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator
@icsvc.dll,-700 : Virtual Machine Monitoring
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\srvsvc.dll,-109 : File and Printer Sharing for Microsoft Networks
@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service
@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\drivers\tcpip.sys,-10101 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP)
@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon
@appmgmts.dll,-3250 : Application Management
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager
@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management
@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver
@%systemroot%\system32\drivers\mup.sys,-101 : MUP
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager
@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\scardsvr.dll,-1 : Smart Card
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\drivers\mslldp.sys,-210 : IEEE 802.1AB Link-Layer Discovery Protocol (LLDP). Supports Microsoft Data Center Networking (DCN).
@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine
@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt
@waasmedicsvc.dll,-100 : Windows Update Medic Service
@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS)
@%systemroot%\system32\captureservice.dll,-100 : CaptureService
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports and Solutions Control Panel Support
@%systemroot%\system32\drivers\tcpip.sys,-10100 : Internet Protocol Version 4 (TCP/IPv4)
@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager
@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager
@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service
@%systemroot%\system32\drivers\tcpip.sys,-10102 : Internet Protocol Version 6 (TCP/IPv6)
@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\wkssvc.dll,-1010 : Client for Microsoft Networks
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker
@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper
@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications
@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver
@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver
@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service
@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC)
@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service
@combase.dll,-5012 : DCOM Server Process Launcher
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndisimplatform.sys,-500 : Provides a platform for network adapter load balancing and fail-over.
@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection
@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\system32\lltdres.dll,-4 : Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth.
@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
@%systemroot%\system32\btagservice.dll,-101 : Bluetooth Audio Gateway Service
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\usocore.dll,-101 : Update Orchestrator Service
@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP)
@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@comres.dll,-947 : COM+ System Application
@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@comres.dll,-2797 : Distributed Transaction Coordinator
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver
@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver
@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service
@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service
@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\lltdres.dll,-3 : Allows this PC to be discovered and located on the network.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver
@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector
@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service
@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor
@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver
@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service
@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver
@%systemroot%\system32\vds.exe,-100 : Virtual Disk
@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder
@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm
@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host
@%systemroot%\system32\wkssvc.dll,-1011 : Allows your computer to access resources on a Microsoft network.
@%programfiles%\windows defender\mpasdesc.dll,-320 : Windows Defender Antivirus Network Inspection Service
@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service
@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver
@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace
@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver
@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver
@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service
@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts
@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service
@comres.dll,-2450 : COM+ Event System
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP)
@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC)
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface
@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness
@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver
@c:\windows\syswow64\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager
@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc
@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules
@%systemroot%\system32\appidsvc.dll,-100 : Application Identity
@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services
@%systemroot%\system32\srpapi.dll,-100 : AppID Driver
@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode
@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager
@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture
@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector
@%systemroot%\system32\bthavctpsvc.dll,-101 : AVCTP service
@%systemroot%\system32\sysmain.dll,-1000 : SysMain
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol
@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol
@%programfiles%\windows defender\mpasdesc.dll,-310 : Windows Defender Antivirus Service
@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX
@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation
@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator
@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver
@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\drivers\tcpip.sys,-10103 : TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig
@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS)
@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver
@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%programfiles%\windows defender\mpasdesc.dll,-390 : Windows Defender Antivirus Boot Driver
@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver
@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\searchindexer.exe,-103 : Windows Search
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service
@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver
@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\das.dll,-100 : Device Association Service
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver
@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy
@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver
@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service
@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver
@%systemroot%\system32\appinfo.dll,-100 : Application Information
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@%systemroot%\system32\wkssvc.dll,-2001 : Browser
@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker
@combase.dll,-5010 : Remote Procedure Call (RPC)
@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol
@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver
@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow
@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider
@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client
@%systemroot%\system32\hnetcfgclient.dll,-201 : HNetCfg Client
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@%programfiles%\windows defender\mpasdesc.dll,-330 : Windows Defender Antivirus Mini-Filter Driver
@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\drivers\mslldp.sys,-211 : Microsoft LLDP Protocol Driver
@%systemroot%\system32\storsvc.dll,-100 : Storage Service
@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS)
@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver
@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service
@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service
@%systemroot%\system32\tapisrv.dll,-10100 : Telephony
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System
@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol
@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD)
@%windir%\system32\drivers\pacer.sys,-100 : Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@netlogon.dll,-1010 : Netlogon Service
@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler
@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter
@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper
@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS)
@gpapi.dll,-114 : Resultant Set of Policy Provider
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service
@%systemroot%\system32\sppsvc.exe,-101 : Software Protection
@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service
@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider
@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver
@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service
@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives
@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV)
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker
@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service
@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA)
@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr
@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface
@%systemroot%\system32\netman.dll,-109 : Network Connections
@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager
@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver
@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector
@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio
@keyiso.dll,-100 : CNG Key Isolation
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\srvsvc.dll,-110 : Allows other computers to access resources on your computer using a Microsoft network.
@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS)
@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver
@%systemroot%\system32\cscsvc.dll,-200 : Offline Files
@%systemroot%\system32\firewallapi.dll,-37302 : mDNS
@%programfiles%\windows defender\mpasdesc.dll,-370 : Windows Defender Antivirus Network Inspection System Driver
@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service
@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder
@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage
@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler
@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver
@%systemroot%\system32\netlogon.dll,-102 : Netlogon
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\drivers\pdc.sys,-100 : PDC
@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver
@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver
@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr
@firewallapi.dll,-50323 : SNMP Trap
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\drivers\wcnfs.sys,-100 : Windows Container Name Virtualization
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter
@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension
@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service
@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\w32time.dll,-200 : Windows Time
@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS)
@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service
@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service
@winlangdb.dll,-1121 : English (United States)
@%systemroot%\system32\walletservice.dll,-1000 : WalletService
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT
@%systemroot%\system32\drivers\ipsecgw.sys,-10001 : Windows IPsec Gateway Driver
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness
@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy
@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator
@icsvc.dll,-700 : Virtual Machine Monitoring
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\srvsvc.dll,-109 : File and Printer Sharing for Microsoft Networks
@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service
@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\drivers\tcpip.sys,-10101 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP)
@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon
@appmgmts.dll,-3250 : Application Management
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager
@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management
@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver
@%systemroot%\system32\drivers\mup.sys,-101 : MUP
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager
@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\scardsvr.dll,-1 : Smart Card
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\drivers\mslldp.sys,-210 : IEEE 802.1AB Link-Layer Discovery Protocol (LLDP). Supports Microsoft Data Center Networking (DCN).
@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine
@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt
@waasmedicsvc.dll,-100 : Windows Update Medic Service
@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS)
@%systemroot%\system32\captureservice.dll,-100 : CaptureService
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports and Solutions Control Panel Support
@%systemroot%\system32\drivers\tcpip.sys,-10100 : Internet Protocol Version 4 (TCP/IPv4)
@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager
@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager
@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service
@%systemroot%\system32\drivers\tcpip.sys,-10102 : Internet Protocol Version 6 (TCP/IPv6)
@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\wkssvc.dll,-1010 : Client for Microsoft Networks
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker
@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper
@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications
@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver
@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver
@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service
@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC)
@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service
@combase.dll,-5012 : DCOM Server Process Launcher
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndisimplatform.sys,-500 : Provides a platform for network adapter load balancing and fail-over.
@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection
@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\system32\lltdres.dll,-4 : Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth.
@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
@%systemroot%\system32\btagservice.dll,-101 : Bluetooth Audio Gateway Service
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\usocore.dll,-101 : Update Orchestrator Service
@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP)
@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@comres.dll,-947 : COM+ System Application
@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@comres.dll,-2797 : Distributed Transaction Coordinator
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver
@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver
@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service
@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service
@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\lltdres.dll,-3 : Allows this PC to be discovered and located on the network.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver
@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector
@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service
@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor
@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver
@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service
@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver
@%systemroot%\system32\vds.exe,-100 : Virtual Disk
@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder
@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm
@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host
@%systemroot%\system32\wkssvc.dll,-1011 : Allows your computer to access resources on a Microsoft network.
@%programfiles%\windows defender\mpasdesc.dll,-320 : Windows Defender Antivirus Network Inspection Service
@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service
@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver
@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace
@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver
@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver
@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service
@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts
@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service
@comres.dll,-2450 : COM+ Event System
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP)
@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC)
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface
@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness
@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver
@c:\windows\syswow64\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager
@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc
@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules
@%systemroot%\system32\appidsvc.dll,-100 : Application Identity
@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services
@%systemroot%\system32\srpapi.dll,-100 : AppID Driver
@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode
@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager
@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture
@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector
@%systemroot%\system32\bthavctpsvc.dll,-101 : AVCTP service
@%systemroot%\system32\sysmain.dll,-1000 : SysMain
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol
@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol
@%programfiles%\windows defender\mpasdesc.dll,-310 : Windows Defender Antivirus Service
@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX
@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation
@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator
@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver
@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\drivers\tcpip.sys,-10103 : TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig
@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS)
@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver
@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%programfiles%\windows defender\mpasdesc.dll,-390 : Windows Defender Antivirus Boot Driver
@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver
@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\searchindexer.exe,-103 : Windows Search
c:\users\administrator\desktop\bat\nse-fo-box-telnet.bat.friendlyappname : NSE-FO-BOX-TELNET
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\users\administrator\desktop\uptime.bat.friendlyappname : UPTIME
c:\program files\tenable\nessus\nessusd.exe.friendlyappname : nessusd.exe
c:\windows\system32\msiexec.exe.friendlyappname : Windows® installer
c:\windows\system32\control.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\control.exe.friendlyappname : Windows Control Panel
c:\users\administrator\desktop\nse-getway-ping.bat.friendlyappname : NSE-GETWAY-PING
c:\users\administrator\desktop\bat\nse-cm-drop-copy-connectivity.bat.friendlyappname : NSE-CM-DROP-COPY-CONNECTIVITY
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\program files\tenable\nessus\nessusd.exe.applicationcompany : Tenable, Inc.
langid : .
c:\program files\tenable\nessus\nessuscli.exe.friendlyappname : nessuscli.exe
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
c:\users\administrator\desktop\nse-cm-box-telnet.bat.friendlyappname : NSE-CM-BOX-TELNET
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\program files\tenable\nessus\nessuscli.exe.applicationcompany : Tenable, Inc.
c:\program files\tenable\nessus\ndbg.exe.applicationcompany : Tenable, Inc.
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\program files\tenable\nessus\nessus-service.exe.applicationcompany : Tenable, Inc.
c:\program files\tenable\nessus\nessus-service.exe.friendlyappname : nessus-service.exe
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\program files\tenable\nessus\nasl.exe.friendlyappname : nasl.exe
c:\program files\tenable\nessus\nasl.exe.applicationcompany : Tenable, Inc.
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\msiexec.exe.applicationcompany : Microsoft Corporation
c:\users\administrator\desktop\nse-fo-box-telnet.bat.friendlyappname : NSE-FO-BOX-TELNET
c:\program files\tenable\nessus\ndbg.exe.friendlyappname : ndbg.exe
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame

MUICache report attached.