NisSrv.exe is the Microsoft Network Realtime Inspection Service NisSrv.exe is located. A DLL Hijacking is present in mpclient.dll also BINARY: `C:\Program Files\Windows Defender\NisSrv.exe` If you are a blue-teamer, do not watch only `MpCmdRun.exe` but all binaries from Defender.