Some users have been wondering if msfeedssync.exe is legitimate or not. Their suspicions usually arise when after they get regular errors associated with the msfeedssync.exe or right after they discover the process in Task Manager.
The errors associated with msfeedssync.exe (Microsoft Feeds Synchronization has encountered a problem and needs to close, etc.) are appearing because the sync wizard is having trouble retrieving some of the scheduled RSS feeds.
Note: This task is also known fo periodically creating command window popups (taskeng.exe) in the title bar.
While this process is most likely is most likely not linked to malicious activity, it might be worth it to investigate, especially if you experience constant high-resource usage by msfeedssync.exe. There are two malware variations capable of pumping your computer full of adware that specifically uses msfeedssync.exe as camouflage in order to avoid security checks.
What is Msfeedssync.exe?
Msfeedssync stands for Microsoft Feeds Synchronization. The legitimate msfeedssync.exe is essentially a Task Scheduler task present on Internet Explorer 7 and Internet Explorer 8 where automatic RSS Feeds are activated by default.
The job of the msfeedssync.exe task is to start at regular intervals ( as specified by the web browser) and search for new RSS feeds updates. As soon as the task manages to update to the new RSS feeds, it should automatically terminate.
RSS feeds are very common with news and blog websites but can also be encountered with other types of digital content. Most of the time, the RSS feed has the same exact content as the webpage, but it’s formatted a bit differently. When you subscribe to a new RSS feed, IE will automatically download new feed content regularly so you can be updated on what is new.
Whenever you subscribe to a new feed, a Scheduled task (msfeedssync.exe) will be created in Task Scheduler in order to periodically check for new content. Keep in mind that this task (msfeedssync.exe) is enabled by default on IE 7 and IE 8, but you might accidentally create it yourself by accidentally clicking the “Feeds” icon associated with a certain website.
Potential security risk?
From our investigations, we managed to uncover two different malware variations that are specifically camouflaging as the legitimate msfeedssync.exe in order to avoid getting picked up by security scans.
Both Trojan-FakeAV.Win32.Windef.qfn and Worm:Win32/Ainslot.A malware variations are very likely to get picked up by virtual any antivirus suite (built-in or 3rd party). But this becomes less likely if you’re running an outdated Windows version that doesn’t have the latest updates installed.
Because of this, it’s very important to go through the absolute minimum verification steps to make sure that the msfeedssync.exe process is not malicious. A good start in determining this is to check the process location via Task Manager. To do this, open Task Manager (Ctrl + Shift + Esc), locate the msfeedssync.exe, right-click on it and choose Open File Location.
If the revealed location is in C:\ Windows \ System 32, the executable is most likely genuine. In the event that the revealed path is different, you’re most likely dealing with a malicious executable.
But regardless of the first outcome, you should take the time to go through at least one more investigation step. We recommend uploading the executable discovered via the steps above to VirusTotal for analysis.
If the analysis reveals any concerns about the security of msfeedssync.exe, you should scan your system with a powerful security scanner. If you don’t have one at the ready, you can get it here
Should I disable the legitimate Msfeedssync.exe?
Once you make sure that the executable is not malicious, it’s up to you to decide if you want to keep using Msfeedssync.exe. If you’re not using any RSS feeds delivered by Internet Explorer, it’s perfectly fine to disable the task. Doing so will not affect your browsing experience in the slightest of ways. This is also true if you’re using a different 3rd party browser. If you’re bothered by the errors caused by the Msfeedssync.exe task, disabling it should stop the odd behavior.
On the other hand, if you’re indeed using IE’s RSS Feeds, disabling the Msfeedssync.exe will mean that your feeds will no longer update.
However, if you decide to go through with it and disable Msfeedssync.exe and the functionality that it brings, you should not delete the executable manually. Doing so will only have a short-term effect and as IE is perfectly capable of recreating the missing component at the next reboot.
Instead, follow one of the methods below to permanently disable msfeedssync.exe along with the functionality that it brings.
Method 1: Disabling msfeedssync.exe via a Run command
The easiest way to prevent the msfeedssync.exe task from producing errors or from showing up in Task Manager is to run a simple Run command (msfeedssync disable + Enter).
To do this, press Windows key + R to open up a new Run window. Then, type “msfeedssync disable and hit Enter.
Note: Keep in mind that you won’t see any confirmation message. If you don’t receive an error message after you hit Enter, it means that the command has been successful and msfeedssync.exe is now disabled.
All that’s left to do is reboot your system and enjoy using your system without the annoying pop-ups and errors caused by msfeedssync.exe. If you ever decide to go back to the old behavior, open another Run window (Windows key + R), type “msfeedssync enable” and hit Enter. This will re-enable the task and revert your system to the old behavior.
You can also refer to Method 2 for a different way of disabling the msfeedssync task.
Method 2: Disabling msfeedssync.exe via Feeds and Web Slices
Another way to prevent the Msfeedssync.exe task from ever bothering you again is to turn it off via your Internet Explorer’s options.
By removing the checkmark associated with Automatically check feeds and Web Slices for updates, you’ll also remove the User Feed Synchronization task from Task Scheduler.
Here’s a quick guide to disabling the Msfeedssync.exe task via the Internet Explorer’s options:
- Open Internet Explorer, click on the setting wheel and click on Internet Options.
- In the Internet Options window, expand the Content tab and click the Settings button associated with Feeds and Web Slices.
- In the Feed and Web Slice Settings menu, simply uncheck the checkbox associated with Automatically check feeds and Web Slices for updates.
- Exit Internet Explorer and reboot your system.
That’s it. You should stop seeing the Msfeedssync.exe process in Task Manager and any errors associated with this executable. If you ever decide to re-enable the process, re-follow the steps above and check the box associated with Automatically check feeds and Web Slices for updates.