ndis-sys

NDIS Core Network Driver

System DriverEssentialNetwork Stack

CPU Usage

0-6%

Memory

40-120 MB

Location

C:\Windows\System32\drivers

Publisher

Microsoft Corporation

Quick Answer

ndis-sys is safe. It’s a core Windows network driver that enables communication across physical and virtual NICs, using kernel-mode operations and the NDIS interface.

Is it a Virus?

✔ NO - Safe

Located in C:\Windows\System32\drivers\ndis.sys

Warning

Driver-related issues possible

NDIS handles network drivers; corruption can affect connectivity

Can I Disable?

✔ NO

Disabling is not recommended; Windows manages this driver automatically

What is ndis-sys?

ndis-sys is the Windows Network Driver Interface Specification (NDIS) system driver. It operates in kernel mode to mediate data between network adapters and the Windows networking stack, enabling both physical NICs and virtual adapters to function.

NDIS acts as the abstraction layer between protocol drivers and network adapters, ensuring consistent packet handling and security across diverse hardware. It empowers Windows to manage multiple NICs and VPN interfaces.

Quick Fact: NDIS was introduced by Microsoft to unify network driver access; it coordinates data transfer, fragmentation, and filtering across devices.

Types of NDIS Processes

Miniport Driver: Adapter-specific driver for NIC hardware
Protocol Driver: Handles higher-level network protocols (TCP/IP)
NDIS Wrapper: Interface layer coordinating data paths
Vendor-Specific Modules: Optional components added by NIC vendors
Virtual Network Driver: Hyper-V, VMware, or Docker network adapters
Power/Link Management: Monitors link state and power transitions

Is ndis-sys Safe?

Yes, ndis-sys is safe when it is the legitimate Microsoft system driver located in the Windows driver store.

Is ndis-sys a Virus or Malware?

The real ndis-sys is not a virus. Malware can impersonate drivers; verify the path and digital signature.

How to Tell if ndis-sys is Legitimate or Malware

File Location: Must be in C:\Windows\System32\drivers\ndis.sys or C:\Windows\System32\drivers\ndis64.sys. Any ndis.sys elsewhere is suspicious.
Digital Signature: Use PowerShell: Get-AuthenticodeSignature 'C:\Windows\System32\drivers\ndis.sys' and verify Status is Valid and Signer is Microsoft Windows.
Publisher: Check signer in file properties. Should show Microsoft Corporation / Microsoft Windows as the publisher.
Resource & Behavior: NDIS drivers operate in kernel-mode; if you notice unexplained network drops, investigate driver updates or hardware faults.

Red Flags: If ndis.sys is missing from System32\drivers, located in Temp or AppData, or shows an invalid signature, scan with Windows Defender or your security suite.

Why Is ndis-sys Running on My PC?

ndis-sys runs as part of Windows networking to support every NIC, virtual adapter, and VPN interface. It starts during boot and continues as long as networking is active.

Reasons it's running:

Active Network Connections: The driver participates in data transfer for all active NICs, virtual adapters, and VPNs.
Boot Time Initialization: NDIS components load during Windows startup to initialize networking stacks.
Hyper-V and Virtual Switches: Virtual network adapters rely on NDIS to route traffic to virtual switches.
Driver Updates: Windows updates may refresh or replace NDIS components, causing brief activity.
Power Management Transitions: Link state changes and power transitions involve NDIS components to manage adapters.

Can I Disable or Remove ndis-sys?

No, you should not disable ndis-sys. It is an essential system driver for networking. Disable only by device driver updates or specific vendor tooling if advised by Microsoft support.

How to Stop ndis-sys

Restart Networking: Run netsh winsock reset or disable/enable network adapters in Control Panel.
Disable VPN/Virtual Adapters: Temporarily remove Virtual NICs to see if issues persist.
Check for Updates: Update Windows and network drivers to fix driver issues.
Safe Boot: Perform a clean boot to isolate networking components.
Chkdsk and System Scan: Run sfc /scannow and DISM to repair system components.

How to Uninstall or Restore

✔ You should not uninstall ndis-sys manually. Use Windows Update to repair or reset networking components if required.
✔ If a vendor-provided tool suggests driver replacement, follow their instructions with caution.

Common Problems: Network Driver Issues

When ndis-sys encounters problems, you may see connectivity drops, slower speeds, or intermittent VPNs. Try the fixes below.

Common Causes & Solutions

Corrupted driver files: Run System File Checker: sfc /scannow, followed by DISM /Online /Cleanup-Image /RestoreHealth.
Outdated or mismatched drivers: Update NIC and chipset drivers from the manufacturer's website or via Windows Update.
Virtual adapters conflicts: Disable conflicting virtual adapters or remove virtualization software temporarily.
VPN or firewall interference: Temporarily disable VPN clients or firewall rules to identify if they block traffic.
Hardware faults: Check physical NICs and cables; replace failing hardware and re-seat hardware.
Power management settings: Disable power-saving options for NICs: Device Manager > Network adapters > Properties > Power Management > Uncheck 'Allow the computer to turn off this device to save power'.

Quick Fixes:
1. Restart the computer and reset networking stacks (netsh int ip reset).
2. Run sfc /scannow and DISM to repair system files.
3. Update network drivers from the manufacturer's site.
4. Disable conflicting VPNs or firewall rules temporarily.
5. Check cables and replace faulty hardware if needed.

Frequently Asked Questions

Is ndis-sys a virus?

No. ndis-sys is a legitimate Windows kernel driver for networking. Ensure it’s located in C:\Windows\System32\drivers and digitally signed by Microsoft.

Why is ndis-sys using high CPU?

High CPU is unusual for ndis-sys; it may indicate a driver issue, heavy traffic, virtualization, or malware masquerading as a system driver. Check Task Manager and update drivers.

Can I disable ndis-sys?

Disabling is not recommended and can break network connectivity. If needed, disable specific virtual adapters or perform a Windows repair instead.

Where is ndis-sys located?

Typically at C:\Windows\System32\drivers\ndis.sys. Verify file size, digital signature, and signer as Microsoft.

What should I do if ndis-sys crashes?

Run System File Checker (sfc /scannow), DISM, update network drivers, and check for hardware faults. If problems persist, contact Microsoft support.

Is ndis-sys involved with VPNs or virtual NICs?

Yes. NDIS manages virtual adapters and VPN-related interfaces, so issues can arise from virtualization software or VPN clients.