WmiPrvSE.exe in Process Explorer. Properties gives Access Denied to User Info and Path. Virus?

Toggle sidebar Toggle sidebar
Y

YarManYak

Honorable
May 30, 2013
72
0
10,630
Hi Guys,
I noticed in my Process Explorer a WmiPrvSE process. I was interested to see if it was a potential virus (I have reason to believe keylogger or remote access) and after right clicking properties, it gave me the following results in each box of Image tab;

Path: [Error Opening Process]
Parent: svchost.exe(928)
User: <access denied>
Every other box is blank or n/a
Performance tab of Process explorer shows all n/a

Under WMI Provider tab, there are two providers;
SppProvider root\CIMV2 %SystemRoot%\System32\sppwmi.dll
CIMWin32 root\CIMV2 %systemroot%\system32\wbem\cimwin32.dll

Is this suspicious or standard?
 
Solution
Colif
WmiPrvSE.exe = Windows Management Instrumentation Service - WMI runs as a service with the display name "Windows Management Instrumentation" and the service name "winmgmt". WMI runs automatically at system startup under the LocalSystem account. If WMI is not running, it automatically starts when the first management application or script requests connection to a WMI namespace.

The original WmiPrvSE.exe from Microsoft is an important part of Windows, but often causes problems. WmiPrvSE.exe is located in a subfolder of C:\Windows\System32—normally C:\WINDOWS\System32\wbem\
Click to expand...

If WmiPrvSE.exe is located in the C:\Windows\System32 folder, the security rating is 66% dangerous. The file size is 88,440 bytes (22% of all occurrences)...
Click to expand...
Sort by date Sort by votes
WmiPrvSE.exe = Windows Management Instrumentation Service - WMI runs as a service with the display name "Windows Management Instrumentation" and the service name "winmgmt". WMI runs automatically at system startup under the LocalSystem account. If WMI is not running, it automatically starts when the first management application or script requests connection to a WMI namespace.

The original WmiPrvSE.exe from Microsoft is an important part of Windows, but often causes problems. WmiPrvSE.exe is located in a subfolder of C:\Windows\System32—normally C:\WINDOWS\System32\wbem\
Click to expand...

If WmiPrvSE.exe is located in the C:\Windows\System32 folder, the security rating is 66% dangerous. The file size is 88,440 bytes (22% of all occurrences), 87,684 bytes and 4 more variants. The WmiPrvSE.exe file is a file with no information about its developer. The file is not a Windows core file. The program is not visible. The file is located in the Windows folder, but it is not a Windows core file. The application is loaded during the Windows boot process (see Registry key: Run).
Click to expand...

It's an essential part of the OS that is used for application management and installation. Critical for Windows 8/10. Norton and McCafee commonly find this as a virus on Windows 8/10 and will destroy the OS by blocking it.

http://www.file.net/process/wmiprvse.exe.html
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom