Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP

"WmiPrvSE.exe" Process on Windows 7

Q

What is the "WmiPrvSE.exe" process on windows 7? Is the "WmiPrvSE.exe" process a virus? Can I terminate the "WmiPrvSE.exe" process? Why there are multiple "WmiPrvSE.exe" processes?

✍: FYIcenter.com

A

"WmiPrvSE.exe" process represents "WMI Provider Host" program. "WmiPrvSE.exe" is a service that provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based applications will not function properly.

"WmiPrvSE.exe" process is normally running under the parent process "svchost" as shown in the process tree below: 

Boot
   wininit
      services
         svchost
            WmiPrvSE

On the Processes tab of "Task Manager", "WmiPrvSE.exe" process may be listed multiple times. The reason for multiple "WmiPrvSE.exe" processes is that different applications that use WMI interface do not want to share a single "WmiPrvSE.exe" process to avoid crashing together. Different applications creates different "WmiPrvSE.exe" processes so they can run independently. 

Image Name                 Memory   Description
--------------------   ----------   -----------
WmiPrvSE.exe             21,064 K   WMI Provider Host
WmiPrvSE.exe              8,280 K   WMI Provider Host
...

Additional information about "WmiPrvSE.exe" process: 

Command line:
   C:\windows\system32\wbem\wmiprvse.exe

Programe file information:
   Name: WmiPrvSE.exe
   Location: C:\windows\system32\wbem\wmiprvse.exe
   Description: WMI Provider Host
   Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
   Size: 372736 bytes
   Last modified: 11/20/2010 10:24:15 PM
   Company Name: Microsoft Corporation
   
Some data files used:
C:\Windows\System32
C:\Windows\System32\en-US\user32.dll.mui
C:\Windows\System32\en-US\advapi32.dll.mui
C:\Windows\System32\en-US\setupapi.dll.mui
C:\Windows\System32\wbem\en-US\cimwin32.dll.mui
C:\Windows\System32
C:\Windows\System32\en-US\user32.dll.mui
C:\Windows\System32\en-US\setupapi.dll.mui
C:\Windows\System32\en-US\advapi32.dll.mui

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB
HKLM\SYSTEM\ControlSet001\services\.NET CLR Data\Performance
HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance
HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance
HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance
HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance
HKLM\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\ADVAPI32.dll
C:\windows\system32\msvcrt.dll
C:\windows\SYSTEM32\sechost.dll
C:\windows\system32\RPCRT4.dll
C:\windows\system32\USER32.dll
C:\windows\system32\GDI32.dll
C:\windows\system32\LPK.dll

"WmiPrvSE.exe" process is not a virus. You should not terminate "WmiPrvSE.exe" process.

 

⇒System Service Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2016-07-22, 5851👍, 0💬

Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP