"EvtEng.exe" Process on Windows 7

Q

What is the "EvtEng.exe" process on windows 7? Is the "EvtEng.exe" process a virus? Can I terminate the "EvtEng.exe" process?

✍: FYIcenter.com

A

"EvtEng.exe" process represents "Intel(R) PROSet/Wireless Event Log Service" program. "EvtEng.exe" process is created by the "Intel(R) PROSet/Wireless Event Log" service:

"EvtEng.exe" process is normally running under the parent process "services" as shown in the process tree below:

Boot
   wininit
      services
         EvtEng

On the Processes tab of "Task Manager", "EvtEng.exe" process may be listed as:

Image Name                 Memory   Description
--------------------   ----------   -----------
EvtEng.exe               12,964 K   Intel(R) PROSet/Wireless Event Log Service

Additional information about "EvtEng.exe" process:

Command line:
   "C:\Program Files\Intel\WiFi\bin\EvtEng.exe"

Programe file information:
   Name: EvtEng.exe
   Location: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
   Description: Intel(R) PROSet/Wireless Event Log Service
   Version: 18, 40, 0, 0
   Size: 640928 bytes
   Last modified: 2/8/2016 7:14:40 AM
   Company Name: Intel(R) Corporation
   
Some data files used:
C:\Windows\System32
C:\Windows\System32\en-US\setupapi.dll.mui
C:\Program Files\Intel\WiFi\UnifiedLogging\MurocLog.log
C:\Program Files\Intel\WiFi\AutoImport
C:\Windows\System32\en-US\KernelBase.dll.mui

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKU\.DEFAULT\Control Panel\International
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
HKCR\AppID\{E7DCA9D7-1577-45DA-BF99-8BD6184ACF99}
HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKLM\SOFTWARE\INTEL\Wireless\UnifiedLogging

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\Program Files\Intel\WiFi\bin\MurocApi.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\SSPICLI.DLL
C:\windows\system32\msvcrt.dll
C:\windows\system32\RPCRT4.dll
C:\windows\system32\SHLWAPI.dll
C:\windows\system32\GDI32.dll

"EvtEng.exe" process is not a virus. You should not terminate "EvtEng.exe" process.

 

System Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2016-12-21, 350👍, 0💬