Top Nav

What is WmiPrvSE.exe and Why is it Running?

Have you come across WmiPRvSE.exe running in the Task Manager and now you’d like to know what it is? You aren’t alone. I found this process running right after booting up Windows 8, but it’s also found in XP, Vista and Windows 7. Microsoft is responsible for creating it and loading it as an integral part of Windows. It can sometimes be hijacked or imitated by a virus, but those vulnerabilities haven’t been exploited on a mass scale in recent years.

wmiprvse in windows 8 task manager

WmiPrvSE is the acronym for Windows Management Instrumentation Provider Service. Or as the description in Task Manager mentions, it is a WMI Provider Host. A look through the process strings in Process Explorer reveals it as part of Microsoft’s Web-Based Enterprise Management (WBEM) system and the Common Information Model (CIM) Microsoft Operations Manager (MOM, which is now known as SCOM [System Center Operations Manager]. Of course that doesn’t mean much unless you understand what those things mean.

First off, MOM (SCOM) is an event and analytics organizer and dispatcher. It handles security permissions, network reliability, diagnostics, data health, report writing and performance monitoring. CIM is a set of standards that allow for compliance between elements managed by an IT infrastructure. WBEM is a system management technology protocol based on internet standards that ties into the interface of how an application or operating system is managed. WMI is more or less Microsoft’s way of using WBEM.

In other words, without WmiPrvSE, applications in Windows would be very difficult to manage as it’s a host that allows all of the necessary management services to operate. Users and administrators alike would also not likely receive notifications when errors did occur. A look through Process Explorer shows it as a child of svchost.exe.

windows management instrumentation

In Windows Server the process had a post-release problem that inflicted the operating server with overtaxed CPU utilization. The problem was patched by Microsoft. Other instances where users have reported high CPU use involving this process have been found as viruses which copied the name of this legitimate process.

Relevant registry and system file locations for the process are:

  • HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WBEM/CIMOM/CompatibleHostProviders
  • HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WBEM/CIMOM/SecuredHostProviders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32
  • C:\Windows\System32\wbem\WmiPrvSE.exe

Conclusion
Everything will be okay. WmiPrvSE is a safe process created by Microsoft and is needed for Windows to function properly. It shouldn’t be shutdown or messed with, but doing so won’t cause a catastrophic failure of the system. Under normal conditions it has a small system footprint and will only be running when you first launch Windows. If the process is causing problems, it is likely a virus with a copy-cat name.

, , ,

9 Responses to What is WmiPrvSE.exe and Why is it Running?

  1. Aldo Scattolon September 30, 2013 at 9:06 am #

    This is the last time I ever buy a computer using Microsoft as an Operating Language. People who use Macintosh operating systems never have these kind of problems. So my next computer will be an Apple.

    • Nathan October 14, 2013 at 10:52 pm #

      Good for you, I prefer a system that can actually run existing software.

    • shaun April 25, 2015 at 10:30 pm #

      that didnt even make sense, seeing as this ISNT a problem, its an explanation of a specific process…. people using a “mac” lol macintosh, living in the 70s much? its an apple mac now, but yeah they also have a load of processes they dont understand, so its no different xD

  2. Chris January 15, 2014 at 12:35 am #

    Should there be two of them? There are two in my task manager.

    • sohail July 6, 2014 at 12:18 am #

      same for me should there be 2 of them and one is using up to 4% sometimes

      • Unknown August 12, 2014 at 5:15 pm #

        I had 2 as well and one was trying to sync itself with another process but the legit process wouldn’t leave resulting in a conflict so I got rid of the sync process then the virus wouldn’t do anything

  3. frustrated March 11, 2015 at 9:01 pm #

    If my computer is the only one at home why would I need my OS to be “Web-Based Enterprise Managed” ? I’ve tried killing the process, and every time a new one appears right away. At one point task manager showed I had 2 “terminated” and a new one appeared running. This is my home machine, I do not have an IT dept “managing” my machines at home. One more reason I need to switch to Linux and run Windows if I need it in a VM or with WINE.

  4. Mike M June 11, 2015 at 6:36 am #

    Ok I also don’t understand the explanation, I don’t have a network it’s a stand alone computer with a cable connection. This file is eating up cpu time, I have re-installed “Norton” per their instructions. This file just started causing problems a couple of months ago. I see a ton of crap as to what it is, but not why anti-virus can’t seem to see it when it is a virus, or how to check/get rid of.

  5. Peter Rabbit June 21, 2015 at 9:11 am #

    Mike me too, I am having the same issue. All I do is surf the net with a regular DSL router yet every time I boot up to the internet this thing shows up and knocks me right off line. It shows up along side “windows installer” and poof my internet connection is lost. It says it’s not a virus but it sure acts like one!

Leave a Reply

 

×

Amazon.com Top Deals of the Day Check Deals