Top Nav

What is WmiPrvSE.exe and Why is it Running?

Have you come across WmiPRvSE.exe running in the Task Manager and now you’d like to know what it is? You aren’t alone. I found this process running right after booting up Windows 8, but it’s also found in XP, Vista and Windows 7. Microsoft is responsible for creating it and loading it as an integral part of Windows. It can sometimes be hijacked or imitated by a virus, but those vulnerabilities haven’t been exploited on a mass scale in recent years.

wmiprvse in windows 8 task manager

WmiPrvSE is the acronym for Windows Management Instrumentation Provider Service. Or as the description in Task Manager mentions, it is a WMI Provider Host. A look through the process strings in Process Explorer reveals it as part of Microsoft’s Web-Based Enterprise Management (WBEM) system and the Common Information Model (CIM) Microsoft Operations Manager (MOM, which is now known as SCOM [System Center Operations Manager]. Of course, that doesn’t mean much unless you understand what those things mean.

First off, MOM (SCOM) is an event and analytics organizer and dispatcher. It handles security permissions, network reliability, diagnostics, data health, report writing and performance monitoring. CIM is a set of standards that allow for compliance between elements managed by an IT infrastructure. WBEM is a system management technology protocol based on internet standards that tie into the interface of how an application or operating system is managed. WMI is more or less Microsoft’s way of using WBEM.

In other words, without WmiPrvSE, applications in Windows would be very difficult to manage as it’s a host that allows all of the necessary management services to operate. Users and administrators alike would also not likely receive notifications when errors did occur. A look through Process Explorer shows it as a child of svchost.exe.

Related Article:  Find All Apps Installed on Windows 8 (Updated for 8.1)

windows management instrumentation

In Windows Server, the process had a post-release problem that inflicted the operating server with overtaxed CPU utilization. The problem was patched by Microsoft. Other instances where users have reported high CPU use involving this process have been found as viruses which copied the name of this legitimate process.

Relevant registry and system file locations for the process are:

  • HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WBEM/CIMOM/CompatibleHostProviders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32
  • C:\Windows\System32\wbem\WmiPrvSE.exe

Everything will be okay. WmiPrvSE is a safe process created by Microsoft and is needed for Windows to function properly. It shouldn’t be shut down or messed with, but doing so won’t cause a catastrophic failure of the system. Under normal conditions, it has a small system footprint and will only be running when you first launch Windows. If the process is causing problems, it is likely a virus with a copy-cat name.

More Reading:

, , ,

20 Responses to What is WmiPrvSE.exe and Why is it Running?

  1. Aldo Scattolon September 30, 2013 at 9:06 am #

    This is the last time I ever buy a computer using Microsoft as an Operating Language. People who use Macintosh operating systems never have these kind of problems. So my next computer will be an Apple.

    • Nathan October 14, 2013 at 10:52 pm #

      Good for you, I prefer a system that can actually run existing software.

      • Nesquik October 29, 2015 at 6:20 pm #


    • shaun April 25, 2015 at 10:30 pm #

      that didnt even make sense, seeing as this ISNT a problem, its an explanation of a specific process…. people using a “mac” lol macintosh, living in the 70s much? its an apple mac now, but yeah they also have a load of processes they dont understand, so its no different xD

  2. Chris January 15, 2014 at 12:35 am #

    Should there be two of them? There are two in my task manager.

    • sohail July 6, 2014 at 12:18 am #

      same for me should there be 2 of them and one is using up to 4% sometimes

      • Unknown August 12, 2014 at 5:15 pm #

        I had 2 as well and one was trying to sync itself with another process but the legit process wouldn’t leave resulting in a conflict so I got rid of the sync process then the virus wouldn’t do anything

      • ROBERT DEL ROSSO April 22, 2016 at 4:48 pm #

        Well, I only have ONE WmiPrvSE.exe and it’s only using 2,916 KB. And my CPU % is currently running at 16% to 45%, depending on how many windows I have open. Now, it’s 12 Websites and 6 MS Word Files, so 45% is good.

        About a week ago, I had only about 3 Websites and 1 or 2 MS Word files open and CPU was at 100%! So I Googled “CPU at 100%” and the results pointed to “WmiPrvSE.exe”, whcih was using a lot of K or KB, about 40,000 K, I can’t remember the exact number.

        I clicked to show all Processes and right clicked on it to end it, but it did not “end” but the amount of K it used dropped by about 90% and CPU % fell by about 50%.

        Then I could not get back to the Performance Tab– Windows Task Manager was stuck on the “Processes” Tab and I had no Idea what my CPU % was!

        I googled “how to show Performance Tab”? and was told to double click on the border of the processes Tab and I got back my Performance Tab to see CPU was back to normal!

        Still, this is strange and Evil, the way that Virus writers try to mimic legitimate Programs. Like the Alien in the Movie “Mimic”!

  3. frustrated March 11, 2015 at 9:01 pm #

    If my computer is the only one at home why would I need my OS to be “Web-Based Enterprise Managed” ? I’ve tried killing the process, and every time a new one appears right away. At one point task manager showed I had 2 “terminated” and a new one appeared running. This is my home machine, I do not have an IT dept “managing” my machines at home. One more reason I need to switch to Linux and run Windows if I need it in a VM or with WINE.

  4. Mike M June 11, 2015 at 6:36 am #

    Ok I also don’t understand the explanation, I don’t have a network it’s a stand alone computer with a cable connection. This file is eating up cpu time, I have re-installed “Norton” per their instructions. This file just started causing problems a couple of months ago. I see a ton of crap as to what it is, but not why anti-virus can’t seem to see it when it is a virus, or how to check/get rid of.

  5. Peter Rabbit June 21, 2015 at 9:11 am #

    Mike me too, I am having the same issue. All I do is surf the net with a regular DSL router yet every time I boot up to the internet this thing shows up and knocks me right off line. It shows up along side “windows installer” and poof my internet connection is lost. It says it’s not a virus but it sure acts like one!

  6. Surinder July 28, 2015 at 11:16 pm #

    I have been using Windows OS right from win3.1 and always felt why not a OS be compact and install those files very essential to run the PC and then let the user pick additional services that he wants to have viz.. my lappy is stand alone, do I need to have network drivers installed by default? No. Same is the case with printer spooler svc. Unneeded services keep running without your notice, bring down the performance. Right from Win95 to Win7 I have not seen major change in functional OS but the space it occupies kept raising. IF I just required a mini CD to install Win95 now I require DVD over 7GB to install latest OS with SP1,2,3. If your OS has so many holes, why you announce the release to the world, force us to upgrade (for lack of service for older OS) and put an additional costs ?

  7. jack September 4, 2015 at 6:18 am #

    please help me mine takes 57% of my cpu and i cant run shit

  8. Kenny Smith December 3, 2015 at 10:25 am #

    I am having this problem also and mine has 5 wpmprv or whatever thingys running and my computer performance is crap now , I have run anti-virus and re-configured everything I know how to do and can’t get rid of this computer problem ,its now up to eating 71%, Someone plz help me !!!!

  9. mohamed nady January 3, 2016 at 9:56 am #

    i use win 10 and it take 4% of my cpu and system tell my that their is a problem with file like this (HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WBEM/CIMOM/CompatibleHostProviders) what shod i do please

  10. mike o February 9, 2016 at 1:29 pm #

    I have a desktop & a laptop that have this problem; 40+ % of CPU. Also get an occasional error message. It seems as if I started having this problem, as well as others, after updating to Windows 10.

  11. Gary Overton July 15, 2016 at 8:31 am #

    I don’t Know that is helpful I seem to have this same problem and my anti-virus program blocks this as well but is it really safe to run wbem I decided to delete the folder but not all files and the repository folder can be deleted because they are being used by other processes.will look for more info and post it here

  12. Alex July 24, 2016 at 7:42 am #

    I’m running into this issue too. Starting to think that the answer may be to upgrade to Ubuntu. I am so sick on Windows BS and Microsoft in general.

  13. sean August 10, 2016 at 4:52 am #

    i am at this post since i also noticed this wmi thing running recently, it does not seem to cause problems, sometimes i end the task other times it just disappears on it’s own, i’ve run w8 since 2012 up to end 2015 without a day’s problem and i hammer my machine then i connected to the net and problems started, as with previous poster i also wonder why there are so many processes running, are they ALL necessary? sometimes it’s like trying to get to God to get some answers and understand whats going on!

  14. Unknown August 29, 2016 at 2:52 pm #

    Sounds like big brother, aka USA is watching you all. Use windows key. In search type in services.msc , right click on it, and run as administrator. Scroll down till you see Windows Management Instrumentation and double click on it. Click stop, and yes if other processes are using it. Now under starttype: Select deactivated. Click apply and ok. Now restart your computer. Once restarted, update your antivirus and malware scanners. And run a full system scan with both. I recommend downloading spybot 2.4, update it, and do a full system scan with that. However although spybot is free to use, it don’t work well with antiviruses. If you already have an antivirus I sugest you use malwarebytes, less efficient but works same time with most antivirus software. Once you done a full system scan remove all infected files if any. Then restart your computer again. Now it should all work as intended. If you wish to keep having it disabled then simply do nothing. However your security center will be disabled along with network logging the government uses. To activate it again: simply go back into services.msc as you did previously, and under starttype: select automatic click apply, then ok, and restart your comp again. Best of luck.

Leave a Reply