What is winmgmt.exe? Is winmgmt.exe spyware or a virus?
How to fix winmgmt.exe related problems?
1. Run Security Task Manager to check your winmgmt process
2. Run a Windows Repair Tool to fix winmgmt.exe related PC problems
3. Run an Antivirus to find persistent malware
Process name: Windows Management Instrumentation
Product: Windows
Company: Microsoft
File: winmgmt.exe
Security Rating:
Winmgmt.exe is a core component of client management in Windows. This process initializes when the first client application connects, or runs continuously when management applications request its services.
Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment.
By using industry standards, managers can employ WMI to query and set information on desktop systems, applications, networks and other enterprise components.
Developers can use WMI to create event monitoring applications that alert users when important incidents occur.
Note: The winmgmt.exe file is located in the folder C:\WINDOWS\System32\Wbem. In other cases, winmgmt.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
Click to Run a Free Scan for winmgmt.exe related Errors
Users Opinions
Average user rating of winmgmt.exe: based on 99 votes. Read also the 99 reviews.
26 users ask for this file. 33 users rated it as not dangerous. 4 users rated it as not so dangerous. 30 users rated it as neutral. 11 users rated it as little bit dangerous. 21 users rated it as dangerous. 21 users didn't rate it ("don't know").
| All comments about winmgmt.exe: | |
|---|---|
| Windows Management Service, contains the WMI repository Alex | |
| it stops me loading up doalogue boxes, windows explorer, image preview etc. When I end task it terminates the process and loads up by itself about 2 minutes later | |
| core file john smith 3rd | |
| when i login it's shown winmgmt.exe has generated error and you will be closed by windows and reapeated continueosly not able to appear desktop afsar ali | |
| its a windows management file alee | |
| As stated twice above, "winmgmt.exe has generated errors...". For me it also causes problems with the DNS on my PC. joe shmo | |
| It makes everywindow i have show up wrong, and after ending the task, its starts back up right away | |
| Thsi Program try to connect to the following IP "67.19.131.36" with that Name "36.67-19-131.reverse.theplanet.com" on Port "6667". I see it on my Firewall. I research that there are two Task running with the same Name but ist was a bit different. One is called "WinMgmt.exe" an the other is called "winmgmt.exe" The once with the uppercase m is the Systemtask that was explained from Alex. But the other one do that what I say above. Bully | |
| standard win 2000 system file - could get infected bby a virus. rus a scan Aaron | |
| Again and again a dialogue box appears and says winmgmt.exe has caused some errors. the program will be restarted. What is that? I can't understand | |
| In my case, prevented Windows from shuting down, causing to abort the shut down process and keeping the system up. Daniel | |
| its within system32, but in its own folder? Markay | |
| this is windows file. shadab | |
| part of win | |
| bringt mir immer nur fehlermeldungen? hermannado | |
| Without it system info will not work, MSINFO32.EXE is disabled, it is required if you want system info to work. Why it pops on, it is collecting info about the system. It can also be used to manage remotely on a network. It changed a lot since W95. Rob | |
| This file is safe if within windows\system32 if you have a problem with it try uninstalling recently installed programs because it can be launched automatically by windows if your application requests access to the WMI vincent | |
| I installed the latest Sygate Firewall update and this file now shows up in Task Manager every time I boot. Dennis | |
| Just another one of the many holes in windows. I have win2k and it just sits there listening for connections on ports 2265 and up, no idea why. Anyone know how to plug it? overgrow.com | |
| I can't disable the exe file - it runs in the background and prevents my computer from completeing scan disk or disk defrag operations. | |
| Every time i try to delete it, it reappears again 2 seconds later! ali :oP | |
| Eats a lot of memory &sometimes locks computer till i ctrl alt delete end task wimmgmt.exe then comp goes back to normal . Im wondering if its safe to remove Slayer0420 | |
| Was suddenly running in my system after installing 'Windows Install Clean Up', from the MicroSoftWebside. It slowed down process-speed dramatically. After removing it via regedit and a restart, all's ok. It seems I don't need WINMGMT.EXE in WIN98! Rini | |
| all i know is i downloaded microsoft antispyware and didnt validate my windows after install WinMgmt.exe is trying to connect to the internet, i believe this microsoft seeing if you have a cracked copy of windows. anyhow im not letting it access the internet. Bear | |
| winmgmt.exe is a normal Windows process. winnmgnt.exe (notice the "gnt" instead of "gmt" at the end of the name) is a backdoor program an should be deleted See also: Link Sindri | |
| when i login it's shown winmgmt.exe has generated error and you will be closed by windows and reapeated continueosly not able to appear desktop c collier | |
| seems part of Win, was causing mem leak in 98se machine, removed from registry seemingly without issue GlenMichael | |
| It shows up in a Xoftspy scan as a worm. I looked it up in Google and it shows it as something created by sun java. Webm is the folder it is in, web business management or something like that. I am not sure weather or not to have Xoftspy remove it, going to ask my bro who woks at M. The Minus One | |
| the file is in system32\wbem and second of all it's also in dllcache dir, which means it's protected by wfp, which means it will get replaced when you try to delete it jgs | |
| I know it run in Windows 2000. I also know that on my PC at work it takes up to 40% of the CPU time and makes the HDD churn endlessly, slowing down the system completely. | |
| Depends on were it is. if its under %windir%/system32/ its okey. BUT if its anywere else - delete it! Tim 'gk^' Nilimaa | |
| My system runs fine when I don't see winmgmt in the task manager, very unstable with memory leaks when I do see it there. dreamer-71 | |
| it makes a warning window appear on my screan each couple seconds Mohammed | |
| seems to be same as above just pops up and says it has generated an error and i must close down the computer but when i do it doesn't change ... when i leave the computer on overnight it the message pop upquits popping up but I don't like leaving the computer on all night. kathi | |
| Part of the W32 OS | |
| it make my memory full and I cant open any programe walker | |
| I found it in "C:\Windows\System\WBEM". I've got windows millenium. Is that normal? Magician | |
| It causes a memory error, saying the memory could not be "read". Matt Chrismer | |
| Some additional files seem associated with winmgmt.exe. There is an winmgmtr.dll. Also, these files are located in "SYSTEM" not "SYSTEM32" on my computer. SYSTEM32 appears to contain mostly drivers, and the ONLY .exe application in SYSTEM32 is regsvr32.exe. I'm running WinME on this computer. escudo | |
| suddenly the winmgmt.exe process started using up 10% of CPU every two seconds or so. It would also access the hard disk every two seconds. Very annoying, but a reboot fixed it. bobbem | |
| Hogs up my System Resources, loads up at startup, its a pain having to close it every time with ALT CTRL DELETE then End Task. ConradThe2nd | |
| It keeps my PC nice and unstable. at least i think its the problem Beverman | |
| HERE IT IS! All of you have seperately pieced together the "WinMgmt.exe" Microsoft blowhole. Yep, you won't find much on this thingie because it utilizes Java ( The Minus One ) to port your file system tree to a Microsoft server. This introduced the idea of the next Microsoft OS- codename LONGHORN. Download Jetico Personal ( my fave ) or any other firewall to interrupt traffic - and, yes, it is integrated into the os (2000) so that if it is removed, the os must reboot- retrieving the file from a *.cab( like a zip ) file on your hard drive. Delete the .cab file and imagine having to reload W2k. [ARB1D3_[00L3R | |
| The file is used to generate management scripts, ostensibly by system admins. It appears some trojans/viruses can manipulate it, so if you see it loaded for no apparent reason, you have a problem. If you're not on a network or if you're running Win-9x, I'd personally rename the file to c:\windows\system\wbem\winmgmt.ex- ASAP then restore if you ever genuinely need it. Chances are it's helping viruses reinstall themselves "as if by magic". My money's on a CWS-variant using it to work its wonders. See also: Link Greg Fox | |
| This info relevant only to Win9x - my guess is that it's a piece of standard windows kit, not used in 9x, and some other purpose is being met using it. I would rename rather than delete, but again I stress only in 9x. Chances are a trojan IS using it to log/download/etc. but it would appear to be part of windows originally. Does not appear to cause any problems if you rename it (eg. to winmgmt.ex_) See also: Link Greg Fox | |
| Part of the core o\s. It often utilises high CPU. this is because of the WMI subsystem and slow I\O to the disk. Toi increase system performance, follow the link and do as suggested. Also, disable the Indexing Service. in addition, if you have an "on-Scan" virus checker, exclude the indexes from being scanned. See also: Link Matt G | |
| Microsoft monitoring activity, shut the process down then delete the corresponding files. No harm done. The files come from Windows Update or newer versions of Windows. System and System32 should be 'uncluttered' just like temp folder or recycle. Ben Whittaker | |
| It is the only thing running on my 98 right now and It keeps poping up ads Obviosly this is the copy version because I don't think the real one came out until XP or Mabye NT Regiside | |
| If It's not in your System32 folder get rid of it. Every instance I've seen this file Running or in the Startup it has been associated with the installation of a Trojan. BK | |
| It pops up and makes me shut down the pc, what i've done was to shut it down from the task manager and take it out of the msconfig. It worked quite well. Ann | |
| It only started showing up in my processes very recently. Ever since it did, it makes the system run very slow. Meepeek | |
| Danke micele9 -- go to (win98) system\wbem and run wbemcntl.exe and turn off logging and check "Don't Restart" linuxweb | |
| Always shows in the CTRL+ALT+Del list when I have a problem and closing it often reso;ves the problem on ME. Nigel. | |
| naturally it´s system file and will disappear when you close the system management console. -=DMC=- | |
| My system is getting slower when this horrible program is working. G.E. | |
| It caused my PC CPU to shoot up to 100%. System unusuable. | |
| it come each 6 sec. of my memory and open a new site. Abol | |
| Stops scan disk from completing a scan. Martin Balchin | |
| it stoped my print file server sagar | |
| windows sytems file. if u have problem with winmgt.exe taking a lot of resources, read this link See also: Link owen | |
| there is a troyan which substitutes this file for it self process this may provide a lot of control of your pc by a hacker d | |
| it runs for about 1 minute after i start windows 2000, whoring the CPU, last look there's two runing. fighting for CPU. Gazza | |
| Like Dennis, it came after I installed Sygate Perso. Firewall V5.6 & this file now shows up in Task Manager every time I boot. ! Cygoris | |
| Noton antivirus reports :unauthorized access attempt | |
| Systemfile Volker Becker | |
| If you don't want WMI to restart, go to Services and disable Windows Management Instrumentation service. If you want instead to switch it to Manual, go to Recovery page and select Take no Action instead of Restart the Service. Leo | |
| it opens up each time i log into my system, and after a little while my system starts rebooting, i have to repeatedly close up this error messagesevery other time and before i how it the system starts rebooting charles opoggen | |
| Slows my sys waaay down. Hampered defrag. Going to investigate more. JohnNY | |
| pop up and unable to delete kashif | |
| I hate how can I get rid of it it prevents disk utilites and norton go back from iinstaliin Pc | |
| It shutsdown my computer from time to time. In it's log I can see that the core was shutdown by it. Me!! | |
| Winmgmt CPU utilization appears correlated to disk IO operations Greg | |
| it is a windows file & this file give the error because if the virus is in pc DILIP | |
| i have ME as well and it appears in my c:/windows/system/Wbem folder, same as escudo. although mine appears to be called Winmgmt.exe, is it meant to have a capital w? or should i consider removing this as it may be allowing trojans to restore themselves? Rooza | |
| To stop a restart, run cmd, and enter shutdown -a, aborting shutdown. The WMI file is used to keep programs with in the limit of your computers spec. Brad | |
| update latest defifnition & restart in safemode fully scanned plbm solved OIR | |
| This is part of WBEM Web-Based Enterprise Management (WBEM) is a set of management and Internet standard technologies developed to unify the management of distributed computing environments. WBEM provides the ability for the industry to deliver a well-integrated set of standard-based management tools, facilitating the exchange of data across otherwise disparate technologies and platforms Dale | |
| "A core component of client management. This process starts when the first client application connects, or when management applications request its services." "The original winmgmt.exe from Microsoft gets placed at C:WINDOWSSystem32winmgmt.exe . if you find it anywhere else then you should be suspicious for sure." See also: Link Nick | |
| Have OS Microsoft Me. After adding Norton Internet Security I could not shut off winmgmt and it iterfered with defrag. Recently I downloaded "Connectivity tool" from Symantec and it entirely deleted winmgmt and everything seems to work just fine without it! David C | |
| I found it in: C:\WINNT\$NtServicePackUninstall$ ~~ C:\WINNT\ServicePackFiles\i386 ~~ and ~~ C:\WINNT\SYSTEM32\WBEM. It EATS up CPU time and doesn't appear to serve any useful purpose. DELETE IT | |
| I installed VMware Player on one PC on LAN and soon after it was asking about IP of another PC and that PC's firewall poped up notice about winmgmt.exe which I allowed since I believe it is associated with the VMware Player program. vanDivX | |
| Beware of a trojan named winmgnt.exe (Mind the n instead of the m). It contains Hale. See also: Link Erwin Moller | |
| I have Sygate firewall and Winmgmt always loads at startup ever since installing the firewall. It eats up the cpu. Chris | |
| winmgmt.exe errors can be cleared from the repository folder, stop the service and then delete the winmgmt.cfg file, shut down your computer and then turn on...make sure it's a shut down instead of a reboot! Tom Andrews | |
| I found in Process Explorer that this file pops up after using Firefox for an extended period of time. When it does, CPU usage goes to 100% and commit charge skyrockets, rendering the system incredibly slow and unstable. After I terminated winmgmt.exe in Process Explorer, my system returns back to normal. Nicholas | |
| It's a core system file. Do not delete. Depending on the location of the file may determine whether or not it is a virus, etc... Neko | |
| After installing ZoneAlarm and activating the firewall, WinMgmt .exe wanted to access the internet. Dont know why, but I disabled the access without any further problems. Still dont know why and what data the program wanted to send. powermax | |
| it loads by it self, causes slow down and internet connection lag. Block this, rundll32.exe and whatever other program that doesnt need to access the internet with your firewall. block with firewall | |
| its stop my netwok connection AlmaZa | |
| When it's a problem: I click an internet link and web page starts loading, but never finishes (clicking refresh = same result). It's in the close program dialogue box (ctrl+alt+del), so I "end task". When winmgmt ends, so does the problem (web pages load fine). No clue why it happens, and am very tired of it. I've got some fear about deleting winmgmt file, and wish I knew whether removing it will affect my computer negatively. Will I be able to boot up next time? Be able to access my email? Will the earth blow up??? Someone *PLEASE* provide a link to a web page that shows how to resolv Ontario, Canada | |
| My company has this installed on all systems for remote management and system checking. All I know is that as a non administrator I cannot remove, disable or restart this process, yet when it runs, it chews up to 98 % CPU and basically grinds my computer to a halt. | |
| everytime i start up my comp and select a profile, my computer restarts, and when i check Event Viewer, it says the source is WinMgmt, need more info | |
| Win2K Process. Occurred after i switched the GPU brand and didnt unistall the old GPU driver. Permanently loaded the CPU (athlon XP 1600) to 99% every time even, every user even logged in as Admin. Vanished after uninstalling the old obsolete Drivers. - check your Hardware/driver conflicts verbal kint | |
| This file is part of Windows and is required if you want to install SQL Server or other Microsoft server software. Just because a virus has tried to disguise itself as this file doesn't mean this file is dangerous. Chris | |
| Every time, my KAV Pure pop-up a window "winmgmt.exe ...... Trojan.. detected" and immediatly, I have some P*rn* sounds that plays -_-" | |
| I have face this problem since one month but not to worry because avg anti remove it complete from my pc find link it removes all your related virus smoothly See also: Link rahul shrotri | |
| winmgmt /verifyrepository is used for checking the performance Rohith | |
| may be related to virus/trojan/ransomware if not in system32. It will be located (in vista/7) in C:\Users\Username\mggddmgd (random name); can be removed by running sysinternals Autoruns and disabling it. Gave us a lot of trouble; only guaranteed way to remove ransomware related to this file. It does not mess up shell value or run/run once registry, like other ransomware. | |
| Winmgmt is the WMI service within the SVCHOST process running under the LocalSystem account. In all cases, the WMI service automatically starts when the first management application or script requests connection to a WMI namespace. See also: Link Nathaniel | |
Show all 99 comments
More process information
Is winmgmt.exe spyware or a virus, trojans, adware or worm? Is there a known winmgmt.exe error?
Other Processes
alg.exe csrss.exe explorer.exe mdm.exe mobsync.exe mssearch.exe pagefile.sys regsvc.exe sdclt.exe services.exe spoolsv.exe system idle taskeng.exe wercon.exe winlogon.exe winmgmt.exe
[winmgmt.exe in German] [all processes]