What is wmiprvse.exe? Is wmiprvse.exe spyware or a virus?

How to fix wmiprvse.exe related problems?
1. Run Security Task Manager to check your wmiprvse process
2. Run Windows Repair Tool to repair wmiprvse.exe related Windows Errors
3. Run MalwareBytes to remove persistent malware

Process name: Windows Management Instrumentation

Product: Windows

Company: Microsoft

File: wmiprvse.exe

Security Rating:

Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur. http://www.neuber.com/taskmanager/process/wmiprvse.exe.html 
In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail; the next request to WMI restarted the service.
Beginning with Windows XP, WMI resides in a shared service host with several other services. To avoid stopping all the services when a provider fails, providers are loaded into a separate host process named Wmiprvse.exe. Multiple instances of Wmiprvse.exe can run at the same time under different accounts: LocalSystem, NetworkService or LocalService. The WMI core WinMgmt.exe is loaded into the shared Local Service host named Svchost.exe.
Note: wmiprvsw.exe is the Sasser worm!

Note: The wmiprvse.exe file is located in the folder C:\WINDOWS\System32\Wbem. In other cases, wmiprvse.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.

Virus with same file name:
W32/Sonebot-B - sophos.com

Click to Run a Free Scan for wmiprvse.exe related errors

Users Opinions

Average user rating of wmiprvse.exe: based on 502 votes. Read also the 445 reviews.

  • 14588 users ask for this file. 210 users rated it as not dangerous. 23 users rated it as not so dangerous. 100 users rated it as neutral. 78 users rated it as little bit dangerous. 91 users rated it as dangerous. 60 users didn't rate it ("don't know").

All comments about wmiprvse.exe:
W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE  See also: Link tarence
Windows Management Instrumentation (services.msc)  See also: Link Alex
When installed came up with sharing violations Joe
it kept shuttin my computer down i found it and deleted it of my pc and startin to run fine without shuttin down occurin lee
eat up all memory and caused win2k3 main services failed to run Mike
win 2000 in winmgmt.exe use search feature text only then you will see the winmgt.exe if you have mor than one delete capital letter one.then open goto properties type in do not load then admin in pharentacies this should do the trick.
Memory Eater that loads when using 3dmark programs Cy
its an ok thing. these other guys who have problems iwth it are duchebags. and no, i can't spell rob
Loaded with ACDSee ©bROTHER
Appeared after installing SMS 2003 client. Polls computer for hardware/software inventory. Daniel
spikes processor to %100 usage with 2003 server enterprise edition
This file is attacked by Trojan.Gletta.A, it would eat all the memory on my win2k3 box and cause services to fail Gary
If found in windows\system32 then delete it and search for other viruses and Trojans, if its in windows\system32\wbem then check the version and that its a Microsoft file (check the properties) and this should be left where it is. Russ
WMI is very cool. but what is "wmiprvse.exe -Embedding"? seanick
Started up with Windows XP home, then exited after a few minutes...tracked file...harmless MS exe Dennis
I have this file located in C:\WINDOWS\system32\wbem folder, it is from WinXPsp2 gaming
Well if it isn't dangerous its at least extremely annoying. Steph
I found it in the system32\wbem folder. Apparently a search on wbem with google reveals that it is associated with Sun Microsystem's Java. Nothing to fear. Pepsibot
Keeps 'ecountering problems' and closing. Buggers some games. alex
This .exe was stopping admin shares, sharing, access to registry, command prompt and other applications. stop the process and clear the 'kernel checker' from the run key in the regsrty knighTslayer
Windows Management Instrumentation Private Server.
xp/w2k system executable. Used to run background tasks Wizard of Zo
This appears to be launching a brand new files called tipyno.exe this file causes popups and maybe more, and until this site have been unable to find what causes them. Fu Kerr
It really is a windows process, but be wary, as it's possible to be used inside a network, to monitor your processes by a sysadmin. Tano
This exe also appears to load when waupdt is running. (windows automatic update) It closes itself when the AU finishes checking the windows update database.  See also: Link dog
Periodically grabs loads of cpu time and works the disk. It pauses when task manager is activated. It vanishes and reappears. Kaled
XP SP2 is taking forever to start up and this seems to be one of the problems
starts when runnning tasklist /svc in cmd prompt. located in ..\wbem anonymous
Hi this file come from SP2 i see this from the install date. Reign
located in ..\system32\wbem folder - new since sp2.... mike
it alerts me when a change occurs in WXP operating system.
Legitimate part of windows D.
This program allows you to query/update information from the Common Information Model. It's basically a standardized database with standard namespaces which can be found across multiple OS's. It allows programmers/System Administrators to inventory/debug/etc. SMS 2K3 has inventory tools which use WMI to monitor your computer. It's not *that* dangerous. It has built-in security to make you authenticate to windows but... I included a link to Microsoft's website that gives much more information on WMI  See also: Link -=(TherMite)=-
It's lunched from a Microsoft game used by Direct Play 9  See also: Link Jeep
same over here - dozens of wmiprvse.exe tasks eat up all memory on my w2k3 Server, generate 100% Server load and DHCP and WWW-Services refuse to start.
i use winXP Pro ,it appears for a few minute after starting up windows,then excited .
appeared lately and caused my mouse to lag.
Doesn't seem to cause any problems, comes and goes as it sees fit
causing problems Bill Haughee
Pops up randomly without me doing anything and lose connection for brief second, Errors occur with online games Ryan
Restarts my PC every 5 or 8 Minutes. Stupid Trojan acting like Blaster/Sasser (Crashes RPC). Even In safe mode & networking! anonymous
attached to the dotnetfx download from microsoft, started running after the install simultaneously with dllhost.exe very irritating, if you don't need it get rid of it (remote access issues). mike
Not needed and can also be a virus, stop process now. Nate
This file (or something else related to a folder on my system called srchasst) is causing ads to pop up when im doing searches on google. Like, something about freedictonary.com and it just uses whatever you searched for in the title of the ad. also its slowing my ie down to almost stopping point and im on cable. HELP? slinky
got 2 hits from search results (cpu), one .exe and one .pf :: Virus Guard ::
It is a windows file but some viruses do seem to hijack it.  See also: Link Seb
Appears after installing part or whole of Microsoft Visual Studio .NET 2002 and higher versions. Supposedly is there to facilitate Client/Server development schemes. Annoying. Yeah
On my PC, it's the Win XP one - but its run for no good reason, getting caught by my firewall: wmiprvse.exe (cnmub5i.dll). I don't trust it, and have no problems terminating it. More info on WHY or for what its needed would be appreciated. AlleyKat
It is a legitimate file for sp2, but slows startup significantly. perry
I hate it! It keeps lagging my connection! It causes a two to five second connection lag. It's not much, but it makes me keep loosing connection in certain MMORPGs. Very annoying, and is more persistent than a virus.
As mike says above, it can also be found in C:\Windows\system32\wbem\ Sean Et Cetera
Big Brother software AB
I have had XP machine for 3 months. Only attempt of process to access web was when performing Windows Automatic Update for first time tonight. Seems harmless, 0% cpu and 4.6 Meg memory usage. Mick
It, together with svchost.exe , is working my hardisk so much that battery life on my laptop is down to 1/3 of what it could be. O
all the sudden my cpu was running full tilt and i had a new process... checked my updated schedule and it is definitely associated
I found this with a virus! as you said, this relates to SP2, something i didnt trust anyway. AdarkA h8s MS
Not much, but it doesnt seem to do anything Pyrothekilla
It is from WinXP Service Pack2 Don
Starts when you opent 3dmark and ends when you close 3dmark GFX
I found it running right after booting up, then it vanished. joe
can i kill the svc without problems or not? Tim
You see it with Winxp SP2 because Windows Firewall, and the Security Center uses it. Oprime
ok, I know for sure it isn't part of xp2 cause I don't have xp2 on ths machine and I have WMIPRVSE.EXE running in the background. Just goes to show that you can't really trust anything on these boards. Jesseq
causes me to blue scrren/advanced system info had ? al by it and has slowwed comp and ups processor to 100% Jonathan
pops up when after windows update ran (after restart, which is quite strange), mysteriously closed soon after i opened task manager, but really harmless prikolist
Showed up first time for me with Razor Diamondback mouse driver installation,,, dc4bs
all I know is I have never seen it running before in task manager... I noticed this 6 hrs after alarm clock was due to go off (I use WMP and Task Scheduler to run MP3s as an alarm clock). but... if wmiprvse.exe is indeed a virus, it's very very very freakin annoying Rick
I found if you lose this file it becomes nearly impossible to install anything or even update windows. Zazu
It is a standard windows system proces for updating the system J!km!l
Loaded with NEROVISION anyway the prog crash and no occurs in the event viewer... does it really need to anything? Blacknote
you can't simply terminate it with the taskmanneger it starts automaticly again poll
Seems to have become activated after setting up SMS 2003 pn the network kev
DCOM-Server  See also: Link AxelC
continually locks the task bar and quick launch buttons and wont allow me access to the c drive DoublyHateMS
it wasnt in the directory you said it should be, i denied it internet access, well see what happens now MagicMarker
Slowed my dual core 1.7 Mhz system down to PIII 500 Mhz speeds - pausing/stopping this service did the trick christopher
Appeared after installing Adobe Acrobat Reader 7. Eats up ALL my cpu time. wmi hater
This stupid file keeps starting up while i play games online,we use Revrend anti-cheat program.Every stinkin time it starts(wmiprvse.exe) my computer lags big time . scott
There is a trojan that attaches itself to this file, but otherwise, it is a legitimate part of Windows XP. Raffi
When I stop it, the SP security center also stops. I keep it running Marco
I am a blind computer user and I use the screen reading software, this wmiprvse.exe process will actually crash jaws if I have to many internet operations running Sita
If you go to Windows Update , and then close de window "update" it will disappear. AL.
It brings up the cpu usage to 100% and restarts the system after every 8 - 10 mnts. Very much annoying DH
It's making my computer shut down
Causes random popups with Google; destroyed display settings along with direct3d related programs. Zuwxiv
It seems to be dangerous. It´s consuming all my cpu time. When I delete or rename the process, it comes again. I think it coul be a virus, but I didn´t find what... Lazaro Freire
After updating Windows XP with SP2 my PC takes about 3 minutes to sort itself out before I can do anything. I had a look in the process information and it this CSRSS.exe file. Most annoying.
firewall detected it, for some reason accepted it, now i cannot take it out of the "allowd connections", although it not clearly says allowd. since then the calculator keeps poping up unasked vince
Check your taskmgr if it has 2 instances, one as SYSTEM other with your user. There should be one with SYSTEM, the other effects your system and CPU to go up 100% by suspecting other processes. seoguru
i know i disabled it in the services and nothing happend. also i never did notice it there till today when i got a worm and it even started to show up in the processes.. killed it and everything fine. Nate
Windows Management Instrumentation. On XP SP2, the Windows Firewall + Connection Sharing Service depends on this one. Very annoying. Disable both in Adminstrative Tools/Services but first install a couple of real firewalls!
Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur. DNA9000
I spot it after the firewall poped up, it was in the windows xp sp2 directory IRNBRU
i know that u can`t delete it or shutting down . it`s very annoying ! DuKe4TrANcE
Trend Micro asked me to delete it to help resolve a problem with PcCillin and internet behind a router... dbCooper
I see it on Taskmanager&ProcessExplorer all the time; it don't use any CPU time while I'm watching Twig
I'm running WinXP Pro SP2 and I got 2 of 'em. Their in system32/wbem and SP2 i381 folders. Tom
legit part of winxp-sp2... T-Rust
it's a windows system process Wayne
"This .exe was stopping admin shares, sharing, access to registry, command prompt and other applications. stop the process and clear the 'kernel checker' from the run key in the regsrty" ??? Ignore this info, you don't want to be doing that trust me. If there is a masquerading virus with this file. trust your antivirus to spot it. 80kConsultant
Not really know what it's for but it starts up with XP and then it dissapears but when it's running it shurely hogs up alot of resources I wonder if this is the cause of my online gaming problems and causes my connection to freeze if i were you guys I would google it extensively and make sure if it's ok to delete otherwise you would be up a creek without a paddle if you do and your system could go apeshit
The WMIPRVSE.EXE application crash when you add or remove a HDD on a WinXP SP1 system, but no effects on the system. Rael
Only causes problems when the is more than one copy in system. For Winsdows XP, It should be located in: C\windows\system32\wbem. Delete all other copies and it shopuld fix the hangups. Multipble copies are usually caused by downloading of music, pictures and ebooks. Note: wmiprvsw.exe is the Sasser worm! The wmiprvse.exe file is located in the c:\windows\System32 folder. Novawatcher
i dont have sp2 - but it loaded after i installed microsoft software - it is a microsoft monitor of some kind - if you installed anything new that is from microsoft or uses microsoft software in any way it will load - takes 4k of mem usage even when not using any MS products voodoolady
where is the original wmiprvse.exe genuine windo2ws file spose to live as above you say Note: The wmiprvse.exe file is located in the c:\windows\System32 folder. In other cases, wmiprvse.exe is a virus then tarence below writes W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE i have it running in my taskmananger but its not in system32 folder . I think mine is the normal windows and not a virus found the virus i was looking for hotkeysvc.exe came from a link in the new msn beta when i ran it sent itself to my whole address book. Jason
i dont have sp2 installed and it is in C:\Windows\system32\wbem\ folder Someone
start with 3dmark 2001 SE zoidberg
This file uses more cpu when i use robocopy to sync 2 servers. Floris (www.DataSmit.nl)
It keeps shutting down my Norton Anti Virus and closing my computer. Tried everything... Sterrenplukker
Black Ice firewall indicates it was called from atprint.dll which is in turn associated with Webex Player. head4heights
Seems to appear anytime the computer needs system information, like cpu speed, temps, graphic speed, etc. Vanishes after about a minute. tytlyf
Locks up my pc unless i go into task manager and kill it for 5 minutes every time i start up teresa
Really slows down the startup process on a reboot. MIke
well, definetley not from SP2 for information, Xp home Edition, just reformatted and installed and its still here!! J_D
I do not have sp2 and I run a process management software (It asks me whenever a process want to start or if it has been modified) I do not alow windows update to install anything (I don't trust it). Well my management software warned me that this file wanted to start and since i have not installed anything that would bring this file along I count it as a virus and didn't allow it to start and I have'nt experienced any problems.
XP Pro - Sucks all CPU Usage on a few workstations within 15 minutes of bootup! RKelly
When I tried to shut it down it keeped reappearing until I deleted it from system32\wbem just after shutting it down. Let's hope it won't appear again. :) FeFe
loads w/ xp but dissapears after *weird* ed
Dangerous only if you find the following line in the registry: Kernel_check = wmiprvse.exe Max
runs when you run WINMSD shitto de bago
First saw it after loading Malicious Software detector so I think that's what it is. Only ran for about a minute then it quit. Craig
dunno about it but wmiprvsw is a virus (sasser i think). If you have trouble,check if it's not this one instead.... (0_0)
This file took my dinner pizza and ate it. Then, it attacked my girlfriend and gave her Trojans. Then, it stole my car. Sheesh! At least, it is not that much of a problem like some viruses. I don't like my girlfriend that much anyway. The car, well, it is old. But the Pizza, now, that was a problem! diowrite
It started showing up when I installed new drivers for VGA card, and now it runs everytime I play game, so I actually can't play them. It's like playing online game with 600 lag. Pisses me off Avoid
wmiprvse.exe only appeared on my processes when i had installed directx and the system need to restart. therefore i would say it holds info in relation to the start up it needs Phil
The original file from Microsoft gets placed in the Located at C:\WINDOWS\System32\wbem\wmiprvse.exe . If you find it anywhere else then you should be suspicious for sure.  See also: Link Raelian777
I like it, it is nice, and most of your computers and friends computers will have it, also many of the computers that stores sell have this item with it....Thank you Sol Rosenberg
Its found in C:\Windows\system32\wbem\ in my Windows XP SP1 . Its run with my windows and always demands to connect to the internet Amy
Supports Windows Internet Connection Sharing and other such services. Without it running, ICS wont be able to operate correctly. ifLogic
One day we will need to computers, one to work on and one to run management-software/security/antivirus/defrag/antispyware fedup
It showed up after something blocked my email client and dissappeared again shortly afterwards Baldy Gitt
Its in the C:\Windows\System32\wbem folder. It seems harmless enough. Cade
we know nothing about this file but we think rob is the douchebag poofingers
it is a real big one, chuck norris used it in one of his episodes bridge
in system32/devmon (or something like that) Mld_As
system process thor
This loads and unloads itself automatically in Windows XP, because it is a separate process used just to handle management requests. 100% safe on uninfected systems. If it seems to stay loaded for ever, eating memory or CPU, then your version of wmiprvse is probably not the original Microsoft version (i.e. your file has been replaced by a virus) stripwax
Used by built in Windows XP firewall, ICS (internet connection sharing), Security Centre, etc, among other things. Stopping the Windows Management Instrumentation service should stop wmiprvse from running- but might also prevent firewall, ICS and Security Centre for working to. Disable it at your own risk. windowsxp
After reading all of the above posts I have no doubt in my mind that it is messing with my online gaming, it keeps shutting me down. I have never seen it before in task manager and do not know where it has come from. I try and delete it but it keeps reappearing. Please help!!! CyD3r_DrYnK3r
"technology for accessing management information in an enterprise environment" "most useful in enterprise applications." To turn it off, Start - Run - services.msc - double-click on "Windows Management Instrumentation" and set disabled  See also: Link Maya75
Loaded by any programs which use WMI. This is basically anything that polls hardware devices on windows these days. Like all processes, viruses occasionally use this file name. You need to check that its in %system32%\wbem ad13
somehow my programs ive installed dont work or cant be uninstalledfron add/removeand to use the programs i gotta reinstall over the missing files to get tthem to run for a lil bit before they disapear again rod in slc ut
the exception unknown software exception (0x0000409) occurred in the application at location 0x716714a1
Once a day it would stop my wireless USB, I would need to reboot.... DELETED! Digi
On all my computers It's in this folder: C:\Windows\system32\wbem\ PhiLPhiL
ran for a minute or so at 50% CPU utilization ... then shut down EXO
it started after installatio of a bluetooth mouse from logitech BEN DORIN
Mine won't quit at all. Disallows sharing with p2p programs
not a memory eater uses no cpu/ram/pagefile
Windows Management Instrumentation nEopSYkO
Only what i read on this page Keld
Malicious Software detector Frenulum
searching the file name Julio
Argh... this WMIPRVSE.EXE messed my network, until I blocked it with firewall. Now everything works fine. Skw
Horrible, this file seems to eat up cpu and mem. It appeared in windows task manager 32 times and spiked my cpu usage to 100%, don't know what it is but this is why I normally have a mac running OSX and yellowdog... Carmine
well if it eats ram, not present on a fresh install, delete the f++ekr. The Don
showshifter runs slow and crashes if this is running paul
Makes a pc at work crash every single night . I check the logs the next day and it tells me stories about DCOM and insufficient memory and our friend wmiprvse.exe -embedding. Its not as cool as some of you make it to be. dude
It pops up sometimes, uses all available memory and CPU power and dissapears after a while. A very usefull enterprise tool on a stand-alone system... Acutally I think it's an advertisement for Linux. Silly
I found if stop this process I get no sound on my computer. bocher
found in system32\wbem\ folder. Unsure Adam
If you dissable it in Services.msc you wont get any info on you CPU or ram in system info. Infact any programme that will show you System info and the chances are you will get nothing. 3D mark is one example also.So more or less as far as I can see its just a tool to show system info. I dissable it in services.msc and it never ever show up. I dont need anything to tell me what I have under the hood and have it take valuiable usage at the same time. Just dissable it in services.msc as its 100% usless. 1xm1n
wmiprvse.exe is a part of the Microsoft Windows Operating System and deals with WMI operations thourgh the WinMgmtexe process. This program is important for the stable and secure running of your computer and should not be terminated. UD
This is a management file! You use it to get system information over a network or locally. We used this in our company a few times to find out what users had what software installed. This would only cause a problem IF it was infected, or corrupted itself whiel installing osmething! m0n
Wmiprvse.exe is used by DELL. Remove OMCI will fix mrx.t
Windows Management Instrumentation is a core part of administer windows. It's mostly used for writing applications to administer computers/servers. If you're more of a normal user and it's eating up resources, try stopping and disabling it via the services tool under computer management. However, there will be a few apps that do hook into WMI and therefore depend on it. Windows itself runs fine without it running as, at the end of the day, it's just an interface for applications. Oli
Standard MS process Hammer92
Windows Management Instrumentation is a core part of administer windows. It's mostly used for writing applications to administer computers/servers. If you're more of a normal user and it's eating up resources, try stopping and disabling it via the services tool under computer management. However, there will be a few apps that do hook into WMI and therefore depend on it. Windows itself runs fine without it running as, at the end of the day, it's just an interface for applications. Oli
Read above, but are You sure it is a virus if it is not in system32? I have it under the system32 in wbem directory. Arttu Korhonen
eventvwr shows loadperf then app crashes, loadperf starts wmiaprpl.exe for HD prefetching. Only process I can see tho is wmiprvse & cant kill it. 2 copies in Win x64, system32/wbem & sysWOW64\wbem, & related file in WINDOWS\Prefetch hobrob
It's a problem, when 2 of these are running it stops my internet connection but it usually stops after a while and it will work again. If it's a windows file why can't i find anything about it from microsoft. NAOK
seems to be associated with my computer making random prompt sounds !? sparx
Annoying Bastard. Takes up CPU and spins the disc. I Close it then seconds later it comes back up. Mason
it ran tiwce on start up and my games are lagging. i don't know if this is the cause but it's getting really annoyed with whatever keeps doin this. No overly large CPU usage and this is on a laptop. xp on laptop. Chia
The version that comes with windows is a hardware querying tool. For example, when you right click on my computer and choose properties the WMI talks to your computer to tell you what processor you have and memory. It is also used in when using device manager. Dont know if there are virus versions which do something different Gaz
I blocked this exe's attempt to contact the Department of Homeland Security. That's right, our computers are watching us. I have blocked several programs from trying to contact the DHS. ike
Think is what M$ useas to restart ur commputer when your trial time has expired on x64 nDarkDuck
I don't know anything about this process, and it didn't harm my PC, I just check it for safety Digi.w
starts with emule twice, quits for one after a while and the second when exiting or killing emule as well. it doesn't do anything good nor bad, so that's a neutral. eMule seems to access to have access to it while it's loaded and especially when previewing files currently being downloaded. i've got no further idea what it'd be good for in combination with emule, and there's no other program with me so far that uses it. harl
w/XP SP2 it's sucks up 100% of my Cpu jnic
crashes some 3d games, remove it, nothing goods comes out of it leo
Don't know it before seeing it want to log entry to network running without any reason XC
Its one of about 50 exe files in my task manager, actually 2 of them Wokka
It eats up your internet speed Techno
It's a useless program that SHOULD be terminated. There are exploits which cause this file to download another file off the net, as happened to me yesterday night. I wake up this morning and this process tried to download a "downloader" called wintyts32.exe but mcaffee detected it and erased it. Dangerous as hell and useless. DZ
slows things down big time. disable it according to maya75 and things are back to normal mooney
wmiprvse.exe is a part of the Microsoft Windows Operating System and deals with WMI operations thourgh the WinMgmtexe process. This program is important for the stable and secure running of your computer and should not be terminated. Eric Van der Borght
The valid version of this file loads with System Information and unloads with it as well, so far I have not seen any malicious behavior. JP
If its not in system32\wbem then its a virus! Papa
First of all WMI is as safe as anything, Second of all i have never had pop-ups where's your security peeps!!! It is part of windows management instrumentation, if you dont like it then run services.msc and disable it. Martyn Hare (NthDegree)
It is continually clocking up 320 page faults a second and slowing the syste,/ Stephen
Found 2!!!! file in my WBEM folder one in capital letters one in normal.. both where .exe.. i deleted the capital one because i read somewehere thats the virus file.. after doing that, the desktop still need 10 misn to load which it didnt before this thing occured
Genuine M$ Process, some virii/trojan use this filename, so virus scan darkzi
if its in WBEM then it's cool, anywhere else its nasty Philip Ennis
part of WinXP. it is needed for instance,if you run an online virus scann Kl
Might do something more or les usefull, in order to lure users and convince them to keep it running. But probably is a spyware from Crossoft, as it opens ports in the "listening" state, and makes the light on your modem blink constantly... I'm trying to find a way to eradicate it. Richard from France
This loads and unloads itself automatically in Windows XP, because it is a separate process used just to handle management requests. 100% safe on uninfected systems. If it seems to stay loaded for ever, eating memory or CPU, then your version of wmiprvse is probably not the original Microsoft version (i.e. your file has been replaced by a virus) Your Mum
Spikes CPU-usage to 100% every couble of seconds. Anoying little bastard. I want to get rid of it. I think I should by a mac and get rid of microsoft too. Thattus
mine was 126,464 bytes I turned off microsoft management instrumentation then moved it to a new folder.. my computer crashed upon reboot twice and wouldn't shut down. Phase
Mine seems to pop up whenever I have hacked versions of Vegas or Acid open and the date/time has three 6's in it somewhere. That's definitely a mal software of some sort. There's the legit copy file, then there's a prefetch one. It causes my computer to slow to a crawl, with only momentary acceptance of inputs. The computer beeps a bunch in between if I click on the mouse. Under Vegas it made the computer blue screen and reboot. Ben
From the Services description for Windows Management Instrumentation (the "wmi"): Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.--It starts for a few minutes any time there is a system change, such as when I changed PRISMXL's settings in Services to manual startup. Also connected to Windows Updates, both of which run at startup. John Steel
Zone Alarm popped up said: WMIPRVSE.exe trying to modify an existing driver or servide: BITS, I'm still trying to find out what all this means RBH
It stopped my fire wall and anti viruse from starting i had to go into the task Manager and shut it down, i got a really bad back door trojan and after i removed it that was there so i suspect it can eather get infected easily it or it's a viruse Insanity
I know I can write programs that access hardware information about a PC, and I LIKE THAT, because I don't have to write and maintain my own programs to get hardware information about a PC. It's a keeper for me.  See also: Link Old Man Dan
Stop and start Windows Management Instrumentation
Ha! It's funny to see all these assumptions about what WMI Services are. Here's the bottom line, if you DON'T use Windows Firewall or Security, go ahead and disable it under your Services in 'Computer Management'. WMI keeps track of your specific hardware and some software to provide REPORTING services that help the software function. With SP2, that software is the Firewall and Security services. Danny B
Well ity starts when i start my yahoo messenger and there are two files in the system32 folder/wbem- 1)wmiapsrv.exe and 2) wmiprvse. now which one is harmfull i cannot say. They open in syetem, local as well as network connetions in task manager. I have disabled it in services lets see if it cause problems in online games or disappears totally. Wickedsunny
This file (wmiprvse.exe) is definitely getting overwritten by a worm or something, because I just reinstalled Windows XP Pro SP1, and it's there, so if you have it check it. It made a bunch of files in the %system32%\prefetch dir that will start the service no matter what i run, and if I end the svchost that this is running in, my computer shuts down after a minute... I've tracked the trojan name to be W32\SONEBOT-B, but nothing will remove it that I've found. The bastard loads in safe mode, too. I've tried DoD Wiping on it and it comes back. TheUnknownSoldier
when using corel or autodesk programs eats all memory and takes lot's of cpu time jii
Anybody that rated this as low/no threat has half a clue. The rest of you MORONS who rated it as a high threat should get the hell out of the IT world. Spike
read all the comments here - I didn't have WMIPRVSE.EXE in the original installation of XP. I'm running XP/SP1 now and I get that file when I go to windowsupdate. it is constantly 2% cpu usage. I don't trust it stax
Hogs resources; CPU usage goes to 100%. cjs
Running W2K3 Server on an underpowered server (1G P3) with Exchange Services and the usual AV/spy/firewall protections, wmiprvse.exe caused CPU to spike to 100% for long periods of time. Disabling the WMI interface through services.msc dropped CPU usage down to ~47% over the same period, Al Marklin
This file can run duplicate programs at once and I think it tries to open a peer-to-peer connection with your default download program; whether or not its downloading more viruses or uploading information to another pc not sure. Andrew
Used to pop up randomly but now become frequent. It takes up 99% of my processing without me doing anything. Very annoying especially with I am doing presentation. It becomes worst when Open source application is running. asmadi
i have a svchost.exe process which launches wmiprvse.exe and msmsgs.exe whenever i start my computer. The svchost process also uses the following windows services: (DCOM Server Process Launcher, Terminal Services). I don't know if this is malicious, if it is spyware? Has anyone seen something like this? Kyle
I don't like the name of the file. It seems scarry to me. I wish Microsoft named the file "fluffy Bunny.exe" instead  See also: Link njcomputernetworks
Sometimes start on Win XP home hangs with this file Thomas W.
this file can be hijacked by some viruses...other than that it is a perfectly normal ms process, used mainly in big network setups for administrators, and some application plug into it so they can monitor or report via it dan
Appeared on print server after installing MOM2005 Print service Management Pack. Immediately consumed 99%CPU. Still investigating why. geronimo
Causes Office applications (Word, Outlook, etc.) to run in some sort of "hidden" mode. When I ended the process with task manager, the applications reappeared, but so did the process. I have to end the process every time I want to use an Office application. Bullet Head
I do not like it as it has constantly been trying to access the internet. Dissallowed. activeco
giving me enormous lag spikes and disconnections while i play wow. makes me want to go out and kill something. ikinda
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.  See also: Link Insomniac
intregal part of WMI, starts after some services have a head fit. its there to check all is ok Milo
After I hv killed the HPtoolkit service, it back to normal. Pls try. (it is supposed to use for HP AIO printer on the network) Tiger
This file can get infected with A Trojan Horse/Keylogger. SCAN, SCAN, and SCAN.  See also: Link Dan
There is nothing wrong with wmiprvse but sometimes other programs use it and in doing so make it go nuts. Find whatever program that is and get rid of it. wmiprvse itself is almost a requirement as many things use it. Sheap
Read this if you have windows 2003. Anyways I just virus scanned and my comp was fine.  See also: Link Name
Zonealarm caught ...\system32\wbem\wmiprvse.exe trying to access A web server? I conclude with a previous poster about the "big brother" thing. Milton
WMI Performance Adapter Service, should be located in sysroot\WINDOWS\System32\wbem\. It is part of WMI, it collects performance library info, it can be disabled. stb
Stared when I was configuring my options in MSN Messneger, ZoneAlarm firewall alerted me, don't think it's a problem but checked it's locatino just to be sure. MadCow
It appears when Windows Firewall is on but it seems to do other stuff aswell...
Two separate computers with XP Pro got the wmiprvse.exe showing up right after subscribing to a video download site. It preevents systems from running a virus scan or Spybot Search Stuart Rothschild IV
If this service is stopped, most Windows-based software will not function properly. Sterk
Don't disable it in services, disabling OMCI will stablize system omegajohn
when i start windows it eat my computer resources and cpu is at 100% 5-20 min after start ... don't know what to do :( Robert
Multiple instances appear during startup and then close down at end of boot sequence (Task Manager auto-boots each time I start up), Always one in 'Network service' and one in 'System'. Two, and only 2, programs on hard drive, located in C:\Windows\system32\wbem and ...\dllcache. No known problem in my operation that I have observed. SW
This is part of the OS and poses no threat. This is used to query a computer for information.  See also: Link Neil
Wmiprvse.exe is a windows update service that checks for updates, downloads them, installs them to your pc all depending on your automatic updates settings. My pc in different instances would run like it was at 5 % power, things took forever to load & my hard drive light was constantly on. In my runnning processes I saw that wmiprvse.exe was running, & taking up a minimal amount of cpu. I finally instead of doing a system restore to the previous day like I usually would, I waited & let my computer sit for over 20 mins, to have windows updates popup for me to install the new updates downloaded.  See also: Link Sam
Seems to be genuie, doesnt change the fact that its annoying as hell and generates tons of errors, delte/rename the file. blub
Popped up after starting Skype and Trillian, so many of the comments above seem to make sense.I have no problems with it so far. Self Taught.
If you have the real one in sys32\wbem then no probs, multiple entries or other locations then start worrying! daviej
It's just a little job that loads on startup. Not a problem unless it's on the wrong directory. troseph
the process closes after the OS starts about 5 minutes Dong
wmiprvse.exe is a legit MS file but it could be used as a portal for spyware or virus to operate. Check the link to scan your pc courtesy of MS.  See also: Link Norcoboy
This file is provided by WINXP:\I386\wmiprvse.sy_ It's not a virus! Cristiano
After installing .NET 2 and Visual C++ distributable, this file would be responsible for 'hardware errors' and BSODs. Disabling the two processes in the control panel allowed me to use the system again. I of course -deinstalled- .NET 2 and Visual C++ too, since I wanted a stable PC. Altare
Causes a four minute wait in loading Neverwinter Nights 2. Wait disapears entirely if I end it in Task manager. I've only got one in the system32/wbem folder. Stephen
You can run services to disable it. But quite a few worms and trojans attack this file, I would disable it in services, I have and about it eating up memory I dont know so much about, I looked the file up, because I was doing a process watch, and it popped up while i was watching. DarkMortal
"technology for accessing management information in an enterprise environment" "most useful in enterprise applications." To turn it off, Start - Run - services.msc - double-click on "Windows Management Instrumentation" and set disabled skaffa
Many other apps use this, like, remote desktop control client software, if your virus scan is up to date, this isn't a virus, secondly this is default in 3 locations if you run windows updates Richard
seems to pick up cpu usage on file transfers between workstations orangemek
Stop wasting your life with Windows. Mac OS-X isn't prone to all these Microsoft bugs and virus'.  See also: Link PK
If it's causing probs and you've got Zonealarm you can get Zonealarm to kill it run it tries to run. Solved my problems with Neverwinter Nights 2. (5-10 minute wait before the main menu appeared.) MrCrun
Didn't come up until after norton ghost was installed.
It takes lots of non-necessary prozess time. Ape
i had a good look in my program files (C:\Windows\System32\wbem) and it seemed harmless but the basterd makes my computer take 8mins to load and its doing my head in i was thincking about useing registy clean up tools to check that its sopose to load has any body else done this sam the computer geek
Check Services WMI Logon tab, set hardware profile to disable, Resource hog. bw
Found on my computer after turning it on. First it broke a few glasses in the kitchen, and then made a copy of itself in papier mache which it posted out (via normal snail mail). Extremely dangerous and virus-ridden. These comments are pointless. Colin McRae
Queued documents for PDFWRITER device had error condition. Deleted them and the wmiprvse problem went away. Mike McMullen
this file is causing the infected computer, running XP Pro to disconnect the internet and all other computers on the network. It constantly reboots, when running Mcafee virus scan, and slows down. I will try and start in Safe Mode and do a serach for all files as named. Kim
Part of WMI, like it´s said, i am not really sure about it. Spikes processor sometimes up to 100% usage^^ Alèx
From the research I've done, it's a legitimate Windows system file, but it was hogging lots of my CPU cycles...so I disabled the Windows Management Instrumentation service in services.msc (on Vista Home Basic...) ahoier
When this runs its seems to take up way more memory and process power then it should. Hard to do graphics when I have no memory! Joshua
It is not necessarily dangerous. However, even the legitimate Windows process can be used by dangerous scripts to hack your computers, it should be monitored closely, it has been used by hackers to read emails... to consider it very safe or very dangerous is not wise without more details. The truth is: it depends! Watch out! CyberForceField Creator
Those having trouble with this file don't really understand how windows works and what this file's function is in the scheme of things. Most of the problems described here are actually related to resource issues (not enough memory, cpu too slow, ... you would be surprised at how much you really need to run what your doing in windows when a simple web page in Mozilla eats up 40 or more MB or RAM). In some cases the file, while legitimate and located where it should be, will show excessive CPU use if a Viral process elsewhere is calling it's services. Webshadow
This file is part of windows but if you have office 2003 installed on XP Home it can cause problems. It use all the memory and will not shut down or release the memory. You can shut it down manually by going to Task Manager, choosing processes and ending the process. To stop it using the memory you need to goto http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us and choose the change settings or the remove hidden updates link (I can't remember which it is). Then set it to only update windows and not the office updates. I tried this and it works fine. Animal
Its a part fo windows system - not only SP2, its not dangerous, but might be very annoying. If your svchost take a lot memory and scratch disk, try to kill wmiprvse.exe Utterkill
it keeps trying to modify programs when i'm using the net, hogs system resources, disallowed, but it isnt dangerous or annoying if you've got a good pc. i dont have that luxury googboog
Should have added - brought server to a crawl - cpu pegged at 98% swisel
Fresh 2003 SBS lab install, antivirus install went bad. Working with vender on resolution. swisel
file is good, but process can annoying if certain permissions are not allowed for user (process will not stop trying to install over domain). people on here say it spikes processor usage? That depends on your processor and is not necessarily an issue anymore with 5.008 mb of memory it can't be doing that much? clint
It's simply the service that handles error reporting. Thats why it comes on and then goes away. Also why it can use so much power. SuperTech
came when changing msn messenger preferences noname
I know that after I downloaded SP for Visual Studio I suddenly had several trogans detected on my system. WMI is used by VS 2005. I have not installed the SP because of this issue. As soon as I deleted the wmiprvse file from other locations than mentioned in this post, my cpu stopped going up to 100%. Gail
The file is a part of MS update. I had this on my PC and found solution from link attached.  See also: Link jimmy
I also killed the HPtoolkit service and it is not consuming my CPU anymore JJ
for those of you where this service eats all your cpu - don't monitor so many things in performance monitor! paul
came in disguised as an attached web page w/email wmiprvse.exe[1].htm
it is just an HP program that runs in the background, I think it is for the HP update's. humblunt
Windows Management file... its harmless. If you're seeing high CPU utilization, on a server (domain controller) or other windows clients. Check your other network devices. If you have a mac, or unix running SMB(samba) with the same domain name as your Windows domain this can cause this process to go haywire. Change the name of your samba server. (e.g. a Mac Airport Extreme will grab the domain name from the DHCP server, that could be your windows server handing it out.) Tim7ad
once you kill any HP services, it immediately stops Dali
My windows runs much after disabling it. Joe
Can confirm, it seems to be installed with SP2 Neil
I loaded the whole PD + goodies, for my HP 2605 laser printer. This thing popped up and took over my machine. I uninstalled the PD and then manually removed anything "HP" with add remove. I installed the bare minimum PD for the printer. This thing did not appear and all is now well. socrates
This file is part of windows xp by default, the Security center, IPv6 Helper (for those on ipv6 networks, makes it so you can connect to the net), and for internet shring iss server. Generally by default, you do no have to have this file running, your security will run without Security Center, you just cannot monitor them all at once (if you call that system monitoring). If you share your internet connection over your network(e.g. its connected to your computer first), or are willing to deal with no net to the rest of the systems sharing your connection. Chase-san
seems to be linked to HP ToolBox software. After I killed the HP Toolbox (HPTLBX.exe) process, wmiprvse.exe dropped to zero cpu usage. Thomas
windows xp pro file comes with microsoft.NET.framework2.0 [2.0.50727] william
Provides a common Interface - you can disable it and only a few programs won't work - just run services.msc and set it to manual or disabled - then see how your many of your programs are still fine Xandy
Worked for me to - If wmiprvse.exe is eating up the processer try killing the HPTollkit - Seems to be some resource conflict. Hopefully, HP figures it out Rob
Loads with Volume Shield Anti-Copy (VSAC) to prevent autocd runs and USB data theifs, but drains about 33% of CPU continuously- very bad, why i wonder. I can't end it (autoreloads) unless VSAC is exited.  See also: Link Terry
As long as the file is found in the system32 subdirectory, it is OK. So, do a search and make your own determination. Pepe
Once I ended the HP printer toolbox process, it stopped using my CPU 100%. Nick
eats between 80 and 100% of CPU. I declared it as a malicius program and avoid it to run and my PC improvede his performance! IKL
Removed all HP Printer and Gallery software - except printer drivers and it no longer is a problem. Alan
i think it only showed up after I installed windows media player 11, Aino
In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail. The next request to WMI restarted the service.  See also: Link Brian
Tiger is correct. After install HP tool kit, it make my PC run extremly slow. I find out it take 55%-75% of CPu usage
I had complete system usage due to this file until I removed the HPtoolkit. Now my system runs smoothly. Chris McDonell
After changing to a newer nVIDIA drivers on my laptop, this process showd up. I assume it has some memory leak since it restarts in the task manager every few seconds and the CPU usage is jumping constantly between 2% to 35% in idle. I don't think it's risky but very annoying. the link I provid describe my problem exactly, but the problem is I don't have Microsoft server 2003, I run xp sp2. on a pavillion dv8000 with gforce go 7600.  See also: Link Bez.
starts when you set a service to restart after failure in services console. Kristie Mansfied
The firewall and ics is dependant upon. auftspeed
the all lowercase version is a windows file. be suspicious of the all uppercase processes, tho some of them are needed
Can run with high cpu if MOM agent is installed on machine. Ravelin
Being an IT Consultant I'll say do not delete this file as long as it's the origanl MS file. It is very usefull for Monitoring and such. If it's chewing your CPU, Find out what is querrying WMI and stop that. Cipher
wmiprvse.exe located in C;\Windows\System32\Wbem. with microsoft certs is completely fine. WMIPRVSE.EXE is a copied version supposeldy trying to look like wmiprvse.exe is a virus/spyware etc. If it hogs your computer, buy a better one. PyroUK
This executable is a possible hijacker opportunity. It must reside ONLY where the experts recommend (for services.exe, path should not exceed system32 folder) (for wmiprvse.exe, path should not exceed system32/wbem folder) It will crash your programs regularly or lock them up. It is currently under investigation on my 2003 server and will be resolved or destroyed (keep a back up of it always) However, if I determine that I can live without it... bye. trustnoone
I fixed the issue by using sfc.exe with a Windows XP SP2 cd. It's only harmful if showing on Task Manager as a "Network Service" and is using all available CPU time.  See also: Link Tedfrd
i think it would be harmles, if it would be in the system32/wbem directory, but this file was in many different directories at my computer. ichi
I developed an application that used WMI and this exe was launched every time I made some operations with WMI Taras
Eating 100% of CPU time, installed with LaserJet 3390 and .net package Halibut
It just appeard one day my fire wall detected it i personaly think any programe that wants internet access and can control your computer and give out information is a invasion of privacy block it. Tony
found in c:\i386 and as most before in c:\windows\system32\wbem mechati
McAfee and SpySweeper both ignore it. It is, however, alarming when it starts grinding the HD as soon as you enter an unfamiliar website. Harmless part of WinXP. Yup yup yup
I just had to update the driver on my network card. I used the Win XP update driver function in the Device Manger window for the network card. And rebooted....wmiprvse.exe shows zero cpu usage now. During previous days I had tried trying may of the other options suggested here. NASA1
Reason why wmiprvse.exe has high CPU 50% is because of a software used. In my case after i installed ArcSoft media converter, the wmiprvse.exe process started running at 50% CPU utilisation. After uninstalling it, the problem went away. Raj
I also ended the user HPTLBXFX.EXE process (I think it's a HP printer toolbox) and the WMIPRVSE.EXE utilization goes to near zero. I have to end this process after every login, until I figure out how to remove it permanently. NASA1
this file is vital if you are using windows firewall. if not then disable service . start run type (services.msc) find (windows management instrumentation) under(start up type) disable it click (apply) click (stop), your done. jolly roger
terminate any process starts with HP and wmiprvse.exe will stop eating your cpu. Farouk Serageldin
enbedding trojanDownloader.delf camoflagued as wmiprves.exe/ Deny access if it seeks to install and is picked up by your firewall. Oni
The firewall pops up seeking permission for this file to access the internet. Fat boy
other wise known around the office as the "why am i perverse" file, it's basically a monitoring tool used by Big Brother  See also: Link jeff
it causes lag spikes and it also slows down your internet coldroll
As forThomas above, my problem was linked to HP ToolBox software. After I killed the HP Toolbox (HPTLBX.exe) Michaelrch
should have a process parent of svchost.exe, version 5.01.2600.3244 DOS filesize should be 218,112. Date could be anything based on Windows updates. Should only be in system32\wbem folder. Dave Henderson, 30 yr PC guru
This is a service related to SMS agent. If it eats up the CPU, try stopping it from Services console, under Windows Management Instrumentations. Ignatius
I just experienced this problem recently, and thought I should share the explanation for why it was messing my machine up...  See also: Link Zero-ID
Harmless process BoBy
actualy it is not dangerous it only shows up when you update it belongs to automatic update it is a process witch looks for the list of updates from microsoft and downloads them not daongorous i am a computer fixer i work at fixing computer i have my own store and i know it is not daengerous i have studied computers for 11 years so dont worry the computer master
It is a CPU soaker. Dual processors and it is taking 50% of one of them. RoadRocket
I also killed the hp tool box exe. cpu dropped right down. Great suggestion! pc-head
This Windows program runs any number of different "providers", which are also programs. The problem is, you can't easily tell which provider it's running. Windows is unnecessarily difficult to fix. One or more of the providers (probably Microsoft's "defender" antivirus scanner, which is installed each month during win update) runs at startup and scans a large number of files. This is unnecessary if you have good antivirus software (like Avira) installed, but I don't know how to remove the Microsoft antivirus program.  See also: Link David Spector
I also had HPTLBXFX.EXE (HP printer toolbox) which was causing wmiprvse.exe to have cyclic utilization from 0 to 100% several times a minute. (Windows XP) 3/19/2009 steve rueg
Windows Instrumentation service, not really required, can use up all CPU and slow the whole OS down for no apparent reason John
Required for Background process management. Read it up in services. And for further information read up about on BlackViper's website about services and turning this off (Not recommended) J_Ohm
Windows Management Instrumentation Egal
No threat on its own, but a popular target for trojans that guy
It seems to come on and devour all CPU % it can. If I close it, everythng runs fine, but it will reinitialize, adn I have to close it again. If I leave my computer on, it will resume using 99% of CPU all the time, making it impossible to do anything. it really behaves more like a worm/spyware than a legit program. Chris
My applicated system detects it trying to modify and connect. My computer has been doing strange things ever since that started happening. Kelly
my sygate firewall gave this detail.......Application Hijacking has been detected..The application: C:\WINDOWS\system32\wbem\wmiprvse.exe try to launch another application: C:\Program Files\Mozilla Firefox\firefox.exe to go to remote host mail.google.com.........after a few minutes i tried to login to my gmail account but in vain...my mail i.d was hacked!!!......thanks to google support i could recover it........but my avg antivirus is not detecting it as a threat....... varuu
Runs at startup more often than not, it's never caused me any problems on any computer. Wouldn't worry about it too much. Meoff, Jack
this is a virus if it is acting this way usually picked up from p2p networks i.e. kazaa bit torrent it likes to tie itselsf to or block any .exe file you try to run. Danno W. CBP
I found it in the process folder, and I've never really seen it in there. Random Person
In case people haven't mentioned it yet,I discovered that wmiprvse activates when you initiate a RAM consuming program,such as a PC game. Templar
QAppears to be legit, based upon location, but STM reports that is takes 180% of CPU. Windows Task manager reports about half that. When Symantec RTVSCAN.exe cranks up, I might as well go home for the day. Fitz
It's not dangerous on Xp, but its rather annoying. Nothing to fear unless you hate the annoying popup. Spikey
its dangerous and hogs up pc, had to use cmd to delete it mik
Try uninstalling SpyBot if you have it installed. wmiprvse.exe was maxing my CPU and removing SpyBot solved the problem. Bob
on my XP Pro SP2, it shows up on TaskMgr ONLY at startup & for about 5-7mins--during which it eats up a lot of RAM, and then dissapears GinnaBL
I opened a picture I found on a forum and my picture viewing software tried to launch Firefox to an unknown IP. Luckily my firewall caught it and i neutralized the threat but it still kept trying to launch more instances of Firefox so I rebooted my system. When it came to again firewall told me that wmiprvse.exe had changed since the last time I used it. Of course I denied it access to the network but it hasnt reared its ugly head in a while. Antivirus doesnt show a threat however. Gabriel
This file will make your monitor cry real tears - delete your Regis Tree to fix it. Computer Expert
vital process
Go to microsoft.com search. Place wmiprvse.exe (your os type here) in the search box. press enter. you will get the information your are looking for. Most of it is for hotfixes and can be left along until you get the MS update. But read theese articles before you do anything or contact MS support for your problem. Fred
Recently being infected by virus, virus launched wmiprvse.exe and ctfmon.exe, I suspect virus is using those services for keylogger/surveillance exploitation dan
Killing process on Vista Business. Disabled it as mentioned and processor is running at 2-3% verses 70-90%. I am running HP software but did not take the time yet to figure out what piece may have been causing the trouble. PaulTN
installed w/Messenger; it needs more holes in firewall to operate this guy
Varuu is absolutely right. I am an engineering student. This file is being used to hack email ids(for reading mails), but passwords cannot be changed Himanshu
Hp printers use this with the web based printers. If the printer is "mis" configured (ip/spooling) it will cause this to use 100% CPU and lag the whole system. I uninstalled the HP product and its was back to normal... Any system file can be hijacked and used for a Trojan/worm DarkenDEV702
windows XD celmairauu
i have 2 wmiprvse.exe files, one is in Wbem(where it should be) and i have another in a map called C:\WINDOWS\SoftwareDistribution\Download\40b9d67f066af972fe520ac6c2f6fa7e, and it eats all the cpu i can't play games, should i delete the mystery one? PS it stops my mouse from moving, and gets me like 1 fps -.- sad Lord Flingpaket
AVG is showing this as an ifected file and wont repair
High CPU utilization generated by the wmiprvse.exe process. Download the fix from MS. (link included)  See also: Link Ron Ray
It is used by numerous programs to run numerous ascepts under the hood, such as many windows mangement detials. James Phillips
It opens sometimes. I always shut it down before connecting to i-net, no errrors afterwards. Does it send any info to Microsoft? Kelly
Eats up 50% of my CPU on average. I just terminate it, safe to terminate, didn't start itself up again (Windows 7 x32) Pearly
Drives me nuts, likes to devour my CPU time. Pavlo Fabri
Normally, wmipvrse.exe is a valid windows/system32 file, and with SP1, it stays in the WDEM directory at about 199KB, and has the SP1 distribution date of 8/29/2002. But when you get the virus, you will find another file, of 38KB size in the Windows/Prefetch directory, with the same name (same name prefix, with the hexadecimal gibberish and the the “pf” extension, but a more recent date. Deleting that file and rebooting seems to fix the problem, the original MS file seems unharmed. Vince
Wmiprvse.exe and associated WMI components are stored in the following path: C:\WINDOWS\System32\Wbem If the above mentioned file exists in a directory apart from the System32 directory, it is definitely a virus, spyware, Trojan or Worm. Developers utilize the wmiprvse.exe file to create applications that are deployed as monitoring tools. These monitoring tools can provide real-time information to users or alert them about significant events or changes that occur within a network, or to a file or application.  See also: Link
It´s a part of wmi, it´s updated with KB971513 patch by microsoft mighty duck
Just go run "services.msc" then go pause Windows Management Instrumentation. Wait for sometimes, then suddenly you will notice some service go up to 100% and not wmiprvse.exe anymore, now we know what 'bastard enemy' which use wmiprvse.exe to eat up the resorces kamferd
total harmlos
On Acer laptop looks after the battery C.
I saw 2 wmiprvse processes from the right directory (Wbem) running on a dedicated SQL Server with 1 CPU under MSServer 2003, 1 under the system account and another under the network service account. The last one brought CPU usage to 100% continuesly. After adding 3 more CPU's to the server and restrarting, the process calmed down to allmost 0%. After lowering the number of CPU's to 2, the server is still running fine. Huub Loete
I have to WBEM folders and two sets of wmiprvse.execs. I delete the WBEM folder that is outside of the system32 folder and in the windows folder. I scanned them both and nothing pops up. TLCtheTexan
Wmiprvse kill my mozilla, it's a dengeraus virus for windows and network Mbah Marijan
Stops the loading of many programs. Just kill it in Task Manager TexasKid
It drives me crazy,uses 100% cpu and starts at random bigbaldbob
This file is needed by win to run programs through svchost. It should be located in Win/wbem and it should also have a driver named wmiprvsd.dll aswell. If found anywhere else then use a trojan remover to get rid of the problem - I reccomond using Emsisoft Anti-Malware. Jezza
this is a bad online AV security PAC
when I had an HP checking for updates and I stopped the update search process, I noticed this file came up. So I think it is just a file involved with updates of any sort and maybe if the update search process is interrupted, it activates the file sort of a logging of a "proble" RMVO2010
It makes my cpu running at 100% but i didn't do anything, better kill this process Reita
XP Aug 2010: I delete the file C:\WINDOWS\System32\wbem\wmiprvse.exe then watch a few seconds later as it re-appears. Seriously weird! Its as if a copy has been retained in a cache then re-written if it is missing Phil
sure its associated with a hole from hp printers in the sistem; I used regedit to remove this wmiprvse.exe, and wise registry cleanner and ccleanner after removin mannualy as its invisible, I hate hp printers. Gabriel Ishida
I saw my IE crashed and it become unresponsive. I feel this can be used as a watchdog as many mentioned here by sysOp or bad guy Satya
I've been swearing all Saints out of heaven because of WmiPrvSE. Finally I found the culprit, namely a Cisco application for network management that I accidentally had installed when buying a router. I think that if you encounter this WmiPrvSE issue you should not stop looking before you found the culprit as in most cases it has no reason to run on your PC. Rudi
causes my Kapersky antivirus to stop dead in its tracks and hang for hours. Doesn't report it as a problem, but stops dead. Mine is frther labeled \netshell.dll. seemore48
This is a new file that was introduced in windows XP/2003. It is the Windows Management Instrumentation Provider Service and it is an essential Windows XP/2003 service which will start whenever software requirires its facilities. OnLooker
WMI is very useful for development, but WmiPrvSE.exe is using nearly 0.5GB of memory! Increased steadily during long running process in a little console app I wrote that loads XML data into SQL Server 2008 antmx
it runs when windows NT start up wemee
Helps other services run, but doesn't hurt if it goes missing. Change it from Automatic to Manual and stop it. Check depencies, and if you don't mind losing whatever was dependent upon it, kill it. Saw my processor go from 100% down to 2%... JollyRedGiant
Virus : Only If running outside "System32\wbem\". Then Disable it's autorun, reboot in safe mode and delete it. Otherwise check for its properties first and if needed replace it with the original file before. Sanzuki
It's not a necessary process, as I can terminate it with no ill effects to my system functionality. However, it instantly opens itself back up after I close it. It's definitely annoying. Definitely unnecessary. And Definitely using up a lot of memory. Karl
The wmiprvse.exe process stands for Windows Management Instrumentation Provider Service. It is a Microsoft Windows component that provides management information and control in an enterprise environment. Managers can use wmiprvse to query and set information on desktop systems, applications, networks and other enterprise components. Developers can use Windows Management Instrumentation to create event monitoring applications that alert users when important incidents occur.  See also: Link Alex
Windows system file, don't listen to the uneducated. McJaff
it gave me blue screen of death -- took it out no more problems schubbie
Everytime Wmiprvse.exe gets active the CPU - use but also the use of memory rises - it rises so much that the ventilator starts turning harder and louder - Windows - Taskcontrol , show that programs getting active without a clear reason and causes the use of an extensive amount of menory and CPU- I think the program in map wbem , is being used to spy on ones computer w. von koln
Windows file
A system process but I found Adobe uses it to pull information about your system and to monitor software useage. After examining the data packets it does pull user identifiable information and other information that doesn't really have anything to do with their products. Bad Adobe! Bad! - May 2011 Hap
It is invoked as part of the PretonSaver printer ink saving routine. As a Windows component it is there for a reason, to notify various utilities that an event has occurred to which they have been designed to respond. Obviously, ading more and more processes increases the load on your CPU but if you want the utilities then you have to "pay the piper" Colin
If it's outside the windows folder then is virus. Check the link  See also: Link Jeremy
The wmiprvse.exe file is located in the folder C:\WINDOWS\System32\Wbem. In other cases, wmiprvse.exe is a virus, spyware, trojan or worm! However, even it is original OS file under system32/wbem it can cause 100% CPU usage (because of internal infinite loop) (or 50% on dual core CPU). You can kill it with risk of data loss for application using WMI service. it will be re-started automatically on next request (and maybe could cause high CPU load again but not systematically). But DO NOTE that WMI service SHOULD NOT be stopped/disabled. About this high usage CPU cause, I found several explanations on the web: CAUSE 1/3 -bad wbemcore.dll (from XP SP3, there is regression and user name is sometimes not converted properly because some DLL provided string whereas other expect a SID and this causes a log error. i downgraded from wbemcore XP SP3 to SP2 but this did not solve high CPU usage for me. High CPU USage Cause 2/3: - bad cimwin32.dll (this can appear on windows server 2003 after apply/install SMS2003) under some very special circonstances: different languages of some WMI data (Unicode, not unicode), different local language,... some patches exist (1 patch but there are different versions for different versions of SP and also different CPU type) from microsoft but only for windows server... i update cimwin32.dll to the one for windows server 2003 SP2 but it did not solve it for me. High CPU USage Cause 3/3: - last but not least!: some compatibility of WMI with some software: if installed, Tight VNC can cause high CPU. You can upgrade it to a version = 1.3.9. if SpyBot is installed, it can also cause high CPU usage in wmiprvse.  See also: Link Pascal
Microsoft Windows Management Instrumentation. UpenderA
I have the same issue as Ryan, that is, it "Pops up randomly without me doing anything and lose connection for brief second" causing errors with downloading and pauses network connections. I also found "wmiprvse.exe" in four different locations on my computer. Deleted all but that one in C:\WINDOWS\System32\Wbem. Ray
This file was eating CPU upto 80 -90 % on a 8GB RAM machine. Once I deleted it as outlined above no more problems. You may also want to check in your prefech files because there is a PF file there that will retreive this monster. Steve
I'm an Deskside Engineer and dealing with a simular call. It could be Webex software causing the issue, wmiprvse.exe located in C:\Windows\System32\Wbem is a normal process used by WMI Windows Management Instrumentation and should just be one version. HPtoolbox and Webex can cause issues. Tried stopping the Webex process and has stopped wmiprvse.exe using a constant 25% cpu. Trevor
Windows Firewall component
A harmless service wouldn't take up 100 percent of your CPU power , and definately there would be no "Trouble" removing it. What this service does is it creates a new group called "Trusted Installers" and gives Full Control priveliges , and restricts other groups permissions to the processes ( Such as Administrators) so no matter under Safe Mode nor any other conditions you won't be able to delete the files manually, Now you need to run the regedit , with elevated privileges ( otherwise the entries for wmiprvse.exe will stay in the secure entry mode) then try modifying the values ! Emandem
Only prob I had is when I had Network Meter V7.0.4 installed, and both the program and wmiprvse hogged the memory, installed v8.1 and is now ok bingo99
when i started the explorer-search with "wmiprvse", it found 7(!!!) matches. 1: (text written in blue @ this one) C:\windows\$NtUninstallKB956572$ 2: C:\windows\Prefetch 3: C:\windows\System32\wbem 4: C:\windows\$hf_mig$\KB956572\SP2QFE 5: C:\windows\$hf_mig$\KB956572\SP3GDR 6: C:\windows\$hf_mig$\KB956572\SP3QFE 7: C:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1 i think i have captured a virus/worm at rapidvideo. sometimes, i have red&blue stripes all over my screen, since i watched the last 3 episodes of witchblade there. if i shut down the wmiprvse.exe-proceed and send the cpu into standby for some seconds, the stripes are gone. i dont know what to do now...if i delete the wrong stuff, windows could become broken. if i delete nothing, the stripes will appear again... Highländer
Windows file. In other location than the one there, it is malware
I found it in more than one location.. Deleted all but the one in C:\WINDOWS\System32\Wbem Tim
"It is a windows system core file" AND ""it is NOT a windows core file" /fools. Expert of everything
It shuts down some programs and games right after i run them! I found that file in system32 folder and deleted it! atomxz
This was taking up 25% of CPU usage .. I noticed that when I closed my sidebar (Win Vista) it dropped to 0% usage!! I was running network and CPU monitor apps. Graham
i found this in my task manager using 3-6%cpu i was concerned because i didnt have this before was scared it was some kind of virus turns out it was the result of my new keyboard. cake
for all those who want to at least decrease its usage. enter task manager find the process right click and select priority, now simply set it for low. so it wont slow you down as much James
Unnecessary for the work that I do... Tom M.
Norton 360 blocked this for unauthorized internet access multiple times so this led me to believe it could be something dangerous PresD
Highlander - all the above files are fine - this is NOT what is causing your problem. File 3. is the current file, files 1., 4., 5., 6. and 7. are Windows Updates of this file. 2. is Windows optimised version for fast start-up. Protopia
CPU HOG. Microsoft could care less about compressing service files. This is an 8GB RAM system and this WmiPrv eats it all. I am FORCED to stop all work until it is through getting whatever it wants from my system. Shame on you MS Steve
Windows Management Instrumentation  See also: Link Reconix
This process is safe
to remove: run/regedit crtl+f type 'Wmi' and a folder should appear delete it and reboot. it shouldn't appear in task manager anymore hope it helps! -Jp Jp
Something calls it up and when it keeps it running forever, that is pathological. It's the thing that calls it up continually that needs to be rooted out and killed. Michael Lewis
I open resmon and suspend both instances of wmiprvse.exe. Then it stops grinding. (Only one of those two is running.) It's annother annoying load on the computer, created by industrial market state interest in monitoring absolutely everything people do on computers. Hash
reputable antivirus classified this as dangerous. wmiprvse.exe pid 1304 alex
Proccess unknown at the moment but from my experience it's causing my cpu to have spikes at random and reduced my gaming experience greatly. Heck, three minutes ago i just done a manual chkdsk on every drive because of it. This process caused explorer.exe to freeze at booting, so it's dangerous after something happened at the background. Meaning we can't track what the hell started the problem i listed before. M.R.L.P
This file I've seen floating around my computer, and has eaten up memory along with flooding my internet and cpu usage. I am using Windows 7. If you have Windows 7, delete all cases of this file. Jared P.
On startup, WmiPrvSE.exe grinds continually, surging about once a second. If I suspend or end it with resmon, it stops. It always has two instantiations and one must stop both. Doing so does not seem to affect the system in any way. I'd like to remove it permanently. Michael
WmiPrvSE.exe causes high CPU load usage. When you close it, it starts up again. Msconfig does not list it. How to fix: Look for the process "unsecuapp.exe" and kill it. Now WmiPrvSE.exe stops using so much CPU Flight
It looks like it's just a program that polls the PC and reports network usage, I had a widget that showed my network usage and it was spiking one core of my CPU to 100% every other second. Removed Network widget and problem solved. Boogs
Supposed to be a Windows file. After drilling down several folders on network drive, Kept making current focus move up/back one folder, every few seconds until at drive then disconnect my network drive. Sam Douglas
Microsoft Security Essentials antivirus classified this as dangerous. wmiprvse.exe Örjan
It (wmiprvse.exe) is trying to network with printers that no longer exist. Simply go to your control panel, printer list, and delete all printers that you don't use. My CPU usage was at 100% continuously from this program. Once I deleted 4 old printers, the CPU usage was back at low usage. Do not delete the program, or disable it! Ryan
It is a safe file but it is a pest using all the CPU up without giving any clear advantage or reason,killing it will cause it to start again almost immediately but if you have AnVir free task manager you can suspend it & that stops it until you click resume, probably other task managers have suspend function too i don't know,But that's what i have and it works on Vista and 7, haven't tried it with XP Cygnus
It is a safe file if it is in the correct folder but it is a pest using all the CPU up without giving any clear advantage or reason,killing it will cause it to start again almost immediately but if you have AnVir task manager you can suspend it & that stops it until you click resume, probably other task managers have suspend function too i don't know,But that's what i have and it works on Vista and 7, haven't tried it with XP Cygnus
Causes CPU Spikes and high fan issues Matt
It comes back at each startup! How can it be permanently stopped? Larry Lancaster
its a huge ... and it harm to my internet connection me
all the CPU up without giving any clear advantage or reason,killing it will cause it to start again almost immediately Tom
This is CPU eater Josek Goldman
On my Win7 pro machine, I find two copies of the program. WmiPrvSE.exe from c:/Windows/System32/wbem WmiPrvSE.exe *32 from c:/Windows/SysWOW64/wbem I had to hard kill the computer with the power button as it would not completely close down the normal way. Since I have restarted the machine, it seems to be running normally with these processes without hogging the machine. When it was running badly, it had all 8 threads ties up and my memory usage was almost 8Gbytes. Now my memory usage is only 2.5Gbytes. steve13565
Controlling rogue wmiprvse.exe in Windows XP Pro Right-click My Computer and select Manage. Open Services and Applications (click the + box) Select Services Scroll down to Windows Management Instrumentation Double-click on it OR Right-click & select Properties Change Startup Type to Disabled Click on Stop Click OK Close the window Reboot Right-click My Computer and select Manage. Open Services and Applications (click the + box) Select Services Scroll down to Windows Management Instrumentation Double-click on it OR Right-click & select Properties Change Startup Type to Automatic Click on Start Click OK Erwin Schaefer
Avira antivirus is causing the problem I uninstalled it and my system is fine now. i am using AVG antivirus.

If you know more about wmiprvse.exe, share your knowledge and help other users.

Security Rating:
Your opinion about this file:
Web page with more details:
Your first name:

More process information

Is wmiprvse.exe spyware or a virus, trojans, adware or worm? Is there a known wmiprvse.exe error?

Other Processes

[wmiprvse.exe in German] [all processes]