08-24-2007, 11:23 AM
Join Date: Sep 2004
Location: Los Angeles
Post Thanks: 0
Thanked 0 Times in 0 Posts
| | wmiprvse.exe
Please Login to Remove!
Has anyone heard of a Windows Process called wmiprvse that is taking up at least 50% or more of the processes of the server?
I have seen that at 4:06 am, a monitoring solution puts this process at 50% and nbes.exe at 50% which equals at a 100%. This goes on for 5 minutes until the monitoring solution sees the server process go back down to 50%.
Any ideas or has anyone been having the same issue?
ND 6.5.5 on Win2k3 SP1 IBM X 336 Server (2.8Ghz) with 3GB of Ram.
A web definition of this process:
Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur.
In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail. The next request to WMI restarted the service.
Beginning with Windows XP, WMI resides in a shared service host with several other services. To avoid stopping all the services when a provider fails, providers are loaded into a separate host process named Wmiprvse.exe. Multiple instances of Wmiprvse.exe can run at the same time under different accounts: LocalSystem, NetworkService, or LocalService. The WMI core WinMgmt.exe is loaded into the shared Local Service host named Svchost.exe.
Note: wmiprvsw.exe is the Sasser worm!
Note: The wmiprvse.exe file is located in the folder C:\WINDOWS\System32\Wbem. In other cases, wmiprvse.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.