who is calling WmiPrvSE.exe ?



  • After my laptop hibernates and I wake it back up, WmiPrvSE.exe is pegging my CPU. If I kill the process, my laptop runs like normal. I thought I could use Process Monitor to figure out what is making the WMI call, but I think I'm missing something. (screen shot below) How else can I figure out what is calling this exe?

    0_1478572289526_WmiPrvSE.png



  • Isn't there an owner's tab? As in who owns that PID?



  • I can't find that column to turn it on, but since it's just my laptop, it's pretty much going to be me or localservice running it.



  • BTW, there are 49 PIDs with wmiprvse in the name, so this could take a little bit to get through.



  • Looks like you might be using the wrong tool.

    https://i.imgur.com/05DPv1P.png



  • I always get these two utilities confused.



  • I was using Process Explorer. I just didn't see the check box for "User Name" under column headings. I turned that on, and it tells me "NT AUTHORITY\SYSTEM" is the owner. I might just be wiping this laptop... I already uninstalled everything that I recently installed.

    From what I read it seems like some kind of program that has a little status icon on the task bar might be the source. I'll see how I make out with a selective startup.



  • @Mike-Davis said in who is calling WmiPrvSE.exe ?:

    I was using Process Explorer.
    I might just be wiping this laptop... I already uninstalled everything that I recently installed.

    Linux with a Wn10VM



  • @Mike-Davis said in who is calling WmiPrvSE.exe ?:

    I was using Process Explorer. I just didn't see the check box for "User Name" under column headings. I turned that on, and it tells me "NT AUTHORITY\SYSTEM" is the owner. I might just be wiping this laptop... I already uninstalled everything that I recently installed.

    From what I read it seems like some kind of program that has a little status icon on the task bar might be the source. I'll see how I make out with a selective startup.

    Oh.. you mentioned Process monitor in your post.. so I assumed that is what you were using.



  • @Mike-Davis said in who is calling WmiPrvSE.exe ?:

    I was using Process Explorer. I just didn't see the check box for "User Name" under column headings. I turned that on, and it tells me "NT AUTHORITY\SYSTEM" is the owner. I might just be wiping this laptop... I already uninstalled everything that I recently installed.

    From what I read it seems like some kind of program that has a little status icon on the task bar might be the source. I'll see how I make out with a selective startup.

    It's good practice to solve stuff like that but ultimately nuke/pave is faster and gets better results


Log in to reply