wmiprvse.exe

Discussion in 'ProcessGuard' started by HankPiano, Jul 10, 2006.

Thread Status:
Not open for further replies.
  1. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    Sometimes PG is asking me questions or just making statements I don't know how to respond. Just now I get the message: wmiprvse.exe tried to install a driver/service. Okay, wmiprvse.exe located in sytem32/wbem is part of the OS, dealing with WMI operations. Under the security-tab it has been granted a 'permit always'. So, why does PG give me this message, what does it mean: 'wmiprvse.exe tried to install a driver/service' and what to to do with it?

    To be honest: I always feel a bit annoyed when the program asks me this kind of things without explaining what it means. A good virusscanner gives you information about the virus it detects. Is it really so difficult to offer more information about a message like the above, for instance with a right mouseclick?
     
  2. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    Open PG . Go to the Protection tab. See if it was allowed to install a driver.
     
  3. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    No, it 's not.
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    I believe it's because you have given wmiprvse.exe permission to always run (on the Security tab) but not given it permission to install driver/service (on the Protection tab).

    My advice would be to give wmiprvse.exe the permissions it requires. Maybe this post will help: https://www.wilderssecurity.com/showpost.php?p=139151&postcount=2
     
  5. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    Thanks. Sorry I couldn't reply earlier.
    When I installed PG 3.4 it asked me to allow the running processes (or something like that), wmiprvse.exe must have been one of them, so it came under the Security tab. I didn't yet know this file.

    But what is so important about wmiprvse.exe that PG alarms me with the message that it's trying to install a driver? A file like userinit.exe is granted this privilege automatically. I'm rather busy, why wasting my time with this kind of questions? It would already be more cooperative when PG offered me ANY information about a message or a question like this. Wmiprvse.exe is okay and needs to install a driver. Well, big deal. Why do I have to know that? Do I have to know EVERY little file in my system before I can use my computer safely? I think it's one of the weaknesses in PG. I expect a program like PG will warn me when something dangerous threatens me. I'm not waiting to be informed about every little trifle which is just doing its job.
     
  6. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    The thing is, sometimes system applications can be patched by malware and will perform actions out of the ordinary. So if a program such as Internet Explorer is trying to install a driver when it normally wouldn't, these alerts are relevant. ProcessGuard makes sure your system is performing properly by alerting you to the actions of the programs. It doesn't know what permissions these programs need automatically hence the Learning Mode, which should be run on first install and reboot or two.
     
  7. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    With all respect, I know all that, used version 3.3, installed 3.4, went over the PG-procedure again, checked what I found under the different tabs, and so on. When all this has been done you expect to be warned at the moment something could be a danger. PG tells me: wmiprvse.exe tries to install a driver. That's it. No information, no explanation, no advice, no nothing. What is wmiprvse.exe? Is it dangerous? And what to do? You spend some time finding out, time which can be used better, only to learn that wmiprvse.exe is just one of these files the OS needs. It doesn't make me happier. Sure, it's a fine program, Process Guard, but at the same time it has some rather unprofessional qualities.
     
  8. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    As I've said, though. ProcessGuard doesn't know what the programs are, so it can't always know why a program is doing the things it's doing. The fact that the progam is trying to install drivers seems abnormal to me as I have that disabled and haven't had any warning so far. I know it can be a pain not knowing what a process is and why it is requesting these priviledges, but keeping a database could become a pain as there are any number of software applications available. Add that to the fact that malware will use the same name as valid processes (plus the number of types and variations keep increasing) and it can seem futile. In regards to common Windows OS process, if possible, I would like a database or an entry in the help describing what permissions they should require. They do have a database of some common processes on their site which describe necessary permissions (just an FYI).
     
  9. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    I completely agree with that. It would make PG a bit less puzzling for the common user (not necessarily being a n00b). Just now I downloaded the PDF helpfile from the DiamondCS site, when I opened it PG immediately gave me the message: acrord32.exe tried to install a driver/service. A courteous and professional PG-gesture would be: right mouse click and WOW, there you see at the same moment some relevant information about acrord32.exe.

    As I wrote: PG is a fine program. Because I was curious about it I asked at another forum (of computer addicts ;) ) who was using PG. So far nobody appears to do so. One person replied. In his view PG was a totally superfluous program. PG, in its actual form, is not very well-known or popular. My personal experience is that the average user, who loves his Norton, doesn't understand AT ALL what PG is all about. So, my humble advice: when you want to make this program more well-known, make it more accessible in the first place. In this respect a good start would be better, easier and more specific information.
     
  10. SYS 64738

    SYS 64738 Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    130
    Hmm, I agree, this would be a nice feature, but if you would like to have a look here http://www.file.net/process/index.html you'll see this would be a really huge kind of database, however.
     
    Last edited: Jul 13, 2006
  11. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    I agree that ProcessGuard is not for novices, even using Learning Mode (IMO, at least). This is unfortunate since it is a very useful program. The main problem lies in when people are installing either updated drivers or programs that create their own service (i.e. security applications). Anyways, I'm not going to debate the issue of how big of an undertaking a database of processes would be (IMO, it would take a lot of time and effort), but a smaller database of builtin OS components and maybe some common programs would be nice. On side note, processid.com is listed in the MVPS host file (which I just found out by clicking the link). Also, McAfee's SiteAdvisor flags it as a bad (red) site.
     
  12. SYS 64738

    SYS 64738 Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    130
    Ooops :blink: , processid.com is a bad site? Sorry, i was not aware of this, so i changed the link above.
     
  13. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    Sorry to stray off topic again, but I can't say if processid.com is a bad site or not. It does link to sites of questionable repute, such as malwhere.com. Said site is the homepage of software formerly on SpywareWarrior's Rogue Anti-Spyware list (due to packaging adware/spyware with their software). According to SW, though, they are no longer considered suspect since they hadn't packaged their software with malware for at least 3 months. There is/are (an)other link(s) on processid.com to red site(s). Haven't really checked their reputation, though.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.