DRO Question

Wmiprvse - WMIPrvSe.exe

(Microsoft) Windows Management Instrumentation Provider Service first introduced in Windows XP, and then in Windows 2003. WMIPRVSE is a host process for WMI provider services. It is a new Windows architecture intended to eliminate the previous problems in Windows 2000 where the failure of a WMI provider service would make the whole WMI service fail as, then, WMI provider services were loaded in-process with the WMI Service (a new request to WMI would restart the WMI Service). With the new WMIPRVSE model, failure of a single WMI provider service affects that service only rather than the entire WMI Service. For the layman : this is an essential Windows XP/2003 service which will start whenever a specific piece of software requires its facilities.

Recommendation :
Essential – leave alone. Note that, as with SVCHOST, there may be more than one instance of WMIPRVSE running in your Task List : this is normal. Also, some users will never have witnessed the WMIPRVSE service running on their Windows XP/2003 PC, and then notice it running one day and every day thereafter : this is also normal and will in most cases be the result of some software having been installed (and installing WMI provider services) or the result of a Windows Update. Finally, as with SVCHOST, if you experience errors or excess CPU usage with WMIPRVSE, the problem will in almost all cases be with the WMI provider process that WMIPRVSE is hosting, not with WMIPRVSE itself, or you may have a hardware problem or incompatibility which is not yet at the "serious" stage – see if Microsoft’s Windows Update has WMI related fixes for your PC/Server; also, on a network, we have empirical evidence that poor network card drivers or chipsets on any part of the network may result in excessive CPU usage by WMIPRVSE.

 

Hello pandlouk....you now know what wmiprivse.exe is. Where did you get the info on DRO ?

 

Low level disk access perhaps?
Example:

A screenshot of the popup you're getting would be helpful. And it's quite normal that it happens for system processes and some applications.

 

wmiprivse.exe is not the managment instrumentation service provider;
wmiprvse.exe is.

I know about WMIP and I can assure you that no OS of microsoft ships with the executable wmiprivse.exe.

There are some articles on Universities sites about DRO. If my memory does not fail me IBM also has some articles about DRO and I/O operations in their knowledge base.

edit: It could be malicious
http://spywarefiles.prevx.com/RRHHDA44647478/WMIPRIVSE.EXE.html
http://analysis.avira.com/samples/d...6MB1Fx0qLSxLLNvStzX17U86qjOn&incidentid=98355

Panagiotis

 

Thank you...malware scans have not found it so i must have typoed.

 

Good find...thanks 3xOgR13N.