wmiadap.exe....again

Discussion in 'ProcessGuard' started by INTOXSICKATED, Apr 4, 2005.

Thread Status:
Not open for further replies.
  1. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    i searched google about wmiadap.exe to find out what it was, but it eventually led me back here. i've searched the forum and come across a few threads, but i'm still a little unclear on how to solve my problem. i am aware it's a microsoft process.

    anyways, just recently wmiadap.exe has been popping up requesting access. pg stops it, i deny it access, and wait 'til later when it all starts over again. i never had this .exe ask for a permission before, and it just started out of the blue. my computer is spyware and virus free ( at least according to the programs below). i check process explorer as well, and nothing weird or out of the ordinary there as well. i came across this old thread from last year. i already have error reporting disabled. it seems the outcome to solving the users problem was to disable windows management instrumentation. i checked black viper's website and he recommends not disabling it.

    does anybody know why wmiadap.exe would all the sudden start asking for permission when i never did before?

    furthermore, is it safe to disable?

    maybe permanently denying it is the way to go?

    or what would giving it access do?

    thnx in advance.
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    This may be caused by the application 'FireTune' for Firefox. I had the same problem that you mentioned regarding wmiadap.exe after running FireTune. I did a clean install of Firefox (1.0.2) and am no longer asked to give permission to wmiadap.exe. I am running the Full version PG 3.150. Hope this helps.
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Tox, If you look in Administrative tools - Event logs, this may help you find what particular event is causing wmiadap.exe to start.

    HTH Pilli
     
  4. Hmmmmm I too have started getting PG popping up with wmiadap.exe thingy
    It started on April 1st on my machine...at first I thought it may of had something
    to do with the time change. I've been denying it ...so far my machine runs okay.
     
  5. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    here is the pop-up i am getting, what is wbem?
     

    Attached Files:

  6. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    this is what the event viewer shows.
     

    Attached Files:

  7. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    and......
     

    Attached Files:

  8. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
  9. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    You are simply seeing Windows OS performance optimization at work. Under the hood there are a slew performance adapters that collect and fine tune performance. Wmiadap is one of them.

    I'm not sure what triggers wmiadap.exe /f /t on my system since I routinely disable it with the Extensible Counter List (exctrlst.exe), but it always seems to start loading shortly after boot again out of the blue. A performance data file will appear in the temp folder while it's running, then it quits and I assume transfers this performance collection data into the wbem logs. What it does with this data or how it enhances "performance" I know not.

    Search on Microsoft's website for "exctrlst.exe" and "showperf.exe" tools. I think they bundle them now with a huge collection of other advanced tools for XP SP2. Versions are available for W2K also. If you have concerns about what it is monitoring, showperf.exe will display the raw buffer data, assuming you can make heads or tails out of what it displays - never tried it. The Extensible Counter List (exctrlst.exe) tool will list what performance adapters are installed and enabled on your system and allow you to disable or reenable each performance adapter.

    I normally allow this performance adapter to run when it re-appears on my system, but after a few days my minimalist ways (less is more) send me to exctrlst.exe and I disable it. This one seems to reenable itself on occasion, I assumed maybe because of a driver update or Windows Update, don't really know. The effect of disabling performance adapters is unknown, so if you disable them, you are on your own.
     
  10. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    FYI, for a quick solution, look in the windows/system32/wbem/performance folder. You should have some ini and other files in there. Drag and drop them onto notepad and you should get an indication of what performance monitoring is going on via wmiadap.exe.

    On my machine it's collecting performance data on my laptop's battery states and mobile CPU utilization. I assume XP uses this data to somehow optimize my Windows "XP-erience".

    How pleasant, I still turn it off. Although I'm sure it makes some sort of micro-milli-nanosecond improvement, that I'll never notice. ;)
     
  11. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, INTOXSICKATED

    Same as you here, I have just started to get wmiadap.exe trying to start for some reason.

    Strange as to why.

    I was hoping the hear whether it was all right [safe] to block [denial] it always.

    Take Care,
    TheQuest :cool:
     
  12. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    WMI = Windows Management Instrumentation is needed for programs like
    'pcwProcview' etc.

    ADAP = The AutoDiscovery/AutoPurge process transfers performance libraries to the WMI repository.

    WMIADAP.EXE is a process which forms a part of the Microsoft Windows Operating System. The AutoDiscovery/AutoPurge ( ADAP) process transfers performance libraries to the WMI repository. This program is important for the stable and secure running of your computer and should not be terminated.
    For More Detailed Process Information Get WinTasks 5 Pro
    Author: Microsoft
    Part Of: Microsoft Windows Operating System

    System Process: Yes
    Background Process: Yes
    Uses Network: No
    Hardware Related: No
    Common Errors: N/A

    Security Risk (0-5): N/A
    Virus: No ( Remove )
    Spyware: No ( Remove )
    Trojan: No ( Remove )

    (of course when not infected)
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Personally I have wmiadap.exe on both security and protection list (with the default allows).
    According to MS It is not recommended to remove this and it does actually perform a useful service.
    Running it has almost zero resource impact on my systems it is also very low risk from being targetted by the malware writers.
    Please connsider that when added to your PG lists the .exe cannot be changed without your knowledge and when running it will be protected from other forms of change.

    Pilli :)
     
  14. hmmmmm .....But you have to admit.....it does seem "odd" that out of the clear
    blue...it decides to activate not only on my machine...but several ppls machine
    at about the same time period, and who knows how many countless others.
    Ah the mysteries of Windows and the twilight zone
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Just a quiet housekeeper that goes about it's business when it feels fit or maybe that should be unfit :D I certainly won'y lose any sleep over it unless it starts hoovering at 2AM ;)
     
  16. My o my......Windows is such a tidy neat-nik... recently it also decided It just
    had to run defrag.exe.... Such a busy little bee......tidying up after us messy
    PC users.
     
  17. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Pilli's right, it's totally safe to allow to run, I leave wmiadap.exe set to permit always with the default settings in the Protection and Security tab also. If it wants to run, I let it run. I feel safe in turning it off using MS's utility, because it turns back on by itself when things change on your system. It looks like if you change services settings, install or update programs with services, or apparently if you sneeze near your machine, wmiadap.exe reactivates and starts optimizing in the background again. The /f switch handles performance data while the /r switch handles Windows Driver Model (WDM) drivers data. I updated a program yesterday and service drivers got updated and it turned itself back on.

    Using the MS utility I mentioned to disable it appears to be temporary for this one process. Not so on some other settings this utility will list. You turn some off, they stay off, so be careful with it.

    If you are curious as to what it is doing, look in the logs folder in system32/wbem. I think WMI logging is default set to verbose settings. There are also logs for wmiprvse.exe in there as well. You can change logging settings for WMI in the Computer Management console, by expanding the Services and Applications section and right clicking WMI Control and choosing properties. The choices are off, normal and verbose. But this only changes what gets logged, not what these programs do.

    Also if you routinely manually defrag your HD and you do not want your machine defragging in the background during idle periods of time, get the last version of TweakUIXP, under the general section there is a check box to disable "optimize hard disk when idle".
     
  18. Good replies guys:

    Geez it almost makes one yearn for the days of DOS when the OS only did
    something you asked it to....that is after you learned it's "Secret Hardshake"
    and wanting to Drop kick it when it beeped back at you.
     
  19. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Pilli

    I think you have nailed it on the Head, that what it must have been doing for me, what will good old M$ do for us next. :D

    Take Care,
    TheQuest :cool:
     
  20. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, INTOXSICKATED

    Do you have any Acronis products installed, ie Acronis Privacy Expert Suite 714.

    Take Care,
    TheQuest :cool:
     
  21. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    nope, never used any acronis products. i've decided to give wmiadap.exe the ok to run, with pg's default rules. strangely enough, i checked my alerts and it hasn't run in the last 2 days. still not sure what was causing it's sudden behavior, but like pilli said, i'm not going to lose any sleep over it!
     
Thread Status:
Not open for further replies.