What is the WMI Provider Host (WmiPrvSE.exe)?
Before knowing why it consumes so much space of your CPU, it is equally important to know what is WmiPrvSE.exe.
| “WMI” stands for “Windows Management Instrumentation”, an important service required to run applications on your system. |
Most Windows users are unaware of this process, but that doesn’t mean it isn’t important. Like the Wsappx process, WMI Provider Host is not something you should think about unless it is causing high CPU usage.
WMI is a feature of Windows that provides a way for administrative software and scripts to request information about the state of your operating system and the data it contains. WMI Providers provide this information about your operating system when requested; on the Microsoft website, you will find a list of WMI providers.
This feature is mainly useful for companies that manage PCs centrally and even in a home PC where some software you have installed may request information about your system with the help of WMI interface.
WMI also helps locate useful information about your device that is not normally available in the Windows interface on your PC.
| Wmiprvse.exe is just the executable file for the Windows Management Instrumentation Provider service. |
This service is responsible for monitoring and error reporting functions. Some third-party applications also use this service to link with the management and monitoring services in Windows.
In general, you will not feel the need to disable or stop the WMI service or the WmiPrvSE.exe process. But there are certain circumstances where poorly written software or a virus can cause the service to drive CPU usage to really high levels; this can make Windows almost unresponsive at times.
Symptoms of high CPU usage
This is how you can ensure high CPU usage by the WMI provider host:
On a Windows-based computer, the Windows Management Instrumentation (WMI) Provider Host (WmiPrvSE.exe) process is known to use high CPU capacity (nearly 100%) for several minutes every 15 to 20 minutes. Whenever this happens, you can use Task Manager to determine the process identifier (PID) of the WmiPrvSE.exe process that is causing high CPU.
Open an elevated command prompt and run the following command:
task list /m wmiperfclass.dll
This will display the list of WmiPrvSE.exe processes loaded by this module. If the PID of the listed process is the same as the one displayed by Task Manager, it means that the WMI provider is facing high CPU usage.
Reasons behind WMI provider host using so much CPU
Although WMI Provider Host should not use that much CPU as it is doing its job i.e. providing the information requested by some software or script on your PC.
If there is high CPU usage, this just means that another application is also requesting data from WMI. and that is why WmiPrvSE.exe fails.
Also, high CPU usage is a concern, as WMI Provider Host is not something that is CPU intensive all the time.
This is why WMI uses so much CPU:
Identifiers are stored in the kernel structure BaseNamedObjects and the WMIPerfClass provider should scan this structure when creating the performance class related to job objects. High CPU usage is experienced when this structure has a large number of identifiers and the operation will also take longer than usual.
For example, when a process uses more than 30,000 identifiers, or the total number of identifiers in the system is greater than 50,000.
This fact will affect the creation of the Process performance classes, since it involves checking the memory area of each running process. The memory that is involved in the process can be partitioned and that will make the operation consume more resources, since WMIPerfClass will also request “expensive” performance counters. You can also check if expensive performance counters are enabled by running the PowerShell command:
(gwmi -query ‘select * from meta_class’). Name | ? { $_ -match “expensive”}
If you see output when running the command, it means that expensive performance counters are enabled; For example:
Win32_PerfFormattedData_PerfProc_FullImage_Costly
Win32_PerfRawData_PerfProc_FullImage_Costly
Win32_PerfFormattedData_PerfProc_Image_Costly
Win32_PerfRawData_PerfProc_Image_Costly
How to identify the specific process causing the problem with WMI?
So, by now you know that it is due to the misbehavior of another process on your system resulting in high CPU usage. Obviously, if a process constantly requests a large amount of information from WMI providers, it will cause the WMI provider host process to use a large amount of CPU.
So that ‘other process’ is the problem; but how to identify what specific process this is. For that, you can use the Event Viewer.
- For Windows 10 or 8: Right-click the “Start” button and select “Event Viewer” to open it.
- For Windows 7: Open the Start menu, type “Eventvwr.msc” and press Enter to start it.
- On the left side of the Event Viewer window, go to Application and Services Logs > Microsoft > Windows > WMI-Activity > Operational
- In the list, look for recent “Error” events. Click on each event and then check the number given to the right of “ClientProcessId” in the bottom panel. This will show you the ID number of the process responsible for the WMI error.
- You may see various errors there; it is possible that the error is caused by processes with the same id number, or there may be several different process ids causing errors. You can click on each one and check the ClientProcessId to find out which one is causing the error.
- After you identify the processes that are causing the error, you can pinpoint it. Press Ctrl+Shift+Escape to open a Task Manager window.
- Go to the “Details” tab and then click on the “PID” column to sort the running processes by process ID. Now find the process that matches the ID number you pulled from the Event Viewer logs.
- If the process is closed, it will not appear in the list. Also, when a program is closed and then reopened, it will display a different process ID number. Therefore, you should search for recent events, since older events will not help you find the information you are looking for.
- After getting the required information, you will know the process that is causing the problem. Now, you can search for your name to find out what software you are connected with. Or you can right-click on the process in the list and then select “Open file location” to open its location on your system. It will show you the software package that the program causing the error is a part of, so if you use this software, you can upgrade or simply uninstall it.
Should I disable the WMI provider host?
Although it is possible to disable the “Windows Management Instrumentation Service”, you should not do so as this can cause other things on your PC to break. WMI is an important part of your operating system and therefore should not be disabled.
Even the official description says: “If this service is stopped, most Windows-based software will not function properly.”
Therefore, it is better not to amplify your problem by disabling this service. You just need to identify the process on your computer that is causing the error and making WMI Provider Host use so much CPU; you can update, kill, or disable that process instead.
How to prevent WMI from using so much CPU?
Other than that, you can also try these solutions listed below as they can help you reduce excessive CPU usage:
It is possible that your device is infected with a virus or malware and that is what is causing the error. So, to make sure that your device is free from any virus, you should run an antivirus and if it detects any malicious programs or apps, you should completely uninstall them from your device and then reboot your system.
You can also try troubleshooting in safe mode, as that can also help you identify the problems:
- Press the Windows logo key and R to open the RUN box, and then type msconfig in the search box and press Enter.
- In the ‘Boot’ tab, check the box for Safe Boot and choose the Network option; then click Apply and press OK to save.
- Once you have saved your files and data, you can reboot your device to enter safe mode.
- In safe mode, press the Windows logo key and X at the same time; then select Windows PowerShell (Admin).
- Type the following command and press ‘Enter’.
msdt.exe -id Health Diagnostics
- This will open a troubleshooting window; click ‘Next’ to start troubleshooting.
- If a troubleshooter detects any issues, you should follow the instructions on the screen to fix the problem.
- In the PowerShell window, type the following command and press Enter.
msdt.exe /id Performance Diagnostics
- This command will open a performance troubleshooting window; click Next to continue troubleshooting. If the system prompts you to change something, you should follow the instructions provided.
- After the troubleshooting process is complete, boot into the “Normal” mood, and then repeat STEP 1. Go to the Startup tab and uncheck the box for Safe Boot. Be sure to apply and save the changes. Now, you can reboot your device in normal mode.
You can also restart the WMI Provider Host service whenever it is consuming too many CPU resources.
- Press Windows key and R and in the ‘Run’ dialog box, type services.msc and press ‘Enter’.
- Find the Windows Management Instrument service and then right-click on it and select ‘Restart’.
- Then press the Windows key and X simultaneously and click on ‘Command Prompt (Admin)’.
- The Command Prompt window will open where you need to type the following commands and press Enter after typing each command:
iphlpsvc net stop
wscsvc net stop
Winmgmt net stop
Winmgmt net start
wscsvc net boot
iphlpsvc net start
- After this, you just have to restart your PC.
So, this is how you can try to fix the problem with WmiPrvSE.exe and prevent it from crashing. If you still want to stop WmiPrvSE.exe from starting, which is not recommended, you can follow the information provided below.
To stop the WmiPrvSE.exe process:
- Press “Ctrl-Alt-Del” and click “Start Task Manager.”
- Click on the “Processes” tab
- Select “Wmiprvse.exe” from the list of processes and click “End Process”.
- Again, click “End Process” to confirm that you want to end the Wmiprvse.exr process.
Categories: Technology
Source: SCHOOL TRANG DAI
