Friday, December 1, 2017

What Is the WMI Provider Host (WmiPrvSE.exe)


What Is the WMI Provider Host (WmiPrvSE.exe), and Why Is It Using So Much CPU?


The WMI Provider Host process is an important part of Windows, and often runs in the background. It allows other applications on your computer to request information about your system. This process shouldn’t normally use many system resources, but it may use a lot of CPU if another process on your system is behaving badly.
This article is part of our ongoing series explaining various processes found in Task Manager, like Runtime Brokersvchost.exedwm.exectfmon.exerundll32.exeAdobe_Updater.exe, and many others. Don’t know what those services are? Better start reading!

What Is WMI Provider Host?

“WMI” stands for “Windows Management Instrumentation”. This is a Windows feature that provides a standardized way for software and administrative scripts to request information about the state of your Windows operating system and data on it. “WMI Providers” provide this information, when requested. For example, software or commands could find information about the state of BitLocker drive encryption, view entries from the event log, or request data from installed applications that include a WMI provider. Microsoft has a list of included WMI providers on its website.
This is a particularly useful feature for enterprises that centrally manage PCs, especially as information can be requested via scripts and shown in a standard way in administrative consoles. However, even on a home PC, some software you have installed may request information about the system through the WMI interface.
You can also use WMI yourself to find a variety of useful pieces of information that aren’t normally exposed in the Windows interface on your own PC. For example, we’ve covered the WMI Command line tool (WMIC) to get your PC’s serial numberfind your motherboard’s model number, or just to see the SMART health status of a hard drive.

Why Is It Using So Much CPU?

WMI Provider Host shouldn’t normally use much CPU, as it shouldn’t normally be doing anything. It may occasionally use some CPU when another piece of software or script on your PC asks for information via WMI, and that’s normal. High CPU usage is likely just a sign that another application is requesting data via WMI.
However, prolonged high CPU usage is a sign something is wrong. WMI Provider Host shouldn’t be using lots of CPU resources all the time.
Restarting the Windows Management Instrumentation service may help if it’s stuck in a bad state. You could also just restart your computer, but there’s a way to restart the service without restarting your computer. To do this, open your Start menu, type “Services.msc”, and press Enter to launch the Services tool.
Locate the “Windows Management Instrumentation service” in the list, right-click it, and select “Restart”.
If you see consistently high CPU usage, it’s likely that another process on your system is behaving badly. If a process is constantly requesting a large amount of information from WMI providers, this will cause the WMI Provider Host process to use a lot of CPU. That other process is the problem.
To identify which specific process is causing problems with WMI, use the Event Viewer. On Windows 10 or 8, you can right-click the Start button and select “Event Viewer” to open it. On Windows 7, open the Start menu, type “Eventvwr.msc”, and press Enter to launch it.
In the left pane of the Event Viewer window, navigate to Applications and Service Logs\Microsoft\Windows\WMI-Activity\Operational.
Scroll through the list and look for recent “Error” events. Click each event and look for the number to the right of “ClientProcessId” in the bottom pane. This tells you the ID number of the process that caused the WMI error.
There’s a good chance you’ll see several errors here. The errors may be caused by the same process ID number, or you may see multiple different process IDs causing errors. Click each error and see what the ClientProcessId is to find out.
You can now pin down a process that may be causing problems. First, open a Task Manager window by pressing Ctrl+Shift+Escape or by right-clicking the taskbar and selecting “Task Manager”.
Click over to the “Details” tab, click the “PID” column to sort running processes by process ID, and locate the process matching the ID number that appeared in the Event Viewer logs.
For example, here, we’ve seen that the “HPWMISVC.exe” process caused these errors on this particular computer.
If the process has since closed, you won’t see it in the list here. Also, when a program closes and reopens, it will have a different process ID number. That’s why you need to look for recent events, as the process ID number from older events in your Event Viewer won’t help you find anything.
With this information in hand, you now know the process that may be causing problems. You can search for its name on the web to find out the software it’s associated with. You can also just right-click the process in the  list and click “Open File Location” to open its location on your system, which may show you the larger software package the program is a part of. You may need to update this software if you use it, or uninstall it if you don’t.
 Can I Disable WMI Provider Host?
It is technically possible to disable the “Windows Management Instrumentation service” on your computer. However, this will break many different things on your PC. It’s an important part of the Windows operating system and should be left alone.
As the official description for this service says, “If this service is stopped, most Windows-based software will not function properly”. So don’t disable this service! If you have a problem with it, you need to identify the process on your computer that’s causing the WMI Provider Host to use so much CPU and update, remove, or disable that process instead.

No comments:

Post a Comment