Q&A Norton blocks wmiprvse access to Norton security. What is this process?

Discussion in 'Norton (Symantec)' started by Mehdi Mohammadi, Nov 9, 2017.

  1. Mehdi Mohammadi

    Mehdi Mohammadi Level 1

    Sep 14, 2017
    33
    55
    Network Administrator
    Iran
    Windows 10
    Norton
    Norton blocks wmiprvse access to Norton security. What is this process?
     
  2. In2an3_PpG

    In2an3_PpG Level 11

    Nov 15, 2016
    504
    8,335
    IT Jr. Network Admin
    United States
    Windows 10
    Default-Deny
    From Process Library. wmiprvse.exe - What is wmiprvse.exe?

    What is wmiprvse.exe doing on my computer?
    wmiprvse.exe process refers to a core Windows management technology known as Windows Management Instrumentation which allows users to be able to manage local and remote systems alike. Through WMI daily management tasks through programming or scripting languages can be undertaken. To mention a few, the list includes the ability to reboot a computer remotely or manually start a process on a remote system. Among the capabilities of WMI, one can include views, querying, eventing and remoting.

    Developers use the wmiprvse.exe file in order to develop applications used for monitoring purposes. These programs can notify users about important events related to network and file or application management right after each event occurs. With wmiprvse.exe, file managers in the enterprise environment are capable of configuring and searching for desktop system information or network and application information across the network.

    The wmiprvse.exe file is placed with other services in the shared service host. This started to be applied with the release of MS Windows XP. Providers are also loaded separately in the wmiprvse.exe file since it considers the wmiprvse.exe executable as a host process.


    wmiprvse.exe is a system process that is needed for your PC to work properly. It should not be removed. .
     
    mlnevese, XhenEd, bribon77 and 8 others like this.
  3. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    You need to provide more details if you wish to potentially get back a satisfactory and sufficient response from someone. We cannot fully understand the problem unless you elaborate. If no one can understand the scenario properly then no one can help you properly...

    Example.
    1. File path of the blocked process?
    2. Type of blocking (e.g. real-time, firewall, etc.)?
    3. Any details from Norton about why an object was blocked?
    4. VirusTotal report for the blocked file on disk?
    5. Install any new software or downloaded and ran anything new within the past few days?
    6. Results from 1-3 on-demand scans (e.g. HitmanPro, Emsisoft Emergency Kit, Malwarebytes Anti-Malware Free)?
    7. Notice any suspicious activity going on lately?

    @In2an3_PpG and the source he/she shared is correct though; wmiprvse.exe is used to handle Windows Management Instrumentation (WMI) tasks being performed by running programs. If I make an application which relies on WMI, wmiprvse.exe will be performing operations when my application requires to use WMI... Hopefully that makes sense.
     
    Mindware, bribon77, venustus and 6 others like this.
  4. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,179
    5,204
    IRAN
    Windows 10
    ESET
    I think its about self-protection:notworthy:maybe wmiprvse wants access to Norton services/processes?
     
  5. bjm_

    bjm_ Level 3

    May 17, 2015
    106
    180
    Zestafoni, Georgia
    Windows 10
    Microsoft
    The Unauthorized Access Blocked messages in your security history are logged by Norton Product Tamper Protection every time an executable file attempts to read/write/edit/delete a Norton file. Common Windows processes like svchost.exe, taskmgr.exe, dfrgntfs.exe, etc. as well as any executable from third-party software like CCleaner and Malwarebytes Anti-Malware will cause one of these Unauthorized Access Blocked messages to be logged if they touch a file from your Norton installation.
    Norton Product Tamper Protection prevents outside programs from making changes to the Norton product. Norton Product Tamper Protection protects your Norton product from an attack or modification by any virus or other unknown threat. Norton Product Tamper Protection view in the Security History window displays details about unauthorized attempts to modify Norton processes. Unauthorized access blocked (Access Process Data). NPTP events are not reports of malware.
    The most common NPTP log entries are legitimate Windows processes that Norton is preventing from accessing Norton files or processes. Norton is simply maintaining a secure isolation from other processes running on your system.
     
  6. In2an3_PpG

    In2an3_PpG Level 11

    Nov 15, 2016
    504
    8,335
    IT Jr. Network Admin
    United States
    Windows 10
    Default-Deny
    He. :)

    Just to clarify.
     
  7. venustus

    venustus Level 43
    Content Creator Trusted

    Dec 30, 2012
    3,226
    16,098
    Sydney
    Windows 10
    Kaspersky
    Indeed!
    You get the same alert when using Process Lasso with Norton.
    Norton doesn't like to be "tampered" with!!:ROFLMAO:
     
    browneylad, frogboy, bjm_ and 3 others like this.
  8. Slyguy

    Slyguy Level 22

    Jan 27, 2017
    1,105
    4,421
    Fortinet Engineer
    USA
    Other OS
    These are common with Norton. Norton is highly protective of it's own processes.. HIGHLY. Even when Windows processes want access for this or that reason.

    Norton is actually really good for most things but incredibly BAD for file-less malware. So bad, it scares me at times. Also I am not impressed with Norton's ability to clean up infections and find it routinely fails at properly doing that.

    Norton would be my choice AV if it wasn't a US-Based company and they encrypted their communications/update processes.
     
    Opcode and venustus like this.
  9. venustus

    venustus Level 43
    Content Creator Trusted

    Dec 30, 2012
    3,226
    16,098
    Sydney
    Windows 10
    Kaspersky
    They also have a bad habit of deleting files they think are unsafe without the ability to recover it!!(n)
     
    frogboy and Opcode like this.
  10. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    They should Quarantine until the user provides the green light for full removal. :) The reason the removed files cannot be recovered is because they will overwrite the file X amount of times before removing it so the data which was originally held within the file cannot be recovered!!
     
  11. venustus

    venustus Level 43
    Content Creator Trusted

    Dec 30, 2012
    3,226
    16,098
    Sydney
    Windows 10
    Kaspersky
    #11 venustus, Nov 9, 2017
    Last edited: Nov 9, 2017
    Indeed,it's a huge inconvenience when you try to run a program and find it has been borked by Norton's Sonar!!:rolleyes:
    Look at he number of fp alerts:
    [​IMG]
     
    frogboy and Opcode like this.
  12. Mehdi Mohammadi

    Mehdi Mohammadi Level 1

    Sep 14, 2017
    33
    55
    Network Administrator
    Iran
    Windows 10
    Norton
    Do you rely on these test?
     
    venustus likes this.
  13. Mehdi Mohammadi

    Mehdi Mohammadi Level 1

    Sep 14, 2017
    33
    55
    Network Administrator
    Iran
    Windows 10
    Norton
    I researched about this subject in internet. This process is normal. Norton is the best AV in the world. I like it.
     
  14. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    It doesn't matter if someone relies on the tests or not. The tests are based on facts... Norton flagged 274 clean files as malicious, compared to other vendors who flagged around 10 (some more, others less). Norton was still in the lead for false positive detection's by a long shot.

    The tests should all be taken with a grain of salt regardless who they are coming from, because vendors have good days and bad days. There is absolutely no doubt in my mind that Norton provide great, secure software to the community (both home and business customers). They do a great job, and their SONAR protection is outstanding. When it comes to firewall protection, they are absolutely superb.

    False positive detection's can be a huge pain, but it is not that big of a deal currently in my opinion - in fact it is nice to see them being over-protective, although 274 is a big more than I would have expected. I know that Norton performs really well and provide great work, and I also know that their employees are very skilled and talented. Anyone can see this just by checking their blog content, since it first started they had been posting interesting content with lots of detail. I trust them. No matter what happens in these tests, this opinion won't change because I know that the tests do not represent whether a product is "good" or "bad".
     
    browneylad, amir 957, frogboy and 3 others like this.
  15. venustus

    venustus Level 43
    Content Creator Trusted

    Dec 30, 2012
    3,226
    16,098
    Sydney
    Windows 10
    Kaspersky
    @Opcode answered the question:)
     
    frogboy likes this.
Loading...
Similar Threads Forum Date
Update Norton Family 4.5 for Android is now available! Norton (Symantec) Yesterday at 12:52 AM
Update Norton Core firmware version 223 and Mobile ver 1.27 are now available Norton (Symantec) Jan 11, 2018
Update Norton Mobile Security 4.0.0.4024 for Android Norton (Symantec) Dec 20, 2017