Q&A Norton blocks wmiprvse access to Norton security. What is this process?

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
Nov 15, 2016
587
Operating System
Windows 10
Installed Antivirus
Default-Deny
#2
From Process Library. wmiprvse.exe - What is wmiprvse.exe?

What is wmiprvse.exe doing on my computer?
wmiprvse.exe process refers to a core Windows management technology known as Windows Management Instrumentation which allows users to be able to manage local and remote systems alike. Through WMI daily management tasks through programming or scripting languages can be undertaken. To mention a few, the list includes the ability to reboot a computer remotely or manually start a process on a remote system. Among the capabilities of WMI, one can include views, querying, eventing and remoting.

Developers use the wmiprvse.exe file in order to develop applications used for monitoring purposes. These programs can notify users about important events related to network and file or application management right after each event occurs. With wmiprvse.exe, file managers in the enterprise environment are capable of configuring and searching for desktop system information or network and application information across the network.

The wmiprvse.exe file is placed with other services in the shared service host. This started to be applied with the release of MS Windows XP. Providers are also loaded separately in the wmiprvse.exe file since it considers the wmiprvse.exe executable as a host process.


wmiprvse.exe is a system process that is needed for your PC to work properly. It should not be removed. .
 

Opcode

Level 26
Content Creator
Aug 17, 2017
1,551
Installed Antivirus
Qihoo 360
#3
You need to provide more details if you wish to potentially get back a satisfactory and sufficient response from someone. We cannot fully understand the problem unless you elaborate. If no one can understand the scenario properly then no one can help you properly...

Example.
1. File path of the blocked process?
2. Type of blocking (e.g. real-time, firewall, etc.)?
3. Any details from Norton about why an object was blocked?
4. VirusTotal report for the blocked file on disk?
5. Install any new software or downloaded and ran anything new within the past few days?
6. Results from 1-3 on-demand scans (e.g. HitmanPro, Emsisoft Emergency Kit, Malwarebytes Anti-Malware Free)?
7. Notice any suspicious activity going on lately?

@In2an3_PpG and the source he/she shared is correct though; wmiprvse.exe is used to handle Windows Management Instrumentation (WMI) tasks being performed by running programs. If I make an application which relies on WMI, wmiprvse.exe will be performing operations when my application requires to use WMI... Hopefully that makes sense.
 

bjm_

Level 3
May 17, 2015
120
Operating System
Windows 10
Installed Antivirus
Microsoft
#5
Norton blocks wmiprvse access to Norton security. What is this process?
The Unauthorized Access Blocked messages in your security history are logged by Norton Product Tamper Protection every time an executable file attempts to read/write/edit/delete a Norton file. Common Windows processes like svchost.exe, taskmgr.exe, dfrgntfs.exe, etc. as well as any executable from third-party software like CCleaner and Malwarebytes Anti-Malware will cause one of these Unauthorized Access Blocked messages to be logged if they touch a file from your Norton installation.
Norton Product Tamper Protection prevents outside programs from making changes to the Norton product. Norton Product Tamper Protection protects your Norton product from an attack or modification by any virus or other unknown threat. Norton Product Tamper Protection view in the Security History window displays details about unauthorized attempts to modify Norton processes. Unauthorized access blocked (Access Process Data). NPTP events are not reports of malware.
The most common NPTP log entries are legitimate Windows processes that Norton is preventing from accessing Norton files or processes. Norton is simply maintaining a secure isolation from other processes running on your system.
 

Slyguy

Level 29
Jan 27, 2017
1,820
Operating System
Other OS
#8
These are common with Norton. Norton is highly protective of it's own processes.. HIGHLY. Even when Windows processes want access for this or that reason.

Norton is actually really good for most things but incredibly BAD for file-less malware. So bad, it scares me at times. Also I am not impressed with Norton's ability to clean up infections and find it routinely fails at properly doing that.

Norton would be my choice AV if it wasn't a US-Based company and they encrypted their communications/update processes.
 

venustus

Level 43
Content Creator
Verified
Dec 30, 2012
3,226
Operating System
Windows 10
Installed Antivirus
Kaspersky
#9
These are common with Norton. Norton is highly protective of it's own processes.. HIGHLY. Even when Windows processes want access for this or that reason.

Norton is actually really good for most things but incredibly BAD for file-less malware. So bad, it scares me at times. Also I am not impressed with Norton's ability to clean up infections and find it routinely fails at properly doing that.

Norton would be my choice AV if it wasn't a US-Based company and they encrypted their communications/update processes.
They also have a bad habit of deleting files they think are unsafe without the ability to recover it!!(n)
 

Opcode

Level 26
Content Creator
Aug 17, 2017
1,551
Installed Antivirus
Qihoo 360
#10
They also have a bad habit of deleting files they think are unsafe without the ability to recover it!!(n)
They should Quarantine until the user provides the green light for full removal. :) The reason the removed files cannot be recovered is because they will overwrite the file X amount of times before removing it so the data which was originally held within the file cannot be recovered!!
 

venustus

Level 43
Content Creator
Verified
Dec 30, 2012
3,226
Operating System
Windows 10
Installed Antivirus
Kaspersky
#11
Indeed,it's a huge inconvenience when you try to run a program and find it has been borked by Norton's Sonar!!:rolleyes:
Look at he number of fp alerts:
 
Last edited:

Opcode

Level 26
Content Creator
Aug 17, 2017
1,551
Installed Antivirus
Qihoo 360
#14
Do you rely on these test?
It doesn't matter if someone relies on the tests or not. The tests are based on facts... Norton flagged 274 clean files as malicious, compared to other vendors who flagged around 10 (some more, others less). Norton was still in the lead for false positive detection's by a long shot.

The tests should all be taken with a grain of salt regardless who they are coming from, because vendors have good days and bad days. There is absolutely no doubt in my mind that Norton provide great, secure software to the community (both home and business customers). They do a great job, and their SONAR protection is outstanding. When it comes to firewall protection, they are absolutely superb.

False positive detection's can be a huge pain, but it is not that big of a deal currently in my opinion - in fact it is nice to see them being over-protective, although 274 is a big more than I would have expected. I know that Norton performs really well and provide great work, and I also know that their employees are very skilled and talented. Anyone can see this just by checking their blog content, since it first started they had been posting interesting content with lots of detail. I trust them. No matter what happens in these tests, this opinion won't change because I know that the tests do not represent whether a product is "good" or "bad".
 
Apr 16, 2014
21
#16
... I know that Norton performs really well and provide great work, and I also know that their employees are very skilled and talented. Anyone can see this just by checking their blog content, since it first started they had been posting interesting content with lots of detail. I trust them. No matter what happens in these tests, this opinion won't change because I know that the tests do not represent whether a product is "good" or "bad".
So why do you apparently use McAfee, according to your profile? Just wondering.
 
Likes: ItsReallyMe
Apr 16, 2014
21
#18
I don't actually use it.
sorry, I am not clear what you mean - you don't use McAfee or you don't use Norton? More simply, which AV do you use?

I am using Norton on a few PCs and used to use McAfee, but found Norton more effective and better interface. I am also using Comodo on one PC.

I am just interested to learn which AV you use, in the context of this problem with wmiprv.exe trying to access Norton files. I noticed many attempts by wmiprv.exe to access Norton, but don't recall seeing similar entries in Comodo or McAfee logs.

Thanks.
 

Opcode

Level 26
Content Creator
Aug 17, 2017
1,551
Installed Antivirus
Qihoo 360
#19
sorry, I am not clear what you mean - you don't use McAfee or you don't use Norton?
I don't use McAfee nor Norton, although I am a fan of Symantec for Norton... Their home end-user products as well as their end-point protection.

I am just interested to learn which AV you use, in the context of this problem with wmiprv.exe trying to access Norton files. I noticed many attempts by wmiprv.exe to access Norton, but don't recall seeing similar entries in Comodo or McAfee logs.
I don't use an AV and haven't for years.

Regarding the self-defence, Norton logs a lot more than usual as far as I am aware. COMODO and McAfee will not be as sensitive as Norton in regards to flagging attack attempts if I remember correctly, although wmiprv.exe isn't necessarily attacking Norton at all. If I remember correctly, Norton flags even if someone tries to access... Not necessarily an attack. Could be a background operation which for some reason happens to include Norton but unintentionally... Your best bet is speaking to Norton support about it and wait for a response from an official engineer for the product who will know a lot about how their self-defence implementation works from top-to-bottom.
 
Likes: upnorth