winmgmt.exe???

Discussion in 'Software' started by feberj, Jun 20, 2006.

  1. feberj

    feberj Private E-2

    My firewell is reporting that winmgmt.exe (windows management instumentation) is trying to be accessed by a remote computer. Anyone know if it is safe to allow this to go ahead, at the moment I’m blocking it simply because I’ve never come across this before. Done a virus scan and it comes up clean. My OP is Windows 2000 pro.
     
    feberj, Jun 20, 2006
    #1
  2. feberj

    feberj Private E-2

    Anyone?? Anyway as far as can figure out WMI is used mainly by system administrators in order to access info or change settings on a large network. Since I’m not part of any network I have decided to disable this process with no apparent adverse effects so far. Is it okay to stop this process, can it cause problems with the OS?
     
    feberj, Jun 20, 2006
    #2
  3. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    If their are no managment tools that you have installed that would use that service to log data ( performance counters ), then you should be fine but note if a program you have needs that service or a dependancy of that WMI service then they may fail to load or work, so you would have to enable the service again.

    But try out your common used apps and see if their running/usage is affected, if not they you should be fine.


    Just to check the location of the winmgmt.exe as it should being a legitimate Microsoft file be located in the C:\WINNT\system32\wbem\winmgmt.exe in W2k iirc


    Also do you also have the latest SP4 installed for your W2k?


    As this seems a non-malware question, I will move it to the Software forum where you will get more detailed advice from some w2k users I have no doubt of to clarify.
     
    Last edited: Jun 20, 2006
    DavidGP, Jun 20, 2006
    #3
  4. feberj

    feberj Private E-2

    Thanks for moving it, I wasn’t sure if I was in the right section. As far as common apps so far so good. Winmgmt.exe is in the right location and SP4 is already installed.

    I’m just scratching my head wondering how WMI can be accessed by another computer, wouldn’t you need administrator rights? Seems like this process is a potential security flaw, doesn’t seem like there’s a fix for at, not at the moment anyway, apart from disabling.
     
    feberj, Jun 20, 2006
    #4
  5. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    DavidGP, Jun 21, 2006
    #5
  6. feberj

    feberj Private E-2

    Thanks for the links. I checked the security properties of winmgmt and found that four users are listed as having access, is this unusual? The four are listed below.

    Administrators with full access permitted
    Power Users with only read & read/execute permitted
    SYSTEM with full access
    Users with only read & read/execute permitted
     
    feberj, Jun 21, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds