Permanently shutdown "wmiprvse.exe"

[TheHoFL]

Hello again!

I am trying to shutdown a process called "wmiprvse.exe". When i noticed it started i made a BAT to shutdown the process, but it start again after  a few seconds.

This is what i have.

Code: [Select]

taskkill /f /IM wmiprvse.exe /T
Any ideas?

[patio]

This is one of those services you DO NOT want to disable...

[TheHoFL]

This is something i would like to disable.

http://www.neuber.com/taskmanager/process/wmiprvse.exe.html

[BatchFileBasics]

interesting...
but maybe not shutdown completely.
just put it on startup

[patio]

Have it your way.
When certain Windows functions no longer work at least you'll know the cause...

[BatchFileBasics]

second thought:
run a scan with an antivus

avg free

Code: [Select]

http://free.avg.com/
run the scan for the "bad" wmipvse.exe

Code: [Select]

http://www.neuber.com/taskmanager/index.html

[BC_Programmer]

if your going by the comments on that page it might be useful to know that half of the people aren't referring to wmiprvse but rather to a trojan infected copy of it. (or simply a malware program of the same name)

[BatchFileBasics]

yea, thats why i posted the "second thought"
and to run the scan, etc

[TheHoFL]

Well, i am certain its not a virus. It is just something i would like to not have run. We are trying to limit are students as much as possible here.  They can be fairly malicious.

[BatchFileBasics]

well if you are not certain, i advise you to leave it alone

has there been any problems?

[BC_Programmer]

instead of killing the process, actually stop the services, in the services snap-in (services.msc)

there are three involving WMI. just take note that this will render some log-on scripts useless and also possibly introduce other issues with management of the PCs and network.

[DaveLembke]

Just a question here in response to the fact that this is to keep students at bay..... You can use Group Policy and Lower User Privileges to keep the system safe without butchering services. Is the service shutdown only being used because it is the easiest vs GP or Permission changes?

I also agree that it shouldnt be disabled unless absolutely has to be.

Does your computers and network have protection to avoid thumb drive hacksaw attacks or bootable CDs etc and other bootable media that can ignore any system configurations. Most students these days will likely used the Pen drive / thumb drive hacksaw to take unauthorized control of computers with heightened credentials and hacking tools to read unencrypted traffic etc or plant junk or flip registry keys giving themselves administrative access to the local system. If they have access to a USB Port and/or a CD or DVD Rom and the computer(s) are not supervised while they are at them attacks like this will happen.

I remember me and my friends upset that some school computers wouldnt play games and we modified them to allow for games to be played etc back in 1992 through bootable floppy disks to boot our flavor of DOS and do whatever we wanted. Setting the computers back was a quick CTRL + ALT + DELETE and reboot and no one knew any better of our activities. Kids will be creative and will find a way if given available access to ports and drives.

The best system I seen yet was at the last college I attended that had PXE Booting over the network and running a Terminal Session of operating system of choice XP or Vista at boot prompt. System state was all at the server side and the local computers were acting as dummy terminals with a simple batch and PXE Boot instruction.

This setup had nothing locally that was able to be hacked and towers were all under lock and key with long cables feeding out to the display, keyboard, and mouse. It was suggested that to save your work you e-mail it to yourself for use at home or save it in your personal folder that was server side. In addition to this setup each time you logged off and back on again it wa a fresh new desktop, nothing was saved. So even if sometime tried to install or get infected it was wiped clean on reboot or shutdown.

[TheHoFL]

Unfortunately we cannot disable the USB port and/or CD-ROMs. They need them for home work and school work. The IT department at our location was recently replaced so we are just getting familiar with how things were setup. They didn't document things very well. As for the group policy question. Due to only have 1 DC for a staff and a student network, we have not been given access to create or modify GPOs. Our home office location takes care of that.

[ALAN_BR]

Sorry, I may have been sleeping at the back of the class, but I fail to see the connection between limiting students and disabling wmipvse.exe.

Regards
Alan.

[DaveLembke]

For USB Ports I would suggest editing BIOS of systems with password protection and disable booting through USB, this way the USB will operate, but cant boot hacksaws etc.

Then to hide the CD Rom Boot set it to the lowest of the order of initialization at boot Hard Drive Before CD-Rom so that the Hard Drive Kicks in and it never gets to the CD-Drive as a boot device.

Just be sure to set the password to something not easy to figure out, but also not to lose it. Only way to get back in if you forget the BIOS password is to open the case and press a CMOS button to clear BIOS back to default. Students who are given access to these computers and if the computers are not supervised and cases available to be opened can also reset this button inside the case and get into the BIOS. Most students would not go this far as to opening the case. Some builds come with case locks to prevent intrusion to the inside of a computer requiring a key to unlock to be able to remove panels etc.

Good luck running the IT Department for your School