|
Is this safe ?
Sat, 10 Jun 2006 20:17:41 +0100
uk.people.silversurfers
previous
Aries...
|
This popped up when I logged on this evening asking me to allow it access -
pmj...
|
What is the "this" that is doing the "Popping up"?
I mean is it some kind of 3rd Party Firewall or was the Message
from windoze itself? (or the windoze Firewall)?
|
pmj...
I said no but should I ?
pmj...
|
As a general rule, you should always say no to anything asking
for any kind of access to anything, unless & until you know what
it is & why it is asking for access.
You need more information to be able to decide if you do want
to Allow it access - as it stands, from what you have Posted,
you should just (continue to) Deny it, until you know more about
it & what it does.
|
WMI (wmiprvse.exe)
File Path : C:\WINDOWS\system32\wbem\wmiprvse.exe
pmj...
|
Well, given that FileName (& also the Path to where the File is),
you can easily look at the File Properties to find out what it is...
It's in the "wbem" Folder, which is the "Web Based Enterprise
Management" stuff.
It's "Description" in the File Properties is a bit basic... "WMI" -
that's "windoze Management Instrumentation"
If that isn't enough to Help you decide whether to allow it any
sort of Access, then just keep Denying it (or make a Rule to Deny it)
until you have looked up (on the micro$oft Site, or elsewhere on the
Web), to find out more about it.
You would still need to know *what* it is asking for Access *to* -
what Server? - Is it a remote Server, or something on your own
Network?)
You can find that out from the IP Address that it is trying to Access.
& also, you would need to know what Port it was trying to Access - the
Port Number will tell you what Service it is trying to Access & thus
also help you to decide whether you want to Allow it.
|
Process ID : 0xE18 (Heximal) 3608 (Decimal)
pmj...
|
The Process ID is only given so that you can Identify the Running
Process using something like Task Manager or Process Explorer,
so you can Terminate the running Process, if it turned out to be
malicious or causing probs.
The Process ID will change each time it's Run.
Have a look up on the M$KB (micro$oft Knowledge Base), if you
want to know more about WBEM (Web Based Enterprise Management)
& WMI (windoze Management Instrumentation)
Basically, you don't need to (& shouldn't) allow it *any* Access to
(or from) any *Remote* Server (that means anything on the Internet),
but it can't really do any harm Accessing (or being Accessed by)
anything on your own internal Network or LAN (Local Area Network)
Aries...
|
next time it pops up I will make more notes. I did do some research on it
via web-search but I still am not sure whether to allow it or not. It was
asking acess to my network from an unknown - to me - ip address.
pmj...
|
It was asking for Access *to* your Network???
On what Port?
Aries...
|
I think it was port 80:eek:
pmj...
|
Well ,that would seem to make sense?
Since the WMI (windoze Management Instrumentation) thingy is all
about WBEM (that's *Web* Based Enterprise Management), then it's
fairly likely to use Port 80 - which is the Port used for HTTP
(HyperText Transfer protocol), which is what's used for the Web.
But you really shouldn't have anything Running on your PC that
Accepts (or expects to, or is Set up to Accept) any *InComing*
Connections on Port 80.
Besides, your Firewall (eitehr a Software firewall on the PC, or the
one in the Router)should (as a matter of course) be Set to Block any
& all Unsolicited *In*Coming Connection Attempts.
|
|
& *from* what IP Address?
Aries...
|
I know I should have done but I will if it rears its head again.
|
It may be an unknown IP Address to you, but *all* IP Addresses are
allocated by the various bodies, such as...
ICANN, (Internet Corporation for Assigned Names & numbers)
RIPE (Reseaux IP Europeens)
ARIN (American Registry for Internet Numbers)
& you can thus do a WHOIS Lookup, to find out who the IP Address
is Allocated to.
I really can't think of any legitimate reason for any *Incoming*
Access *to* it (from anything on the Internet) to be needed.
Aries...
|
Well it has popped up again since I posted my question so it can't be a
necessary request but we will see. I'll post again with full details if
pmj...
|
I assume that's actually a Typo for "it *hasn't* popped up
again since..."?
Aries...
|
Oh sorry, yes, that should have been hasn't not has !
|
|
and probably when it happens again. Thanks
pmj...
|
OK, but in the meantime, can you answer the bit I asked about *what*
exactly it was that did the "popping up"?
Was it a Prompt from your (3rd Party) Firewall?
If so, what Firewall is it, that you are using?
Is it the Sygate Personal that I know you have said that you used?
Aries...
Or was it something from windoze?
If so, what?
With all these sort of "Prompts" & "Alerts", knowing *what* is
actually doing the asking is halfway to knowing how (& what)
Aries...
to Answer when you get a Prompt like that!
:-)
|
|
|
|
|
Bram...
|
Just searched the web for and found that loads of people are having problems with it.
Aries...
|
well I still don;t know whether to allow it or not. I said no this time
with no obvioius resulting problems.
Bram...
|
I don't know.
I'm waiting for a man who does.
;-)
Ali...
|
I wouldn't. Its legitimate use is in management information and control in
an Enterprise environment (ie remotely), so who is doing the management on
Val's computer - Kirk, Picard or Archer?
Also there's a virus with the same filename.
The question is why did it pop up now, and not before?
Aries...
|
it has popped up before but only recently and not this morning when I
logged on
|
|
|
|
http://www.neuber.com/taskmanager/process/wmiprvse.exe.html
|
|
|
