Security issue/ "Home invasion"?

J

JT

I just reloaded XP onto a freshly formatted drive. While
checking a few other things, I noticed a yellow triangle
in the Application Event Viewer (Sys Tools)

The message:
"A provider, HiPerfCooker_v1, has been registered in the
WMI namespace, Root\WMI, to use the LocalSystem account.
This account is privileged and the provider may cause a
security violation if it does not correctly impersonate
user requests."

I have a router with NAT, but I was just about to load
Sygate Firewall software on the machine.

OOps..nevermind..a Googie search turned up "Win 32
Provider" as a system class using HiPerfCooker_v1.
Jeez, some geek wanted a scary name I guess...
Buuut...why did it give me a sys warning? Go figrue...or
figure.
 
R

Roger Abell

You get an informational message whenever a WMI
provider gets registered. WMI runs with high privs.
A provider extends the core of WMI and runs with the
same privs. Is something is allowed to register that
should not be so allowed, then you end up with something
running as a core service that you really would not want.
Hence the message.

It is just too, too sad that the messages are opaque to
most of us, either carrying no meaning or raising alarm
and leading us on a goose chase to find out what the
provider is a part of.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HiPerfCooker_v1, ... WHAT is it? 2
What does this warning mean? 4
HiPerfCooker 2
HiPerfCooker 7
Event Viewer after SP3 5
HiPerfCooker_v1 & WMIProv 1
How can I block access to a suspected hack on my local system netw 2
EventID 63 4

Top