In many cases we have noticed issues with Wmiprvse.exe. the issue could be anything- from CPU spike to high memory consumption. The main problem in such cases is to find out the process that initiated the wmiprvse.exe, taking a dump of the concerned wmiprvse.exe process will also not help.
The best way to figure out this process is as under.
Go to Start -Run – Wbemtest
connect to root\cimv2 namespace and launch the following Query
select * from msft_providers where HostProcessIdentifier = PID
where PID is the process Id of the wmiprvse.exe.
Which field returned is the process id of the client making the original wmi query?
I didn’t understand your question. However, this query would simply return WMI provider name for that remote or local Wmiprvse.exe process.
Then how do you find the process which initiated the wmiprvse?
I once had a problem identifying this process… thanks for sharing.