IntelMEProv WMI Warning


PzSniper

Member
Local time
12:33 PM
Posts
3
OS
Windows 11
Hi,



I'm running Windows 11 (OS Build 22000.348) and i've clean installed it from Windows 10 but i've started to receive this warning in event log



Log Name: Application Source: Microsoft-Windows-WMI Date: 30/11/2021 15:21:47 Event ID: 63 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: Pz-DESKTOP Description: A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Xml: http://schemas.microsoft.com/win/2004/08/events/event"> 63 2 3 0 0 0x8000000000000000 6456 Application Pz-DESKTOP http://manifests.microsoft.com/win/2006/windows/WMI"> IntelMEProv root\Intel_ME

My system specs
Core i9 9900k
Asus ROG Strix Z390-F Gaming updated to latest bios 2004
Intel Management Engine Interface 2120.100.0.1085(SW 2134.15.0.2422) For Windows 10/11 64-bit


Can you help me please?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i9 9900k
    Motherboard
    Asus ROG Strix Z390-F Gaming
    Memory
    32 GB DDR4
    Graphics Card(s)
    Asus Strix RTX 2070S
    Sound Card
    On board
    Monitor(s) Displays
    -
    Screen Resolution
    1080x1920

glasskuter

Well-known member
Power User
VIP
Local time
5:33 AM
Posts
1,591
Location
The Lone Star State of Texas
OS
Windows 11 Pro 21H2 22000.675
Look in the event. What is the SOURCE of the warning. The way I read Microsoft's gobbly gook about that warning is some program on your computer is trying to access the web using http rather than https. It could be checking for updates or something like that. One of you gurus verify if my understanding about this is valid.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 22000.675
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900
    Memory
    32 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    standard
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Antivirus
    Defender+MWB Premium

Zardoc

Well-known member
Member
VIP
Local time
6:33 AM
Posts
598
Location
In a van down by the river
OS
Windows 11 Enterprise
Event 63? don't sweat it. It's probably the MEI that added a software provider DAL, ICLS or Intel management WMI in Device manager which is probably new.

1638310499530.png

You can remove warning from journal:

This is a reg file that will keep warnings with this particular code from showing up.

Just save the file as a .REG and double click and it will activate.
To re enable warning, just change
"Enabled"=dword:00000000
to
"Enabled"=dword:00000001

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger\{1edeee53-0afe-4609-b846-d8c0b2075b1f}]
"Enabled"=dword:00000000
"EnableLevel"=dword:00000000
"Status"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger\{1edeee53-0afe-4609-b846-d8c0b2075b1f}\Filters]
"Enabled"=dword:00000000
"EventIdFilterIn"=dword:00000001
"EventIds"=hex:0b,00,16,00,e5,16,17,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{1edeee53-0afe-4609-b846-d8c0b2075b1f}]
"Enabled"=dword:00000000
"EnableLevel"=dword:00000000
"LoggerName"="EventLog-Application"
"MatchAnyKeyword"=hex(b):00,00,00,00,00,00,00,80
"MatchAllKeyword"=hex(b):00,00,00,00,00,00,00,00
"EnableProperty"=dword:00000001
"Status"=dword:00000000
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-11700 (16M Cache, up to 4.80 GHz)
    Motherboard
    ASUS ROG Strix Z590-A Gaming WiFi 6 Intel® Z590 LGA 1200
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Samsung 960 Pro M.2 512gb Nvme Pcie-Express 3.0
    Crucial MX500 1TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Fractal Design Define R5 ATX Mid Tower Window Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

iko22

Well-known member
Member
VIP
Local time
11:33 AM
Posts
557
Location
South West England
OS
Windows 10
Hi,



I'm running Windows 11 (OS Build 22000.348) and i've clean installed it from Windows 10 but i've started to receive this warning in event log



Log Name: Application Source: Microsoft-Windows-WMI Date: 30/11/2021 15:21:47 Event ID: 63 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: Pz-DESKTOP Description: A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Xml: http://schemas.microsoft.com/win/2004/08/events/event"> 63 2 3 0 0 0x8000000000000000 6456 Application Pz-DESKTOP http://manifests.microsoft.com/win/2006/windows/WMI"> IntelMEProv root\Intel_ME

My system specs
Core i9 9900k
Asus ROG Strix Z390-F Gaming updated to latest bios 2004
Intel Management Engine Interface 2120.100.0.1085(SW 2134.15.0.2422) For Windows 10/11 64-bit


Can you help me please?

I think the Log has issued a warming that is saying the user group "SYSTEM" is running/registered as high privilege/admin user rights in a LocalSystem Account . LocalSystem Account is not generally recognised as being high privilege. You can choose to ignore this warning or try and find the program that is registering as a WMI provider.
EDIT: I see, the provider in question is IntelMEProv. This is representing Intel Manageability Engine (IME) , which in turn is part of an Intel-based motherboard.
So, it looks like you got some software that is querying the IME with elevated privileges. Dunno if that helps you in any way.
 

My Computer

System One

  • OS
    Windows 10
    CPU
    TBA
    Motherboard
    TBA

Zardoc

Well-known member
Member
VIP
Local time
6:33 AM
Posts
598
Location
In a van down by the river
OS
Windows 11 Enterprise
I think that's what I mentioned above :rolleyes:
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-11700 (16M Cache, up to 4.80 GHz)
    Motherboard
    ASUS ROG Strix Z590-A Gaming WiFi 6 Intel® Z590 LGA 1200
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Samsung 960 Pro M.2 512gb Nvme Pcie-Express 3.0
    Crucial MX500 1TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Fractal Design Define R5 ATX Mid Tower Window Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

iko22

Well-known member
Member
VIP
Local time
11:33 AM
Posts
557
Location
South West England
OS
Windows 10
I think that's what I mentioned above :rolleyes:
Yes, sorry. It wasn't intended as a duplicate post - just hadn't noticed the detail in your screenshot! However, I wanted to draw attention to the fact that warning message might be some program causing the warning - that was the difference. (On hindsight I could have just mentioned that and cut out the duplication.)
Let's hope the O.P. can track the culprit program down.
 

My Computer

System One

  • OS
    Windows 10
    CPU
    TBA
    Motherboard
    TBA

Kol12

Active member
Member
VIP
Local time
10:33 PM
Posts
252
OS
Windows 11 - Release Preview channel
I'm getting the same Event 63 multiple times per day. It would be nice to understand exactly what this warning means...
 

My Computer

System One

  • OS
    Windows 11 - Release Preview channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kol's custom ROG Z590
    CPU
    Intel 10900K @ 5.1 Ghz
    Motherboard
    Asus ROG Maximus XIII Hero Z590
    Memory
    Corsair Dominator Platinum RGB 32GB (4x8) OC to 3866Mhz CL 16
    Graphics Card(s)
    Asus ROG Strix 3080 OC edition
    Sound Card
    SoundBlaster X-AE5
    Monitor(s) Displays
    Asus ROG PG349Q 34" 120hz Gysnc
    Screen Resolution
    3440x1440
    Hard Drives
    Samsung 980 Pro 500GB
    860 EVO's
    Adata SX2000 Pro 1TB
    External RAID enclosure - Seagate 3TB HDD's
    PSU
    Seasonic Prime Ultra 1300W Platinum
    Case
    Phanteks Eclipse P600S
    Cooling
    Custom water cooling. EK Velocity (CPU), EK Quantum Vector (GPU), EK Quantum D5 Pump, 360 + 280 mm rads, 3x120mm Corsair LL, 3x 140mm Corsair LL fans
    Keyboard
    Corsair K70 MK.2 SE
    Mouse
    Corsair Dark Core Pro Wireless
    Antivirus
    Windows Defender

iko22

Well-known member
Member
VIP
Local time
11:33 AM
Posts
557
Location
South West England
OS
Windows 10
I'm getting the same Event 63 multiple times per day. It would be nice to understand exactly what this warning means...
Like we were discussing - this warning may be caused by a piece of software running elevated privileges in a local system account.
You can try find out which software is causing the warning. The clue is that it polls the motherboard for information.
 

My Computer

System One

  • OS
    Windows 10
    CPU
    TBA
    Motherboard
    TBA

geneo

Well-known member
Power User
VIP
Local time
6:33 AM
Posts
1,129
OS
Windows 11 Pro x64
I get those too. It is the Intel Management Engine WMI Provider. I think you can safely ignore it. if it bugs you enough, uninstall it through the device manager - it is not a necessary software component.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900KF, 5.1 GHz delid
    Motherboard
    Asus Maximus Hero XII Wifi
    Memory
    64GB G.skill TridentZ RGB 3200CL14 B-die @ 3600 CL14
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB (OS+), Samsung 980 1TB (games), Raid 0: 1TB 850 EVO + 1TB 860 EVO. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, 2x Noctua NF-A14 Chromax case
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    238 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

Kol12

Active member
Member
VIP
Local time
10:33 PM
Posts
252
OS
Windows 11 - Release Preview channel
Like we were discussing - this warning may be caused by a piece of software running elevated privileges in a local system account.
You can try find out which software is causing the warning. The clue is that it polls the motherboard for information.
Where is the clue that it polls the motherboard?
 

My Computer

System One

  • OS
    Windows 11 - Release Preview channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kol's custom ROG Z590
    CPU
    Intel 10900K @ 5.1 Ghz
    Motherboard
    Asus ROG Maximus XIII Hero Z590
    Memory
    Corsair Dominator Platinum RGB 32GB (4x8) OC to 3866Mhz CL 16
    Graphics Card(s)
    Asus ROG Strix 3080 OC edition
    Sound Card
    SoundBlaster X-AE5
    Monitor(s) Displays
    Asus ROG PG349Q 34" 120hz Gysnc
    Screen Resolution
    3440x1440
    Hard Drives
    Samsung 980 Pro 500GB
    860 EVO's
    Adata SX2000 Pro 1TB
    External RAID enclosure - Seagate 3TB HDD's
    PSU
    Seasonic Prime Ultra 1300W Platinum
    Case
    Phanteks Eclipse P600S
    Cooling
    Custom water cooling. EK Velocity (CPU), EK Quantum Vector (GPU), EK Quantum D5 Pump, 360 + 280 mm rads, 3x120mm Corsair LL, 3x 140mm Corsair LL fans
    Keyboard
    Corsair K70 MK.2 SE
    Mouse
    Corsair Dark Core Pro Wireless
    Antivirus
    Windows Defender

iko22

Well-known member
Member
VIP
Local time
11:33 AM
Posts
557
Location
South West England
OS
Windows 10
Where is the clue that it polls the motherboard?
Here, extracted from the warning message: "A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace ..." . As @geneo states, it is probably the Intel Management Engine WMI Provider, as that program uses IntelMEProv .
 

My Computer

System One

  • OS
    Windows 10
    CPU
    TBA
    Motherboard
    TBA

geneo

Well-known member
Power User
VIP
Local time
6:33 AM
Posts
1,129
OS
Windows 11 Pro x64
Here, extracted from the warning message: "A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace ..." . As @geneo states, it is probably the Intel Management Engine WMI Provider, as that program uses IntelMEProv .
I didnt say probably. It definetly is. i tracked it down once when installing the management engine software.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900KF, 5.1 GHz delid
    Motherboard
    Asus Maximus Hero XII Wifi
    Memory
    64GB G.skill TridentZ RGB 3200CL14 B-die @ 3600 CL14
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB (OS+), Samsung 980 1TB (games), Raid 0: 1TB 850 EVO + 1TB 860 EVO. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, 2x Noctua NF-A14 Chromax case
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    238 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

Zardoc

Well-known member
Member
VIP
Local time
6:33 AM
Posts
598
Location
In a van down by the river
OS
Windows 11 Enterprise
I didnt say probably. It definetly is. i tracked it down once when installing the management engine software.
Ditto. 😉.
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-11700 (16M Cache, up to 4.80 GHz)
    Motherboard
    ASUS ROG Strix Z590-A Gaming WiFi 6 Intel® Z590 LGA 1200
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Samsung 960 Pro M.2 512gb Nvme Pcie-Express 3.0
    Crucial MX500 1TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Fractal Design Define R5 ATX Mid Tower Window Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

iko22

Well-known member
Member
VIP
Local time
11:33 AM
Posts
557
Location
South West England
OS
Windows 10
I didnt say probably. It definetly is. i tracked it down once when installing the management engine software.
Okee-doke :):
I saw IntelMEProv was a software class (see link in previous post), so maybe accessible from a SDK API somewhere? If that was so, it could be accessed from another s/w :unsure:. But who is going to write another program when Intel have already provided one? 99.9% chances are you and @Zardoc have found the correct program at fault here.
 

My Computer

System One

  • OS
    Windows 10
    CPU
    TBA
    Motherboard
    TBA

geneo

Well-known member
Power User
VIP
Local time
6:33 AM
Posts
1,129
OS
Windows 11 Pro x64
Okee-doke :):
I saw IntelMEProv was a software class (see link in previous post), so maybe accessible from a SDK API somewhere? If that was so, it could be accessed from another s/w :unsure:. But who is going to write another program when Intel have already provided one? 99.9% chances are you and @Zardoc have found the correct program at fault here.
Intel Management Engine (IME) is part of the Intel software/firmware that allows for remote IT provisioning and gathering information about the computer at a very low level (through the chipset firmware). I believe the WMI provider provides the ability to get information on the IME through Windows WMI API. That is all.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900KF, 5.1 GHz delid
    Motherboard
    Asus Maximus Hero XII Wifi
    Memory
    64GB G.skill TridentZ RGB 3200CL14 B-die @ 3600 CL14
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB (OS+), Samsung 980 1TB (games), Raid 0: 1TB 850 EVO + 1TB 860 EVO. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, 2x Noctua NF-A14 Chromax case
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    238 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

iko22

Well-known member
Member
VIP
Local time
11:33 AM
Posts
557
Location
South West England
OS
Windows 10
Intel Management Engine (IME) is part of the Intel software/firmware that allows for remote IT provisioning and gathering information about the computer at a very low level (through the chipset firmware). I believe the WMI provider provides the ability to get information on the IME through Windows WMI API. That is all.
Cool :cool: . I'm with you on that.

I did however have a rummage round, and I discovered that Intel does let the programmer access it's API via C++ and C# developments with their AMT SDK . Fat chance anyone has written such s/w.

Lets hope the O.P. comes back to clarify their situation.
 

My Computer

System One

  • OS
    Windows 10
    CPU
    TBA
    Motherboard
    TBA
Top Bottom