Guest ellas Posted January 8, 2003 Report Share Posted January 8, 2003 got a bit of a shock when I seen this message in xp's event viewer,A provider, HiPerfCooker_v1, has been registered in the WMI namespace to use the Local System Account. The provider may cause a security violation if it does not correctly impersonate user requests.thought I had a trojan and did a full a/v scan, back on the internet found it to be a harmless m/s message,anyone else had this. Link to comment Share on other sites More sharing options...
Guest ellas Posted January 8, 2003 Report Share Posted January 8, 2003 heres the answer for anyone interested,Unfortunately for the most part, Bill is right! :-)Specifically about the comment that these are just tryingto tell you that someone of significance is happening, andif you haven't installed new software, then you might wantto be concerned.A lot of this came from us trying to move more and morestuff out of privileged context on the system. We made abig push to move lots of WMI provider stuff out oflocalsystem into less privileged contexts. We did a lot ofreviews over core WMI providers that were left in thesystem that still needed to run in priviledged context.However, we started to throw these messages to alert thatthere were still providers running in privileged context.The message is not ideal, and is mostly due to the factthat on our system right now, there's no clean way todifferentiate between debugging or "don't worry about meunless you're having trouble" messages, and more importantmessages. More specifically, as a component developer,where do you throw these messages so there there when youneed them, but out of the way and not worrying people.Net-net: in this case below, don't worry about them. Inthe future the errors will continue to get better, andthis is just a transition. Sorry for the alarm. :-)cheers,-jasongJason GarmsSecurity Architecture TeamSecurity Business Unit Link to comment Share on other sites More sharing options...
Recommended Posts