What is Wdfmgr.exe

Windows User Mode Driver Framework - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Wdfmgr.exe with description Windows User Mode Driver Framework is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is wdfmgr.exe?
Wdfmgr.exe is the Windows User Mode Driver Framework service. This service is installed with Windows Media Player 10 and above and allows synchronization of media content with hardware players.

This is a nonessential process and can safely be terminated. Note that by terminating it, you may be unable to synchronize your media devices with Windows Media Player until the next reboot. By disabling the service, you may be unable to do so until the service is reenabled.

Dangers of wdfmgr
As this is a legitimate process that runs on any system with Windows Media Player 10 or later installed, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as wdfmgr.exe:
  • W32.Agobot.TB (%SystemRoot%)
    • Agobot is a backdoor Trojan that gives an attacker control over infected systems.
  • W32.Tilebot.KG (%SystemRoot%)
    • This is a backdoor Trojan that can spread over a network and through MSN Messenger. This Trojan also creates the file %SystemRoot%\Z058_jpg.zip.
  • W32.Sdbot.ZN (%SystemRoot%\wdfmrg.exe)
    • This is a worm and IRC backdoor Trojan that spreads through network shares.
  • Troj/DwnLdr-FVL (%SystemRoot%\System32\wdfmgr32.exe)
  • Troj/Pindow-A (%SystemRoot%\System32\wdfmgr32.exe)
There is typically only one instance of this process running at a given time. The presence of multiple instances may be an indicator of a malware infection.

Common problems
  • This process is always running
    • This is a known issue with Windows Media Player 10. To resolve this, go to Start -> Run -> services.msc. Change Windows User Mode Driver Framework to Manual.
  • This process uses 100% CPU time
    • There are many possible causes for this issue. Try disabling the Windows User Mode Driver Framework service. If this does not resolve the issue, then your system is infected with a virus or spyware.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
005 Current user startup startmenu
010 Installed services
065 Image File Execution Options (debugger)
166 HKCU Policies\Explorer\Run

Digital signatures found for this file

18 Microsoft Windows Component Publisher - Microsoft Timestamping Service
11 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
10 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer

MD5 security rating in our database

106 files (Not yet rated and not signed)
1 files (Not yet rated and digitally signed)
2 files (Safe and not signed)
45 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to wdfmgr.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of wdfmgr.exe: by 154 files and users.

Application errors

Fix wdfmgr.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.

Please add your comments if you have more information about this file or if you know how to solve wdfmgr.exe application errors.

File safety :

File security rating :

Are you human? How much is 14+28:

Like this page?

Please support this free service by giving us a Google+1

Browse files by letter


More system processes

wdfmgr32.exe wdfmgrs.exe wdfrgcmd.exe
wdfsctl.exe wdfsd.sys wdfsvc.exe
wdfusbbus.sys wdfusbdiag.sys wdfusbmodem.sys
wdfwhid.sys wdgfqzsb.dll wdgjzs.exe

Lansweeper computer inventory From the creator of Runscanner:

is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.