Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 1.93%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.11%
6.3.9600.16384 (winblue_rtm.130821-1623) 2.90%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.27%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.05%
6.2.9200.16384 (win8_rtm.120725-1247) 2.69%
6.2.9200.16384 (win8_rtm.120725-1247) 15.42%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.11%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.11%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.05%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.11%
6.1.7600.16385 (win7_rtm.090713-1255) 6.50%
6.1.7600.16385 (win7_rtm.090713-1255) 43.63%
6.1.7600.16385 (win7_rtm.090713-1255) 20.53%
6.1.7600.16385 (win7_rtm.090713-1255) 4.03%
6.1.7600.16385 (win7_rtm.090713-1255) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.21%
6.0.6001.18000 (longhorn_rtm.080118-1840) 0.91%
6.0.6001.18000 (longhorn_rtm.080118-1840) 0.11%
6.0.6000.16386 (vista_rtm.061101-2205) 0.21%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegCreateKeyExW, RegQueryInfoKeyW, RegDeleteValueW, RegOpenKeyExW, RegEnumKeyExW, RegCloseKey, RegSetValueExW, TraceMessage, DuplicateTokenEx, RegQueryValueExW, GetUserNameW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, SetServiceStatus, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, GetLengthSid, IsValidSid, CopySid, GetSidSubAuthority, InitializeSid, GetSidLengthRequired, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, MakeAbsoluteSD, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AddAce, InitializeAcl, GetAclInformation, IsValidSecurityDescriptor, RegEnumValueW, LookupAccountNameW, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, OpenSCManagerW, OpenServiceW, CloseServiceHandle, CreateServiceW, ControlService, DeleteService, InitiateShutdownW, RegGetValueW, RegUnLoadKeyW, RegLoadKeyW, CheckTokenMembership, SetSecurityInfo, LsaNtStatusToWinError, GetSecurityDescriptorLength, GetSecurityInfo, EventRegister, EventEnabled, EventUnregister, EventWrite, SetThreadToken, OpenThreadToken, StartTraceW, EnableTrace, ControlTraceW, LsaFreeMemory, GetWindowsAccountDomainSid, ConvertSidToStringSidW, AdjustTokenPrivileges, RevertToSelf, ConvertStringSecurityDescriptorToSecurityDescriptorW, ImpersonateLoggedOnUser, LsaClose, SetFileSecurityW, LogonUserExExW, LookupPrivilegeValueW, EqualSid, LsaOpenPolicy, LsaQueryInformationPolicy, OpenProcessToken, QueryServiceStatus, EnumDependentServicesW, TraceEvent, LogonUserW, SetNamedSecurityInfoW
bcrypt.dll
BCryptOpenAlgorithmProvider, BCryptHashData, BCryptFinishHash, BCryptCloseAlgorithmProvider, BCryptCreateHash, BCryptGetProperty, BCryptDestroyHash
clusapi.dll
GetNodeClusterState
kernel32.dll
CreateThread, GetTickCount, RemoveDirectoryW, HeapSetInformation, CreateWaitableTimerW, WaitForSingleObjectEx, GetCommandLineW, GetCurrentThreadId, CopyFileW, DeviceIoControl, GetFullPathNameW, GetDriveTypeW, GetSystemWindowsDirectoryW, lstrlenW, GetVolumePathNameW, FindVolumeClose, OutputDebugStringW, GlobalAlloc, GlobalLock, GlobalFree, GlobalUnlock, SetErrorMode, CancelIoEx, GetFileAttributesExW, QueryDosDeviceW, DeleteVolumeMountPointW, GetLogicalDrives, SetVolumeMountPointW, SetWaitableTimer, GetLocalTime, GetFileSize, GetLongPathNameW, SetFileValidData, SetFilePointerEx, SetEndOfFile, GetVolumeInformationW, CancelIo, GetOverlappedResult, GetCurrentThread, SleepEx, SetFilePointer, CompareStringOrdinal, CopyFileExW, LocalAlloc, SetLastError, FormatMessageW, GetSystemDirectoryW, GetTickCount64, ExpandEnvironmentStringsW, GetWindowsDirectoryW, GetSystemInfo, GetProductInfo, GetComputerNameExW, GetTempPathW, GetVersionExW, SetFileAttributesW, GetFileInformationByHandle, GetVolumeNameForVolumeMountPointW, FindNextFileW, SetFileInformationByHandle, GetFileInformationByHandleEx, CreateDirectoryW, FindFirstFileW, GetVolumePathNamesForVolumeNameW, GetDiskFreeSpaceExW, GetFileAttributesW, OutputDebugStringA, GetCurrentProcessId, QueryPerformanceCounter, GetModuleHandleA, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, FindNextVolumeW, FindFirstVolumeW, GetTimeZoneInformation, SetThreadExecutionState, FileTimeToLocalFileTime, Sleep, SetVolumeLabelW, FileTimeToSystemTime, CompareFileTime, FindClose, MoveFileW, ReadFile, MoveFileExW, FlushFileBuffers, WriteFile, DeleteFileW, GetSystemTimeAsFileTime, SystemTimeToFileTime, GetSystemTime, LocalFree, GetFileSizeEx, CreateFileW, ResetEvent, WaitForSingleObject, SetEvent, CloseHandle, CreateEventW, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, lstrcmpiW, EnterCriticalSection, GetProcAddress, GetLastError, RaiseException, MultiByteToWideChar, GetModuleFileNameW, LeaveCriticalSection, SizeofResource, InitializeCriticalSection, GetModuleHandleW, InterlockedDecrement, InterlockedIncrement, LoadLibraryExW, LoadResource, FreeLibrary, FindResourceExW, TlsGetValue, HeapDestroy, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, GetEnvironmentVariableW, InterlockedExchange, CreateSymbolicLinkW, CompareStringW, FindResourceW, LoadLibraryW, GetVersionExA
msvcrt.dll
DllMain
netapi32.dll
NetShareAdd, NetApiBufferFree, NetShareDel, NetShareGetInfo
ntdll.dll
ZwDeviceIoControlFile, ZwResetEvent, ZwQueryInformationFile, RtlStringFromGUID, RtlFreeUnicodeString, RtlGUIDFromString, NtQuerySystemInformation, ZwAllocateUuids, NtOpenKey, NtDeviceIoControlFile, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, NtWaitForSingleObject, NtClose, NtCreateEvent, NtQueryValueKey, NtSetValueKey, NtOpenFile, NtResetEvent, NtCreateKey, NtSetSecurityObject, NtDeleteKey, NtQueryInformationFile, NtQueryKey, NtQueryVolumeInformationFile, NtSetInformationKey, RtlSetAllBits, RtlSetBits, RtlInitializeBitMap, RtlSetBit, RtlNumberOfSetBits, RtlAreBitsSet, RtlClearAllBits, EtwTraceMessage, RtlNumberOfClearBits, RtlCompareMemory, RtlFindNextForwardRunClear, RtlClearBits, RtlAreBitsClear, NtCreateFile, RtlDosPathNameToNtPathName_U, WinSqmAddToStreamEx, RtlCreateSystemVolumeInformationFolder, RtlGetSetBootStatusData, RtlUnlockBootStatusData, ZwDeleteFile, ZwQueryVolumeInformationFile, ZwWaitForSingleObject, ZwOpenSymbolicLinkObject, LdrGetDllHandle, LdrGetProcedureAddress, RtlGetVersion, RtlInitAnsiString, ZwQuerySymbolicLinkObject, ZwCreateEvent, RtlSetOwnerSecurityDescriptor, ZwOpenKey, RtlCreateSecurityDescriptor, RtlLengthSid, ZwEnumerateKey, ZwDeleteKey, RtlAllocateAndInitializeSid, ZwLoadKey, RtlAddAccessAllowedAceEx, ZwSetSecurityObject, RtlLengthSecurityDescriptor, ZwQueryValueKey, ZwCreateFile, ZwOpenProcessTokenEx, ZwSaveKey, ZwAdjustPrivilegesToken, ZwSetValueKey, ZwDeleteValueKey, RtlSetDaclSecurityDescriptor, RtlFreeSid, ZwQueryAttributesFile, RtlCreateAcl, ZwOpenThreadTokenEx, ZwCreateKey, ZwUnloadKey, RtlInitUnicodeString, WinSqmAddToStream, RtlNtStatusToDosError, RtlGetLastNtStatus, RtlFreeHeap, ZwClose, ZwQuerySystemInformation, ZwOpenFile, RtlAllocateHeap, ZwQueryKey, NtDeleteFile, NtAllocateUuids, NtSaveKey, NtDeleteValueKey, NtOpenThreadToken, NtOpenProcessToken, NtAdjustPrivilegesToken, NtLoadKey, NtUnloadKey, NtQueryAttributesFile, NtEnumerateKey
ole32.dll
CoRegisterClassObject, CoRevokeClassObject, CoCreateGuid, CLSIDFromString, CreateStreamOnHGlobal, CoTaskMemRealloc, CoTaskMemFree, CoTaskMemAlloc, StringFromGUID2, CoCreateInstance, CoInitializeEx, CoUninitialize, CoInitializeSecurity, CoSuspendClassObjects, CoResumeClassObjects, CreateClassMoniker, CoDisconnectObject, GetRunningObjectTable, CoImpersonateClient, CoRevertToSelf
rpcrt4.dll
UuidToStringW, UuidCreate, UuidFromStringW, RpcStringFreeW
setupapi.dll
SetupDiGetDeviceRegistryPropertyW, SetupDiDestroyDeviceInfoList, SetupGetInfDriverStoreLocationW, SetupDiGetClassDevsW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, SetupEnumPublishedInfW
spp.dll
SppFreeBadWritersArray
user32.dll
CharUpperW, MessageBoxW, UnregisterClassA, CharUpperBuffW, CharNextW, LoadStringW, PostThreadMessageW, GetMessageW, TranslateMessage, DispatchMessageW
virtdisk.dll
CreateVirtualDisk, GetVirtualDiskOperationProgress, GetStorageDependencyInformation, AttachVirtualDisk, OpenVirtualDisk, GetVirtualDiskPhysicalPath, SetVirtualDiskInformation, CompactVirtualDisk, DetachVirtualDisk, GetVirtualDiskInformation
vssapi.dll
VssFreeSnapshotPropertiesInternal, CreateVssBackupComponentsInternal, CreateVssExamineWriterMetadataInternal
wer.dll
WerReportSetParameter, WerReportSubmit, WerReportCreate, WerReportAddFile, WerReportCloseHandle
xmllite.dll
CreateXmlReaderInputWithEncodingName, CreateXmlReader

wbengine.exe

Microsoft Block Level Backup Engine Service EXE by Microsoft

Remove wbengine.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   e7da95e73f04ef2d7155171c50c7ea74
SHA1:   d4aaeb5f1ce10118ec84939ad8018693df114571
SHA256:   ef221e6d63dc5319fc8a2fefabd912d300b2c98d3c899a6c33e4ec658c3b5c9b
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wbengine.exe?

Block Level Backup Engine Service allows for a Complete PC backup at the block level of the Hard Drive, versus file by file. This means you get an image of the hard drive. This service backs up your PC at the block level and not file by file. This essentially means creating an image of the drive. This service is part of Vista's drive backup capability.

Overview

wbengine.exe runs as a service under the name Servicio del módulo de copia de seguridad a nivel de bloque (wbengine) within the local user context. This version is designed to run on Windows 7.

DetailsDetails

File name:wbengine.exe
Publisher:Microsoft Corporation
Product name:Microsoft® Block Level Backup Engine Service EXE
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\wbengine.exe
Original name:wbengine.exe.mui
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:1.15 MB (1,204,224 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:6.665709
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'wbengine' (Servicio del módulo de copia de seguridad a nivel de bloque)
  • 'wbengine'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 33.00%
Windows 8.1 18.50%
Windows 7 Ultimate 14.00%
Windows 8.1 Pro 8.00%
Windows 7 Professional 6.00%
Windows 8 4.00%
Windows 8.1 Single Language 3.50%
Windows 8.1 Pro with Media Center 3.00%
Windows 8 Pro 3.00%
Windows 8 Single Language 2.50%
Windows 7 Home Basic 1.50%
Windows 8 Enterprise N 1.00%
Windows 8.1 N 0.50%
Windows Seven Black Edition 0.50%
Windows 8.1 Enterprise Evaluation 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 46.73% of Microsoft® Block Level Backup Engine Service EXE.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 19.53%
Hewlett-Packard 17.97%
ASUS 17.97%
Acer 12.50%
Toshiba 10.16%
Lenovo 9.38%
Sony 4.69%
Intel 2.34%
GIGABYTE 1.95%
Samsung 1.56%
Alienware 1.17%
Medion 0.78%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE