What is driverquery.exe?
driverquery.exe is a Windows system utility that enumerates installed device drivers and related metadata. It can output driver names, versions, provider, dates, and signing status, typically run from an elevated command prompt to produce a structured report.
driverquery.exe performs a live query of installed drivers and prints details such as name, version, provider, signing status, and date. It is a standard Windows utility used for audits, troubleshooting, and driver inventory in IT environments.
Quick Fact: driverquery.exe can filter output with options like /FO, /V, and /SI to tailor reports for admins.
Types of Output from Driver Query
- Driver Listing: Detailed list of installed drivers, with version and provider.
- Signed/Unsigned Status: Shows digital signature status for each driver.
- Vendor and Date: Includes vendor name and driver release date per entry.
- Output Formats: Supports formats like LIST or CSV via /FO option.
- System Inventory Reports: Used by IT to compile driver inventories for audits.
Is driverquery.exe Safe?
Yes, driverquery.exe is safe when it is the legitimate Windows binary located in the System32 folder.
Is driverquery.exe a Virus or Malware?
The real driverquery.exe is NOT a virus. Malware can masquerade with similar names, so verify the path and signature.
How to Tell if driverquery.exe is Legitimate or Malicious
- File Location: Must be in
C:\Windows\System32\driverquery.exe or C:\Windows\SysWOW64\driverquery.exe on 64-bit systems. Other locations are suspicious.
- Digital Signature: Right-click C:\Windows\System32\driverquery.exe -> Properties -> Digital Signatures. Should show a valid Microsoft signature.
- File Size and Version: Compare against known system file properties via Properties -> Details; mismatches can indicate tampering.
- Output Verification: Run the tool from a trusted location and verify that the displayed drivers match hardware and vendor records.
Red Flags: If driverquery.exe appears in non-system folders (like Temp or AppData), lacks a valid signature, or runs without being invoked by a legitimate admin task, scan with antivirus.
Why Is driverquery.exe Running on My PC?
driverquery.exe runs when an administrator or script queries driver information to generate audits, reports, or to verify driver inventories as part of troubleshooting or compliance tasks.
Reasons it's running:
- Active System Audit: IT or support tools run it to collect a current driver inventory for reports.
- Software Inventory: Software assets use it to record drivers for asset management catalogs.
- Post-Update Validation: Executed after driver or OS updates to confirm driver versions and signatures.
- Troubleshooting: Used to diagnose driver-related issues when devices malfunction.
- Automation and Scripting: Batch files or PowerShell scripts invoke it to generate automated reports.
Can I Disable or Remove driverquery.exe?
Yes, you can minimize its impact. It is a built-in Windows tool; you should not delete it. Restrict its use via policies or disable scheduled tasks/scripts that call it.
How to Stop driverquery.exe
- Close running tasks: If invoked in a command window, simply end the window when finished.
- Disable scheduled runs: In Task Scheduler, find tasks that call driverquery.exe and disable them.
- Run with limited scope: If you must run it, use limited output options to minimize process time (e.g., /FO LIST without verbose flags).
- Group policy restrictions: Implement policy to restrict script usage that calls system utilities like driverquery.
- Alternative tooling: Use built-in System Information tools for non-driver inventories if you require less detail.
How to Remove DriverQuery?
- ✔ DriverQuery is a built-in Windows tool and cannot be uninstalled as a separate package. You can disable usage via policies and remove any custom scripts that call it.
Common Problems: Driver Query Output and Performance
When using driverquery.exe, you may encounter issues related to output format, permissions, and integration with scripts.
Common Causes & Solutions
- No output or empty result: Run from an elevated Command Prompt and specify a format (/FO) that clearly emits data, e.g., driverquery.exe /FO LIST /V.
- Output file not created: Provide a full path for the output, e.g., driverquery.exe /FO LIST /V > C:\Reports\drivers.txt, and ensure the directory exists.
- Insufficient permissions: Run as Administrator or ensure the invoking user has read access to the System32 folder and the target output path.
- Incomplete data (missing fields): Use /V for verbose output and /SI to include signed drivers; verify with the provider and date fields.
- Non-system path found: If a third-party path contains a driverquery.exe, treat as suspicious; verify signature and location.
- High memory usage during long queries: Limit scope and duration; break reports into smaller batches, and run sequentially rather than in a loop.
Quick Fixes:
1. Run elevated CMD: right-click Start -> Command Prompt (Admin)
2. Generate a concise report: driverquery.exe /FO LIST
3. Output to file: driverquery.exe /FO LIST /V > C:\Temp\drivers.txt
4. Check for signed drivers: driverquery.exe /FO LIST /V /SI
5. Review results in a text editor or import to a spreadsheet
Frequently Asked Questions
What is driverquery.exe?
A built-in Windows utility that enumerates installed drivers, showing name, version, provider, and digital signature information.
Is driverquery.exe safe to run?
Yes, as long as it is located in C:\Windows\System32\driverquery.exe and signed by Microsoft.
How do I run driverquery.exe to generate a report?
Open an elevated Command Prompt and run: driverquery.exe /FO LIST /V > C:\Reports\drivers.txt
Can I disable driverquery.exe from running automatically?
Yes, disable any scheduled tasks or startup scripts that invoke it. It doesn’t run by itself unless triggered.
Why might driverquery.exe show missing or unsigned drivers?
Some drivers may be unsigned or third-party; look for /SI option to include signed drivers, and verify with vendor.
Where is driverquery.exe located?
Primarily in C:\Windows\System32\driverquery.exe; on 64-bit Windows you may also find C:\Windows\SysWOW64\driverquery.exe.