Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is there any way to tell who is accessing the registry?

26 Aug 2009   #11
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
Well, after deactivated both Windows Defender and AntiVir, I got only one yellow warnings instead of two.

Reactivated Only Windows Defender and immediately got back two yellow warnings.

Deactivated Windows Defender and reactivated AntiVir, I got only one yellow warnings.

My conclusion, nothing to do with AntiVir, but definitely Windows Defender is causing one of the yellow warnings Event ID 1530.
Well, like I suspected it does have something to do with a security app.

I asked to uninstall Antivir first, because we had to start somewhere.

And best practice is always one by one so you can keep track of what it was you did right.

I do want to ask you to uninstall Antivir anyway.

Disabling it doesn't stop the services it uses.

You can always reinstall it when it doesn't fix the problem.

So please indulge me and uninstall Antivir.

Lets see what happens.

greetz


My System SpecsSystem Spec
.
26 Aug 2009   #12
Antman

 

Quote   Quote: Originally Posted by squonksc View Post
Hi Antman

Sounds intriguing, can you direct me to an article about this issue?

Thanks.
I first noticed this about two years ago in an XP install. I do not have an article to reference. I do have two years experience of being aware of the Event Viewer entry and no other discernable affect.

I believe that the cryptic MS assessment is dead on.
My System SpecsSystem Spec
26 Aug 2009   #13
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by Antman View Post
I first noticed this about two years ago in an XP install. I do not have an article to reference. I do have two years experience of being aware of the Event Viewer entry and no other discernable affect.

I believe that the cryptic MS assessment is dead on.
Would disabling the audit for that particular process id, at least get rid of the yellow triangles? I suspect it would.

greetz
My System SpecsSystem Spec
.

26 Aug 2009   #14
ben07

Windows 7 Pro x64 RTM
 
 

Quote   Quote: Originally Posted by squonksc View Post
Well, like I suspected it does have something to do with a security app.
greetz


OK, will remove AntiVir completely, reboot, retest and will post back!
My System SpecsSystem Spec
26 Aug 2009   #15
ben07

Windows 7 Pro x64 RTM
 
 

Quote   Quote: Originally Posted by squonksc View Post
Would disabling the audit for that particular process id, at least get rid of the yellow triangles? I suspect it would.

greetz
How to disable the audit?
My System SpecsSystem Spec
26 Aug 2009   #16
ben07

Windows 7 Pro x64 RTM
 
 

Still got one yellow warning after completely removing AntiVir....it's very interesting to find out what is this:

"DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-783115880-3742272611-1246857717-1000:
Process 804 (\Device\HarddiskVolume7\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-783115880-3742272611-1246857717-1000", in particular the Process 804 (\Device\HarddiskVolume7


Google can't tell me much about Process 804 (\Device\HarddiskVolume7
My System SpecsSystem Spec
26 Aug 2009   #17
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
Still got one yellow warning after completely removing AntiVir....it's very interesting to find out what is this:

"DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-783115880-3742272611-1246857717-1000:
Process 804 (\Device\HarddiskVolume7\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-783115880-3742272611-1246857717-1000", in particular the Process 804 (\Device\HarddiskVolume7


Google can't tell me much about Process 804 (\Device\HarddiskVolume7
One yellow warning?

And defender is on or off?

Audit question was for Antman.

We'll discuss that later.
My System SpecsSystem Spec
26 Aug 2009   #18
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by ben07 View Post
Still got one yellow warning after completely removing AntiVir....it's very interesting to find out what is this:

"DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-783115880-3742272611-1246857717-1000:
Process 804 (\Device\HarddiskVolume7\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-783115880-3742272611-1246857717-1000", in particular the Process 804 (\Device\HarddiskVolume7


Google can't tell me much about Process 804 (\Device\HarddiskVolume7
If you go into task manager it tells you what the process ID is for each process so at that point in time you could have found out. You do need to go into view select columns and check PID
My System SpecsSystem Spec
26 Aug 2009   #19
SquonkSC

Win7 Build 7600 x86
 
 

Quote   Quote: Originally Posted by ben07 View Post
I think maybe this has something to do with my blocking all Outbound Connections/Traffics in Windows built in Firewall, as I only created rules to allow IE, FireFox, ThunderBird and Windows Updates to pass thru.
Ben, I just read this. I overlooked this post.

This could be the source of your problems.

You can't block all outbound.
svchost.exe has to be able to make connections.

svchost.exe is a container which contains multiple processes that connect to the internet. Like defender, your virus scanner and many more.

There is little use in blocking outbound anyway.

First disable your firewall just to test if that solves it.

If it does, set the firewall back to default.

Greetz
My System SpecsSystem Spec
26 Aug 2009   #20
Antman

 

Quote   Quote: Originally Posted by squonksc View Post
...Audit question was for Antman.

We'll discuss that later.
I was down at the playground with the neighborhood. The Antman is always in demand there.

I was doing a bit of research into this when I was called away. I am taking my time on the digging though, as I am convinced that this is simply an resolved condition inherent in multiple Windows OS'. As I noted earlier, I first encountered this a long time ago - and have no negative result from it's existence. My take is: the error code is not valid. Some error codes are returned because of where they fit, or don't fit, in the lookup - they are not always accurate.

Right now, I have a different error code. 18 month old naked baby running around on my $1800 carpets.
My System SpecsSystem Spec
Reply

 Is there any way to tell who is accessing the registry?




Thread Tools




Similar help and support threads
Thread Forum
.bat reg import gives error accessing the registry
Hello everyone, im new here! now, ive got a .reg file that id like to import automatically via .bat file to the registry. if i type the code myself in CMD it does work, but the same code via the .bat file refuses to add and get the error of: error accessing the registry im using the code :...
General Discussion
Error Accessing the Registry in regedit.
Running .reg file gives this error. In Regedit I also cannot create a new key (to add the contents of the .reg file manually.) I have Full Control in permissions for HKEY_USERS.
General Discussion
Registry problem after windows update and registry optimization tool
Hello sevenforum, I've already spend some time on this forum today but I can't find the solution to a particular registry problem I'm having. While windows was uploading some updates yesterday, I cleaned my registry using Iolo's system mechanic tool and that's where the problems started. (I...
Backup and Restore
BSOD On Startup / Accessing New HD / Accessing Internet
Hello all, I'm running on a relatively new install of Windows 7 64bit Ultimate. I recently (about 2-3 weeks ago) installed a new HD and decided to have a fresh start so everything was formatted followed by win 7 install. Everything has been running great up until mid day yesterday. Out of what...
BSOD Help and Support
Error accessing the registry
Hi all and merry hollidays. I got a problem you may be able to help me... Yesterday I did a fresh installation of my W7 professional. Before that I backup the things I know I need. One ot them was to backup a branch from the registry to keep some details for a program I have. Today I...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:29.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App