Registry leaks

Posted on 2016-08-12
Medium Priority
Last Modified: 2016-08-16
After installing the latest round of Win updates (WIN7/64), I'm getting registry leaks. The same leak but different processes.

Here's the latest:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 1 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 760 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001

At every shutdown or restart, I get a message that Win Explorer has not closed. Then after startup, I get the 1530 single registry leak in my admin events,. The message is the same save the processes. Above is 760. Today with many restarts and a shutdown, I've gotten process 1920, 752, 748 AND Others.

I know these are warnings. I know in a general sense what's causing them - some process with winlogon.exe

I've had registry leaks before but they usually resolve themselves. Not this time. Seems like every time MS sends out its updates, something gets screwed up. I spend more time resolving those conflicts that I do working some days.

What's you best guess - and fix - on this one.
Thank you.
Question by:normanml
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 25

Expert Comment

ID: 41756477
You mean besides moving to Linux or Mac? ;)

I did find the following on Microsoft's own site about Windows "Exploder", aka Explorer:

This behavior occurs because Windows automatically closes any registry handle to a user profile that is left open by an application. Windows Vista does this when Windows Vista tries to close a user profile.
Note Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated.
(emphasis mine)
At the end it says it is "by design."

So it sounds like Windows Explorer is doing what it frequently does--exploding.  Since Windows sees a handle to the registry--probably registry file, but I'm not sure-- that isn't closed, it closes it and logs the warning.

I don't think I'd worry about the warning.  As to Explorer, I don't know how you can fix it.
LVL 25

Accepted Solution

SStory earned 2000 total points
ID: 41756492
More info: On Microsoft's Technet I found this:


This event can be caused by apps that do not release their Registry keys before shutting down. This most often occurs when an app runs in the background and does not release its Registry keys when a user signs off, in which case Windows forces the Registry to unload. There is no impact to users, though in rare cases recent configuration changes in the app might not be saved.

No user action is required - this is an acceptable condition.

In Windows 8.1 we changed this to an Information message to help reduce confusion and alarm. This event was a Warning event in prior versions of Windows.
(emphasis mine)

So it appears to not be a big deal. I probably wouldn't worry about it.

Author Comment

ID: 41758194
Talked to a tech I use for serious problems - crashes etc - and he suggested the cause is likely a new shared external hard disk on my intranet. He said much of the code for sharing is kind of a work-around on the original Win7, rather than a rebuild of XP, which had a special utility for registry leaks problems. This was supposed "built into" Win 7, which many techs take to me cobbled on. Any way, I have tried everything save creating another profile. I use a one user admin setup and everything about it seemed fine. So since the computer seems to be running okay. I'll ignore it . . . until the Win decides to go kaflooey again.

Author Closing Comment

ID: 41758197

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question