Registry leaks

Posted on 2016-08-12
Last Modified: 2016-08-16
After installing the latest round of Win updates (WIN7/64), I'm getting registry leaks. The same leak but different processes.

Here's the latest:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 1 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 760 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001

At every shutdown or restart, I get a message that Win Explorer has not closed. Then after startup, I get the 1530 single registry leak in my admin events,. The message is the same save the processes. Above is 760. Today with many restarts and a shutdown, I've gotten process 1920, 752, 748 AND Others.

I know these are warnings. I know in a general sense what's causing them - some process with winlogon.exe

I've had registry leaks before but they usually resolve themselves. Not this time. Seems like every time MS sends out its updates, something gets screwed up. I spend more time resolving those conflicts that I do working some days.

What's you best guess - and fix - on this one.
Thank you.
Question by:normanml
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 25

Expert Comment

ID: 41756477
You mean besides moving to Linux or Mac? ;)

I did find the following on Microsoft's own site about Windows "Exploder", aka Explorer:

This behavior occurs because Windows automatically closes any registry handle to a user profile that is left open by an application. Windows Vista does this when Windows Vista tries to close a user profile.
Note Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated.
(emphasis mine)
At the end it says it is "by design."

So it sounds like Windows Explorer is doing what it frequently does--exploding.  Since Windows sees a handle to the registry--probably registry file, but I'm not sure-- that isn't closed, it closes it and logs the warning.

I don't think I'd worry about the warning.  As to Explorer, I don't know how you can fix it.
LVL 25

Accepted Solution

SStory earned 500 total points
ID: 41756492
More info: On Microsoft's Technet I found this:


This event can be caused by apps that do not release their Registry keys before shutting down. This most often occurs when an app runs in the background and does not release its Registry keys when a user signs off, in which case Windows forces the Registry to unload. There is no impact to users, though in rare cases recent configuration changes in the app might not be saved.

No user action is required - this is an acceptable condition.

In Windows 8.1 we changed this to an Information message to help reduce confusion and alarm. This event was a Warning event in prior versions of Windows.
(emphasis mine)

So it appears to not be a big deal. I probably wouldn't worry about it.

Author Comment

ID: 41758194
Talked to a tech I use for serious problems - crashes etc - and he suggested the cause is likely a new shared external hard disk on my intranet. He said much of the code for sharing is kind of a work-around on the original Win7, rather than a rebuild of XP, which had a special utility for registry leaks problems. This was supposed "built into" Win 7, which many techs take to me cobbled on. Any way, I have tried everything save creating another profile. I use a one user admin setup and everything about it seemed fine. So since the computer seems to be running okay. I'll ignore it . . . until the Win decides to go kaflooey again.

Author Closing Comment

ID: 41758197

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question