[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Registry leaks

Posted on 2016-08-12
Medium Priority
Last Modified: 2016-08-16
After installing the latest round of Win updates (WIN7/64), I'm getting registry leaks. The same leak but different processes.

Here's the latest:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 1 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 760 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001

At every shutdown or restart, I get a message that Win Explorer has not closed. Then after startup, I get the 1530 single registry leak in my admin events,. The message is the same save the processes. Above is 760. Today with many restarts and a shutdown, I've gotten process 1920, 752, 748 AND Others.

I know these are warnings. I know in a general sense what's causing them - some process with winlogon.exe

I've had registry leaks before but they usually resolve themselves. Not this time. Seems like every time MS sends out its updates, something gets screwed up. I spend more time resolving those conflicts that I do working some days.

What's you best guess - and fix - on this one.
Thank you.
Question by:normanml
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 25

Expert Comment

ID: 41756477
You mean besides moving to Linux or Mac? ;)

I did find the following on Microsoft's own site about Windows "Exploder", aka Explorer:

This behavior occurs because Windows automatically closes any registry handle to a user profile that is left open by an application. Windows Vista does this when Windows Vista tries to close a user profile.
Note Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated.
(emphasis mine)
At the end it says it is "by design."

So it sounds like Windows Explorer is doing what it frequently does--exploding.  Since Windows sees a handle to the registry--probably registry file, but I'm not sure-- that isn't closed, it closes it and logs the warning.

I don't think I'd worry about the warning.  As to Explorer, I don't know how you can fix it.
LVL 25

Accepted Solution

SStory earned 2000 total points
ID: 41756492
More info: On Microsoft's Technet I found this:


This event can be caused by apps that do not release their Registry keys before shutting down. This most often occurs when an app runs in the background and does not release its Registry keys when a user signs off, in which case Windows forces the Registry to unload. There is no impact to users, though in rare cases recent configuration changes in the app might not be saved.

No user action is required - this is an acceptable condition.

In Windows 8.1 we changed this to an Information message to help reduce confusion and alarm. This event was a Warning event in prior versions of Windows.
(emphasis mine)

So it appears to not be a big deal. I probably wouldn't worry about it.

Author Comment

ID: 41758194
Talked to a tech I use for serious problems - crashes etc - and he suggested the cause is likely a new shared external hard disk on my intranet. He said much of the code for sharing is kind of a work-around on the original Win7, rather than a rebuild of XP, which had a special utility for registry leaks problems. This was supposed "built into" Win 7, which many techs take to me cobbled on. Any way, I have tried everything save creating another profile. I use a one user admin setup and everything about it seemed fine. So since the computer seems to be running okay. I'll ignore it . . . until the Win decides to go kaflooey again.

Author Closing Comment

ID: 41758197

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question