Jump to content
Diane P.

"Registry Handle Leaks" with SAS

Recommended Posts

I have recently done a reinstall of Win7 64-bit. I have SAS Professional; Microsoft Security Essentials and Anti-Malware Bytes. I do not have much experience with MSE, but am pleased that it runs in the background the way it does and unobtrusively updates itself.

I guess there's always a kicker....in the Administrative section of Event Viewer, the following appears as an error:

2 user registry handles leaked from \Registry\User\S-1-5-21-2631726071-4098289893-2171743161-1000:

Process 1784 (\Device\HarddiskVolume2\Users\DMP\Documents\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-2631726071-4098289893-2171743161-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware

Process 1784 (\Device\HarddiskVolume2\Users\DMP\Documents\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-2631726071-4098289893-2171743161-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware\SABUpdate.

MSE gives me an error as well, telling me real-time protection has failed and the engine needs to be updated. The engine is updated. It does not appear that the MSE protection fails, but is protesting in some fashion. I have read some folks have issues and others don't with this combination of software. Just a bit distressed about all this because I spent hours getting this PC back up and running which its doing beautifully and fast, but for this.

I have changed the settings in MSE and excluded AntiMalwarebytes and SAS from being scanned on bootup. I have had Windows Explorer shutdown on me and then restart.

I am asking here because I have other PC's and a laptop in the house that run MSE and Anti-Malwarebytes and no SAS that don't have this issue.

Can anyone give me a hand with fixing? Thanks.

Diane

Share this post


Link to post
Share on other sites

I'm also getting similar messages in the Event Viewer regarding SAS.

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

2 user registry handles leaked from \Registry\User\S-1-5-21-4199048489-481262013-1700415438-1001:

Process 1352 (\Device\HarddiskVolume3\Andy\AntiSpyware\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-4199048489-481262013-1700415438-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware\SABUpdate

Process 1352 (\Device\HarddiskVolume3\Andy\AntiSpyware\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-4199048489-481262013-1700415438-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware\SABUpdate

I would have thought that SABUpdate related to SUPERAdBlocker but I haven't got this installed.

Running Windows 7 x64

Share this post


Link to post
Share on other sites

It appears that SAS's Core process is accessing a registry key that was created during install "\SUPERAntiSpyware.com\SUPERAntiSpyware\SABUpdate"

At this point, since no functionality has been lost/hindered, I wouldn't worry about it too much, those messages appear to be more informational than errors.

It is generally recommended, that you don't have more than one "real-time" scanner running at the same time, and I noticed in your post you have at least 2 that are always on (SAS Pro. and MSE).

Maybe this conflict is caused by conflicting scanner, although SAS seems to be very compatible software, you may want to experiment with removing or disabling some real-time scanners.

If you are still concerned, you might want to contact Support Staff so the development team can look into this issue.

Share this post


Link to post
Share on other sites

Check the time that these events occur. I think you will find that they occur during the time that the system is shutting down...either during a reboot or full shutdown. They will occur if a specific program has registry keys active during the shutdown process. They are harmless...assuming they are occurring during the shutdown process.

Where that "SABUpdate" registry entry is concerned, if you are comfortable using regedit, you can navigate to the stated keys and remove them. They appear to be associated with either the use of AdBlocker or an old installer of SAS. The updater for SAS is named SSUpdate.exe or SSupdate64.exe

Share this post


Link to post
Share on other sites

Thanks to you both for your replies.

I am going to let things alone. I do have both SAS & MSE running, but have excluded SAS executable from being scanned by MSE. This is a combo of security software I have not used before. I like the way both SAS and MSE work, so I will leave them alone for the moment. Both of the programs update themselves properly and scan properly. Thanks for the info on "SABUpdate".

The PC runs okay after clean install. I will check the error times for verif if they occur on bootup or shutdown. I have edited registry before but for now I am going to see how it goes.I got the Windows explorer shutdown/restart after poking around in event viewer. It hasn't happened again. I don't get any errors or error messages on bootup or shutdown and the machine is runing fast and efficiently. I will leave well-enough alone.

Thanks for your help.

Diane P.

Share this post


Link to post
Share on other sites

Check the time that these events occur. I think you will find that they occur during the time that the system is shutting down...either during a reboot or full shutdown. They will occur if a specific program has registry keys active during the shutdown process. They are harmless...assuming they are occurring during the shutdown process.

Where that "SABUpdate" registry entry is concerned, if you are comfortable using regedit, you can navigate to the stated keys and remove them. They appear to be associated with either the use of AdBlocker or an old installer of SAS. The updater for SAS is named SSUpdate.exe or SSupdate64.exe

Sound advice as always siliconman01 however it seems not so simple as that.

I ran regedit and found the keys and exported them before deleting.

Next rebooted the PC and ran regedit and did a search for the SABUpdate keys, non showed up. I then started SAS and ran regedit and did the same search. As you would expect no SABUpdate keys were found.I then ran Check for Updates in SAS and it reported non were available, not surprising as I'd previously updated the defs.

I then ran regedit again and the previously deleted keys had been recreated.

I can only conclude that the SABUpdate keys are indeed an integral part of the SAS update process.

Share this post


Link to post
Share on other sites

Sound advice as always siliconman01 however it seems not so simple as that.

I ran regedit and found the keys and exported them before deleting.

Next rebooted the PC and ran regedit and did a search for the SABUpdate keys, non showed up. I then started SAS and ran regedit and did the same search. As you would expect no SABUpdate keys were found.I then ran Check for Updates in SAS and it reported non were available, not surprising as I'd previously updated the defs.

I then ran regedit again and the previously deleted keys had been recreated.

I can only assume that the SABUpdate keys are indeed an integral part of the sAS update process.

I will forward the information to a developer to hear his thoughts :)

Share this post


Link to post
Share on other sites

I will forward the information to a developer to hear his thoughts :)

Thanks for the quick reply.

Share this post


Link to post
Share on other sites

Thanks for the quick reply.

I am following this thread with interest. The messages in SAS with regard to the "Registry handle leaks" number anywhere from 1-3. The warnings are all followed by "MSE real time protection as failed, but MSE doesn't seem to have been effected as I see no change in its status. The icon in the tray is always "green" and always indicates my PC is "protected". But, the error is always there after the messages about the "Registry handle leaks"

I don't think it's possible that the messages are associated with either the use of AdBlocker or an old installer of SAS for a couple of reasons. 1) I did not install AdBlocker; 2) I downloaded the newest version of SAS from the web after doing a clean install of Win7-64 bit. The PC was clean of any prior installs of SAS.

This morning when I booted up, I got no error messages on my screen or BSOD's or any other sort of errant behavior. The messages as indicated above were present in EV. I just want to make sure the security of my system is not compromised, so I will continue to follow this thread.

Diane

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...