I was thinking what´s happens if exclude whole ntuser.dat file...
Probably, not much. ntuser.dat is a file, which if excluded, would not be scanned 'as a binary file.' A binary file scan has nothing to do with the 'registry' and I am not sure whether this file can be scanned at all, given it is locked by the kernel (for each logged in user). Further, I would not find much value in a binary scan of a database file (user registry hive). It is the interpretation of the data and the use of the data that has impact on the system (such as startup entries). Simply excluding a binary scan of ntuser.dat would have little impact.
And what about the rest of the registry?
Thanks, Ron Metzger
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Yes, yes, I know that ! in fact my first answer was that is not possible to exclude registry keys , but I think to help if customer has very heavy footprint when registry is read, so what about exclude \System32\Config where the registry data files live?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.