2 Replies Latest reply on Nov 17, 2008 7:19 PM by cccc

    Windows cannot read registry, because is still busy by mcafee

      hi

      I have Mcafee VirusScan Eneterprise 8.5.0i installed on my Toshiba Satellite Pro U200 notebook with Vista Business.
      After restart I have in Event Log following messages:

      Log Name: Application
      Source: Microsoft-Windows-User Profiles Service
      Date: 17.11.2008 02:55:32
      Event ID: 1530
      Task Category: None
      Level: Warning
      Keywords: Classic
      User: SYSTEM
      Computer: toshiba
      Description:
      Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

      DETAIL -
      2 user registry handles leaked from \Registry\User\S-1-5-21-1603002041-606635170-4122510452-1000_Classes:
      Process 2644 (\Device\HarddiskVolume2\Program Files\McAfee\Common Framework\FrameworkService.exe) has opened key \REGISTRY\USER\S-1-5-21-1603002041-606635170-4122510452-1000_CLASSES
      Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1603002041-606635170-4122510452-1000_CLASSES

      Event Xml:
      <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
      <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
      <EventID Qualifiers="32768">1530</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2008-11-17T01:55:32.000Z" />
      <EventRecordID>10804</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>Application</Channel>
      <Computer>toshiba</Computer>
      <Security UserID="S-1-5-18" />
      </System>
      <EventData Name="EVENT_HIVE_LEAK">
      <Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-1603002041-606635170-4122510452-1000_Classes:
      Process 2644 (\Device\HarddiskVolume2\Program Files\McAfee\Common Framework\FrameworkService.exe) has opened key \REGISTRY\USER\S-1-5-21-1603002041-606635170-4122510452-1000_CLASSES
      Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1603002041-606635170-4122510452-1000_CLASSES
      </Data>
      </EventData>
      </Event>


      It seems McAfee is scanning the registry and at the same time windows cannot read or open it, because is still busy by mcafee.
      howto solve this problem ?