JeremyNicoll

> It would be based on user feedback. Ok, so in fact, you wouldn't /know/, you'd be guessing. Thanks for the info, and about Fiddler.

If you'd done the restart, and hadn't asked the restarted system to shut down, then a pre-shutdown failure (for the new version) makes no sense. I'm not saying the new EAM versions's desktop may not have had a problem, but I can't see how that would have anything to do with a failure to shut down the old version. Some of these restarts (around Windows Updates) are presumably of the whole system (ie a reboot) so every service will have had to shutdown. Others may have been just a2service.exe (if EAM was doing a restart). In your situation I'd note down the timestamps of all the Event Log records that seem relevant (and there will be some that record the whole system shuting down and restarting as well), as well as any that are EAM-specific. You need to be sure what service(s) had shutdown errors.

@slopesif you're saying the error occurred shutting down the older version of EAM before the update took effect, that's not a surprise... If the same thing happens with the newer version that WILL be a surprise.

I also can't download fixlst.txt from that URL... (I do realise that it's not for me, but just wished to see if it was available to me.)

> or could it be an underlying problem? Probably not. Windows sends a message to every running service telling it that a shutdown's about to happen, so those services can tidy things up and stop in a controlled fashion. If the Eventlog is recording that specific services know they received that message, but were unable to stop, then it's hard to see that as a system-wide issue. If it were a system-wide one, you'd be seeing these messages from every service. It's clear that the messages ARE getting to the services, too. More likely, WU has broken itself.

@GT500 Can you address the point I raised in post 2 of this thread?

You said that trying C:\>PowerShell.exe -Command Start-Process -FilePath 'C:\Windows\System32\cmd.exe' -ArgumentList "/K","E:\TheCommandToBeRunAsAdmin.cmd" -Verb RunAs was not successful. What /did/ happen? Can you confirm that you cut & pasted my command into your command window then (if needed) edited the file paths - that's to say the quotes were exactly as I typed them? And that you/ did/ use a command window, not a registry entry? What did it say in the ordinary command window where you entered that command, when you ran it? Did a second command window get opened? If so what was in it?

You say "the" exclusion, but your screenshot shows you added it to the first of EAM's exclusions lists - which is for scanning & file-guard issues - ie where the contents of the file may be a problem. But if EAM is having a problem because of what the program in the file does, it should probably be in the second (monitoring) exclusions list. Or both.

For a dump actually to be taken, Windows needs to be suitably configured at Control Panel - System - Advanced - Startup & Recovery - System failure and you also need your page file to be big enough (because the dump gets placed in the page file at BSoD time, then on your next reboot it is moved to a normal file). You might want to read through https://support.emsisoft.com/topic/29533-a2serviceexe-application-error/ where some of the issues with such dumps are aired.

Link works for me - but like Stapp I'm in the UK so maybe (depending on where you are) we get it from a different server.

@Fesooff on Saturday you said: "I made also a try with making a registry command with exactly the above powershell command" but the screenshot (of the brief flash of the command window) that you included shows an attempt to run the SysInternals psexec command... which isn't what the Powershell command tries to do. What precisely did you set the registry key to? And, have you tried the .cmd file that I suggested yet?

One of the things XYplorer probably does is set up its own set of 'context menu' handlers (ie the things that determine what menu options are shown to you when you right-click a file in 'Windows Explorer' or whatever else ('File Explorer'?) it's called in more recent versions of Windows, and then actually implement the choices they offer. Akthough I'm sure that there's a standard approach to coding one of these handlers for use with Windows itself, maybe XYplorer is making some incorrect assumption, or maybe there's something in EAM's handler that XPplorer doesn't like. There's an option in EAM's Settings -> Advanced, named "Windows Explorer Integration"; it would be interesting to know whether your problems continue if you turn that off. Indeed it would be interesting to know whether XPplorer normally offers the EAM context menu option, and whether turning the setting off in EAM makes it invisible to XYplorer. Also... does XIII also use an explorer-replacement?

The thing is that in earlier versions of Windows pretty much the same set of tasks were running, but each svchost.exe process had maybe six or so of them in it, so you might only have thought you had - maybe - 8 instances of svchost running. So, each of those svchosts couldn't keep memory etc used by its tasks apart. If any one of those tasks aborted it was likely to break some or all of the other in the same process. If any one of them was compromised, then whatever the others in the same process were doing was also likely to be compromised. Separating each task into its own process is a much better idea... though clearly Windows will have a little more overhead in setting each one up and allowing them all to communicate with each other (through properly-controlled pathways). All these things that used to run and still do run are not there for "no reason". They're things like: the Windows Firewall, the DNS service, the Event Log, Encryption.... and so on... and you should be happy that in Win 10 Microsoft made all of them more reliable.

That link still explains the registry change badly... with the arithmetic being in decimal and showing some of the sample values in hexadecimal. I'm sure that will confuse people. But what I really don't understand, @Wagneris why it matters to you? You said you've got 16 GB of RAM, so there's no need to try to save a few KB here or there. When Windows runs multiple svchost tasks in lots of separate processes you get a more stable, more secure OS. It's a change to the OS internal design that was vastly overdue. Why on earth would you want to return to the previous unstable insecure design?

EAM's approach doesn't necessarily cover all browsers (or any other program). It depends on how they do DNS lookups. If they contain their own equivalent of the OS-provided DNS facilities then such a program might not be protectable at all. The add-on you mentioned claims to check (or be able to check) whether a site is malicious, in various places. I don't know how you check that it's actually doing that, nor how you check that it isn't itself passing your browsing intentions on to someone else. Whether a Firefox add-on is safe also depends on whether the programmer keeps the addon uptodate. Some users, me included, use no FF addons unless they are supplied by Mozilla as those do get updated as the underlying Firefox code is changed. Many many addons don't get maintained at all, let alone kept in step with every new release of FF. Almost all the user problems reported on the Mozilla users' support groups are caused by addons which either don't individually work properly or don't work in combination with other addons. I read recently that Mozilla are looking at changing the way DNS lookups are done by Firefox, to make it more secure - but maybe also prevent EAM's Surf Protection from working (I dunno?). See: https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/