Jump to content

Update and Registry Issues


Yilee
 Share

Recommended Posts

On 12/17/2016 at 0:29 AM, Nikilet said:

This has popped up a few times lately. Tonight when I came back to my laptop the error message was on my desktop and I could not open either browser I restarted and now it seems to be ok, but I can't help but wonder what this is trying to tell me.

emsisoft error.JPG

Received the same error box as above and much more in the form of several problems.      

It's hard this time to know where to begin but I'm certain of my findings as I have been following this one particular issue about a Registry Handle Leak from EAM and also about 5 specific Registry Handle Leaks from lsass.exe after every re-boot for 2 months now. However, there were no side effects and the alerts were warning alerts not errors. My license is soon to expire and I wanted to get the handle leak from EAM Build 6970 fixed so I intended to perform a clean un-install then re-install (this has worked in the past for other issues). But at the last moment I decided to manually update EAM for no specific reason and I got hit with the new EAM build 7014 which immediately gave me problems when I performed Full Scan:

*Severe corruption of programs ***service/mmc/snap-in functions **** corrupted my admins app data roaming folder ***also when I tried to update I got the "internal processing error dialog box". ***also any scans that I performed did not create any log files to view  ***also the scans would hang for a bit at the beginning  ***also if I tried to stop the scans that were hanging EAM would lock up and only a reboot would unhang it  ***also noticed that I caused my Software Protection Service to terminate unexpectedly   ***The same would happen on admin or user profiles   *** also noticed a System .IO.IO Exception error.   This is stuff I have never seen before.

On the good side I discovered the following:

****When a scan did complete in a normal fashion (but without log) the scan was not slow as has been the case for a while. Yes I realize that the scan speed did improve a week or so ago but not as fast as in the past. Also the scan was using between 20 to 100 % CPU instead 0 to 10% like it had been doing recently.

*********After many re-boots I noticed that the Registry Handle Leaks from EAM and from Lsass.exe were no longer present at all-never!!

So, the above prompted me to perform some diagnostics and this is what I Discovered:

1. I found that if I removed(uninstall) EAM or if I completely turned off it's Start-up Protection as well as all other Protections so that it would not start-up at re-boot that I could re-boot as many times as possible and not have any Registry Handle Leaks from EAM or from Lsass.exe.

2. When I re-enabled all EAM functions and set it to delayed update to EAM Build 6859 I again received the Registry Handle Leaks from Lsass.exe and occasionally from EAM.

3. All Summer into early Fall I did not have any Reg Handle Leak warnings from lsass.exe or EAM or any other unusual warning or errors until I Performed Windows updates during the month of Nov 2016 and only Security Only Monthly for Windows and Net.framework 4.2 and 3.5 and a few other misc. I avoid telemetry and quality roll-ups. However because I was busy I had not updated since June 2016 because I wanted to see how  Microsoft's update changes would play out. I do not worry about not patching because I use an external gateway with Bluecoat Content Protection with Active x and java blocked except for various Microsoft Active x is whitelisted  for update purposes. The gateway has Anti-virus and IDP(intrusion detection signatures) also. I can blacklist any unwanted MS ActiveX updates, host url's or IP's. Using external protection is how I intend to use windows 7 for many years past 2020.

*In conclusion my Wind 7 OS works fine with the  Nov. 2016 Windows Patches without EAM Installed.

 *It was OK with EAM build 6970 and the older EAM build 6859 even with Registry Handle Leak Warnings because the leak warning did not cause problems.

*I know that there was a MS patch in May 2016 that was released to fix lsass.exe Leaks but it caused issues with Emet 5.5  on 32 bit Win 7 OS, so I avoided it. However, I looked it up again and used Microsoft Update Catalog to see if it was superceded and it was several times and was included in the Oct. 2016 Security Only Release. So I have been patched for the Lsass.exe leak. Anyway, I use Emet 5.2 on a 64Bit OS. Never gives me trouble. Spent a lot of time getting it right and it's been perfect ever since.

*So my final conclusion is because EAM worked perfectly up until Nov 2016 with Builds 6859 through 6970 without any Windows update patches since June 2016 I can only conclude that there is a problem with EAM and a certain Windows update patch that was released since July 2016. 

*I am also saying that there are a lot of bloggers complaining about the same identicle (5) lsass.exe Registry Handle Leaks during the last several months and no one has resolved the issue. MS states that since it's only a warning that it's probably a timing issue at start-up after re-boot. Sounds reasonable as long as the alerts do not produce problems. I now suspect that MS may have released a patch that is making it difficult for 3rd party  Anti-virus programs to work flawlessly. Since, they finally gave up on the Win 10 auto installs, it's likely that they will find other ways to get users to give up on Windows 7.

* I suspect that by tomorrow Emsisoft will have many other users complaining about EAM build 7014. I however intend to just monitor the situation for a while and use the delayed release version. I'm busy with other stuff.  I hope you guys can get to the bottom of this. I know for a fact that while not widely published, your team has been working on the EAM A2service.exe Registry Handle Leak for a long while and this Build 7014 Hotfix is the worse fix that I have had happen to my OS in a long while. Please look over the timeline that I described. The problem is definitely related to a windows update Patch.

*I am worried that I will have to stop patching windows 7 well before 2020 because all of the 3rd party programs such as yours will have to work with the changes that are mostly aimed at windows 10 which will make it harder for you to make your program work well in windows 7(eventually). Your EAM program presents with an unusual problem that I  don't have with other 3rd party Programs in that you mandate that program Updates be included with AV definitions. Well I have 2 suggestions:

   a. Maybe make separate EAM Programs for  Windows 7 and Windows 10(I realize that from your point of view that this is a laughable suggestion, but MS is not going to make it easy for you to make your programs backwards compatible with Windows 7 like they did with Win XP. You guy's will be forced to abandon Windows 7 out of pure frustration over the coming months. Just as our political system is turning to crap and using nasty hardball tactics so will the software arena. 

   b. Maybe have the EAM program create a restore point before changing to the next Build. This idea is not laughable. I was lucky that I had very recent Restore points. I also have Acronis backups but it takes extra effort to do a restoration. Not everyone is prepared as I am. I don't know how  others that have very limited computer knowledge deal with these times. If they are young enough I guess they don't know the difference. Can't help but rant a little.

I don't suspect your team has any answers yet, so I will just monitor the situation while I use the delayed update. Thanks

  • Upvote 1
Link to comment
Share on other sites

For the update issue, on Windows 7 simply restarting your computer should resolve it. On Windows 8.1 and 10 you may have to do the following:

  1. Right-click on the Start button.
  2. Go to Shut down or sign out.
  3. Select Restart from the list.

 

As for the registry leak, that is supposed to be fixed in version  12.1.1.7014 which was released on December 15th.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...