RegDefend Blocks Win Programs at Bootup

Is it a problem that Window's Explorer.exe, and svchost.exe get blocked from making changes to the Registry during bootup?

I see no evidence of problems, but I wonder.

 

Hi NormanS,

Depends, of course, on what changes are being blocked. I would be more concerned about the impact of blocking svchost.exe than explorer.exe. Keep in mind that explorer.exe needs to set quite a few values in HKEY_CURRENT_USER when you login as a user. Read through Description of HKEY_CURRENT_USER Registry Subkeys and you can get an idea of what could break. It would help to post some of the blocked events (highlight the event, press ctrl+c to copy).

Nick

 

Thanks Nick.

Here are the highlights of two Explorer blocked events:
1:
Group: RegRun
Filename: c:\winnt\explorer.exe
Key: HKCU\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders
Value: startup
Extra Data: [REG_SZ] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

2:
Group: Auto Starts
Filename: c:\winnt\explorer.exe
Key: HKLM\Software\Microsoft\Windows\Currentversion\Run
Value: synchronization manager
Extra Data: [REG_SZ] mobsync.exe /logon.

A likely explanation for the second is that Synchronization manager is disallowed at startup.

 

Hi Norman,

Since it looks like you're running Windows 2000, I would Allow explorer.exe to set the first value. C:\Documents and Settings\Administrator\Start Menu\Programs\Startup is the default startup folder for the Administrator account. If RD is auto-blocking, as in the other thread, you will have to locate the rule in the RegRun group that is set to Block access to that value, and reset it to Ask User. When RD alerts you on reboot, click Allow and tick "Always perform the action I take". This sets up an exception for explorer.exe for that value.

I believe disabling mobsync.exe actually requires four steps. Otherwise, the registry value will return at startup. First, right-click on your Desktop, go to Properties, go to the Web tab and uncheck all boxes. Next run Synchronize under Accessories, and uncheck/disable everything. Third, open My Computer and go to Folder Options under Tools. Go to the Offline Files tab and disable offline files. And, finally, to rid yourself of that mobsync.exe Run value, you have to use regedit to delete it. It should not return again. If you are not comfortable using regedit, leave it there and ignore the blocks. I would still go through the other steps.

Nick

 

Thanks Nick. That mobsync has been bugging me for years.