Regedit.exe and Global Hook- FYI

Discussion in 'ProcessGuard' started by siliconman01, Jan 28, 2004.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Doing an Export in Regedit.exe shows:

    Welcome to DiamondCS Process Guard.
    This program does not need to be running for your system to be protected.

    28 Jan 02:18:15 - Window Log Started
    28 Jan 02:18:21 - Process Guard Protection is ACTIVE
    28 Jan 04:35:58 - [HOOK] c:\windows\regedit.exe [2340] was blocked from creating a global hook [00000007][00000000]

    Added to PG and Options-Allow Global Hook. Regedit.exe is in C:\Windows
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Hook type 0x7 is WH_MOUSE. Why Regedit wants to hook mouse input when exporting, I'm not sure, as it only occurs after the export occurs - not during. I wouldn't be very concerned about it though, it looks OK from here. :)
     
  3. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Thanks Wayne :)

    I suspect there will be several/many more like this as time goes on...Windows does strange things for sure :p.
     
  4. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I get the same thing here, WinXP Pro. Strange.
     
Thread Status:
Not open for further replies.