For example - Microsoft Security essentials Windows 7 C drive is shadowed - so un-shadow make a folder in c:\windows c:\windows\startup-shutdown create a text file named shutdown.txt in this file put reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" "D:\Data\Reg.reg" rename shutdown.txt to shutdown.bat and run it. Edit shutdown.bat and modifiy it to del "D:\Data\Reg.reg" reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" "D:\Data\Reg.reg" Why? Because when this runs at shutdown, it has to delete previous reg.reg before saveing latest version - everytime. I don't have D drive shadowed - you have to pick a drive that is not shadowed. Now, create startup.txt In this file put reg import "D:\Data\Reg.reg" "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /auto Why? You want the reg copied into the registery before Shadow Defender starts. Rename this too, startup.bat Edit group policy by clicking start, typing gpedit.msc Click computer configuration - windows settings - Scripts In the right pane "add" enter C:\windows\startup-shutdown\startup.bat In the left pane go to User Configuration - windows settings - Scripts In the right pane add "logoff" enter C:\windows\startup-shutdown\shutdown.bat Why? Because the first one is system - it will copy the reg.reg before Shadow Defender starts The second one is user logoff - copies the reg before Shadow Defender quits and you loose it. Close out gpedit.msc go to where your Shadow Defender starts C:\Users\userName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup userName is the name you use to log on with in windows or it may be all users C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup What you are looking for is Shadow Defender link. You need to change it to "C:\Program Files\Shadow Defender\Defender.exe" from "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /auto Why? You won't see the icon in the bottom right of your task bar if you don't. Also by adding Shadow Defender to the group editor, Shadow Defender will start first before anyone logs on and before anything else starts up. In Shadow Defender exclude C:\ProgramData\Microsoft\Microsoft Antimalware\* There is a question in my mind as to whether this actually works. Looks right. Makes sense. Any comments or corrections are welcome. It just seems to me that it isn't working because when I reboot, my securiy essential icon is red until the computer has run for several minutes. To test it, I could have the startup.bat and shutdown.bat create a file on C drive and see if the file updated after reboot. I guess that would have been too simple.