Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 2100 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos EndPoint SC 9.7 extrange behavior

SIF

Hi all,

I have noted in three different computers that the almon.exe process is trying to read data every second from a registry file that it doesn't exists:


11:38:03,9998984    ALMon.exe    3576    RegQueryKey    HKCU\Software\Classes    SUCCESS    Query: HandleTags, HandleTags: 0x1


11:38:03,9999241    ALMon.exe    3576    RegOpenKey    HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}    NAME NOT FOUND    Desired Access: Read


11:38:03,9999518    ALMon.exe    3576    RegOpenKey    HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}    NAME NOT FOUND    Desired Access: Read


11:38:04,9999258    ALMon.exe    3576    RegQueryKey    HKCU\Software\Classes    SUCCESS    Query: Name


Somebody have noted this before? (I am using Process Monitor Tool) It is possible to fix that?

Is always the same Key (72C5961A-7923-4109-BF4B-CBA5CE20BC53 ) in the tree computers (WXP and W7 fresh installations) in 32 and 64 bits. It is a little annoying have every second this read operation on the HD.

Thank you in advance.

:19875


This thread was automatically locked due to age.
  • 0

    Hello SIF,

    the key is a legacy key for the MessageDisplay class (related to the desktop messages) and existed up to version 8. Dunno why the query is still here, might be annoying, might be inelegant, but it sure does no harm given all the other registry activity going on all the time.

    Christian

    :19877
  • 0

    Thanks! It is now clarified.

    Now, I just have the doubt if this constant read op. could prevent the hard drive to enter in sleep mode. I will try to check it.

    Thanks again!

    :19881