[Win7 Event Error 1530 leaked registry handles]

Added information:

When Kaspersky is exited from the task bar you might assume it was completely shut down (which I would expect) but it still has a background running process: AVP21.9 Pid 5744.  which cannot be stopped manually?

A second process klvssbridge64_21.9 (Kaspersky Volume shadow copy service bridge 21.9) is shown as STOPPED.  I can't yet confirm what happens during shutdown when these services are running normally or if the registry leak still occurs if exited first. If the latter then I'll post the answer and a conclusion can be reached about how this running background processes is terminated by Windows.

[Win7 Event Error 1530 leaked registry handles]

Quote

We're checking the shutdown sequence & will update when information is  available.

Thanks that will be helpful. As well as reading to ignore this error, I think I saw it can still persist in Win8 to Win10, but Microsoft deprecated open registry key errors to 'Information Level'. If that's the case, it's sounds like a way of hiding an app. problem not solving it and developers wouldn't know when testing on the later OS?

I just caught the post from Berny.  I don't think I'm alone and it may need some digging through event error logs.  The problem is it isn't consistent. Some shutdowns and restarts are ok, others show the open registry keys error from the last session after a reboot - which is why I think it's a Kaspersky app. shutdown problem not startup because I don't see the error when the Event window is kept open during a session.

I know Win7_64 is no longer supported by MS. Mine has all the last updates applied and is bug free apart from this problem. Many don't look at Event errors and I was guilty in the past of not looking and pursuing them. Now years on, the OS doesn't throw up Event errors except for Kaspersky and I use other 3rd party security products to fill in gaps fixed by zillions of MS updates or OS version re-issues.

[Win7 Event Error 1530 leaked registry handles]

First my apology, I use 'KAV' (Kaspersky Anti-virus) as a generic term for all Kaspersky versions. Sorry for any confusion.

I'm using Kaspersky free version. But I would expect free to be free of Event bugs like my open registry keys problem? I've seen this discussed by other users elsewhere with no solution other than ignore it because I think it's a behaviour of the executeable interacting or not interacting with Windows app shutdown. As I said, if it was easy to shut it down using Windows procedures it could be used by bad actors and understand if Kaspersky has to control shutdown within itself. Hence my suggestion it's done first leaving it closed before windows shuts down other apps? The other possibility is it's calling a home server at shutdown and windows kills the process first leaving registry keys open?

[Win7 Event Error 1530 leaked registry handles]

Thanks, I eventually found the version having always thought that icon was for audio and people with poor eyesight!

App version is 21.9.6.465 with database up to date in folder 21.9

avpui. exe is v 21.9.6.465 13/03/2023

That sounds up to date to me?

[Win7 Event Error 1530 leaked registry handles]

This issue has been bugging me for a while since I investigated and eliminated all other Event errors. This error is inconsistent but seems related to Windows shutdown not startup? KAV is the only program producing this error. I think when Windows shuts down, either there's a timing issue or by design, KAV will only shut itself down and if Windows gets there first, KAV is shut down with this error. I'm sure it's a function of KAV apps architecture and perhaps for security reasons, it can only shut itself down gracefully? if that's the case, give first shutdown priority to KAV then pause other Windows apps shutdown until KAV shuts down, then allow Windows to continue? This might increase shutdown wait time, but I'd prefer that to getting Event 1530 errors logged.

Some say just ignore this Event warning but I prefer tidy applications that open and can be shut down without this error which I can't mask out.

Any ideas please, or does this have to be an application fix? - Thanks

4 user registry handles leaked from \Registry\User\S-1-5-21-4160568435-1654644878-2367564287-1000_Classes: Process 4016 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4160568435-1654644878-2367564287-1000_CLASSES Process 4016 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4160568435-1654644878-2367564287-1000_CLASSES\Wow6432Node Process 4016 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4160568435-1654644878-2367564287-1000_CLASSES\Wow6432Node\CLSID Process 4016 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4160568435-1654644878-2367564287-1000_CLASSES\CLSID

[How can I really temporarily stop protection?]

Thanks, I understand what you mean. Defender is well and truly disabled, no running services! but Firefox is becoming more troublesome as they keep adding in security options with each new version. I wish they would stick to it being a browser and let AV software handle security. I keep an older version of Chrome I use for testing which browses to anything and in most cases helps me if any security blocking is with Firefox. I have this feeling that Kaspersky can interfere and block apps or file saves, but doesn't add its actions to the log? This makes it harder working out if Kaspersky is causing a problem or not.

Yes I know about the certificate, for me it's just time consuming having to pass over all the warnings. But not sure if I can enter my router webhost IP as an exception in Kaspersky.

I don't allow automatic background updates and I've noticed Kaspersky has reduced the frequency of its updates which used to be 3 or 4 a day. I run other protection software so I'm quite happy with a daily update.

[How can I really temporarily stop protection?]

Thanks, I just discovered that and tested it by accessing my router. I already have kaspersky set to manual and a delayed startup entry to control what it does. I just disabled the startup completely.

Do you know what protection is still active? It clearly picks up access to my router as insecure because I haven't created cerificates yet, but what else is it doing? The frustrating problem I had was an installer app that just stopped when it had to write files to the hard drive and Windows system temporary folders?

[How can I really temporarily stop protection?]

I've been troubleshooting an old (virus free) application.exe that just fails to install. I have another PC same Windows OS without Kaspersky and no issues. 'Pause Protection' doesn't do what it says on the tin and I'm losing confidence. I can prove Kaspersky is still active by saving files or accessing my router control panel (No HTTPs certificate) and Kaspersky AV is still actively monitoring my IP network traffic. When an application says 'Pause protection' I expect it to do that and not run background services i don't know about?

I want to stop Kaspersky completely, disable/stop its processes without its app security objecting or getting a belly ache, then restart it again. I've tried a few things but I'm fast concluding the only way to stop it is to uninstall it and clean up what's left over, unless anybody has other ideas?

[First install, it is scanning your PC in the background and could find and delete false positives and NOT put them in the AV vault. This can be a disaster!]

I am an experienced user and don’t need much of the bloatware, Windows registry pollution  and scheduled options that most AV apps come with. Manual operation without scheduling is my choice for AV as I rarely install new apps and use manual AV & malware scans before creating incremental backup images to recover from.  Only when you uninstall most AV packages  do you discover and clean up the mess left behind.  Kaspersky  Free is a good introduction lightweight AV over which you can have manual control.

However be warned: On my first install before you setup options for detection e.g to warn NOT to delete, it is scanning your PC in the background and could find and delete false positives and NOT put them in the AV vault, which happened to me.  I’m not sure how to stop this, although it would have been nice to have added a command switch to the executeable to stop Kaspersky Free auto scanning until its options were set?

I’d appreciate some ideas as to how I can setup Kaspersky Free options on first install to stop the automatic background scan until I agree them. It could at least have the default detections set to ‘Inform’ and not delete and have the run option turned off or on a 5 minute timer?

For now I can temporarily remove hard drive letters from a couple of my hard drives to make them invisible, before running Kaspersky Free first time. I don’t think its scanning is clever enough to search an invisible drive?

 

I’m not sure I want to upgrade or replace the app again and remember to stop full scan autoscanning all PC drives without my permission? Does anybody have ideas as to how I can stop this? I don’t think I can export a settings profile and have it picked up when Kaspersky Free first runs either.