Unsolved
This post is more than 5 years old
2 Intern
•
1K Posts
0
12753
June 14th, 2011 16:00
Win Def and UPHclean
Hi guys.
Since I can remember, I have ran uphclean in my XP to avoid userenvwarnings in my system logs. Now I use Windows defender and I am getting two Win Def warnings in my sys logs because of uphclean.
It seems that WinDef can not recognize uphclean at boot time. It is asking me to allow it, like I have allowed other programs
but since this is happening at the beginning of boot, I do not have Win Def in my task bar yet to give it a "Permit".
Mind you, UPHclean loads anyway and is active in my machine despite it all.
So I thought, let´s delayed uphclean with Win patrol, but it is not in Win patrol start up programs. I also thought to kill it and to execute it again so that Win Def pops up the alert. No go. When I double clicked uphclean.exe, I got a black cmd window that goes away in about 10 seconds and uphclean does not run active in my comp afterwards. I have to reboot to make it run again.
Does any one has an idea to add uphclean to Win Def permit list ? or make uphclean to run a little late for Win Def to catch it ?
0 events found
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
June 14th, 2011 17:00
Hernan,
I do not use (nor am I familiar with) uphclean... so I'm not sure if I'm answering this correctly.
But in general, you can instruct Defender to ignore programs (so as to avoid conflicts/slowdowns):
Open Defender. click on Tools / Options
scroll down to Advanced Options
and in the box marked Do Not Scan these files or locations , click the ADD tab to navigate your way to the program [uphclean] you want Defender to ignore [and be sure to click OK to place the filename in the box; and then hit the SAVE button].
See if this will work for you.
iroc9555
2 Intern
•
1K Posts
0
June 14th, 2011 19:00
Hi David.
Thank you for your answer David, and I am sorry I did not pointed it out in my OP I had done it. No dice. Nil. Zero. Nada.
I have been reading in the web about Win Def flagging UPHclean in the Event Viewer. It is an old theme with no solution, at least no one of the pages I read gave a solution.
What I figured, and it is applying one of my quotations below, it is not uphclean.exe doing the flagging but uphcleanhlp.sys (see second image, red circle; Path found:driver:uphcleanhlp. In the first image, not shown, it says; path found:service:uphcleanhlp). Now the funny thing is that this file can not be found in any place but in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPHCLEANHLP]
(found about it in a very intersting Avast Forum post:http://forum.avast.com/index.php?topic=78124.0 )
being so I think this file is deployed or implemented at boot time only, making Win Def to flag it just that one time and not anymore. (Just like "avast.setup" when doing updates. You will not find it unless Avast is updating)
So it is futile to try to add it to Wind Def options to "ignore" because Wind Def "cannot find the correct path to this file", and since I do not have the know how to fiddle with the registry, I would have to live with the warning in my Event Viewer for the time been.
joe53
2 Intern
•
5.8K Posts
•
17.3K Points
0
June 14th, 2011 20:00
Hernan:
I have both uphclean.exe and Win Def installed and running on my XP box for years, with absolutely none of the problems you describe. I have not had to exclude it in WD, and I see nothing in my System logs about it.
I'm wondering if your copy hasn't been corrupted somehow. Have you tried downloading and installing a fresh version from MS?
Also, did this problem start after installing today's patches from MS? (I haven't installed them yet).
Uphclean is installed as a service, and deployed at shutdown, AFAIK. It is described as "Cleans up handles to allow unloading of user profile hive. This can help speed up logging off, reconciliation of roaming profiles and prevent exceeding the registry size limit". Whatever that means!
In services.msc I see uphclean.exe listed as running automatically. It is not listed in my startup (not in msconfig, nor in WinPatrol) but it is listed as an "Active Task" under that tab in WinPatrol.
Hope that something here will be of some help.
iroc9555
2 Intern
•
1K Posts
0
June 15th, 2011 13:00
Hi Joe.
Good for you.
Googling it gives you a lot of reading about the subject dating back to 2004 or so. I did my share of reading and found nothing to solve this problem of mine.
Yes, I downloaded a fresh copy andafter I reinstalled it (Uphclean), Win Def flagged UPHclean.exeand I allowed it ( I was looking for this), but did no good. I still get the warnings after reboot.
No, I have not installed mine either. I went back to the Event Viewer almost 15 days and I have the warnings every time I boot my comp.
Did not know that it was installed as a service until yesterday when I was reading about it and finding it in my Service List. I thought it was just regular program that did his task at shutdown. I installed it to do exactly that " To unload user profile hive ". I was getting this warning about USERenv ID 1000 in Event Viewer.
I also noticed that. I was looking to delay its deployment with Win Patrol and it was not in my Win Patrol Start Up programs, but I have seen it in my logs as "UPHclean Service Started" and also I have it active in my Win Patrol active tasks. Of course since it is a Service it would not be as a Starting prog.
Joe it seems that it is not .exe generating the problem but a .sys file that can not be found in the files. This uphcleanhlp.sys is what Win Def is detecting. Its driver and service. When I reinstalled uphclean, WD alerted me of a program trying to modify drivers and services. I thought, caught you.., but when I allowed it in WD, it turned out to be uphclean.exe and not uphcleanhlp.sys.
So I am at the beginning again. Bad luck.
Thank you for taking time to answer my post.