“Registry” process in Process Explorer

Topic

New Reply

In Process Explorer I noticed a process called “Registry”. I looked it up, and understand that it is a new process in Windows 10, used to store elements of the registry for quick access (something like that). What I don’t understand is that in Process Explorer, on the same line, under “Path”, it says “(A device attached to the system is not functioning.)” What does this mean? I am not aware of any non-functioning devices, and nothing is flagged in Device Manager. Is it something to be concerned about?

“Registry” also shows up in Task Manager, under “Windows processes”, but with no such message.

Reply | Quote

Replies

I would love to know what is going-on with this “Registry” item (same situation as described). Nothing anywhere online except a mention here, but no resolution.

Process Explorer notes “Registry” Process. “[A device attached to the system is not functioning.]”

What else can I add? On this machine, PID 108. Working 78,432K 3,460K Private. Path = “Access Denied”. Start address threads involve “ntoskrnl.exe”. Write Bytes = 1.9 MB (rebooted shortly before visiting this webpage).

Also, Process explorer notes “Memory Compression” process description as “[A device attached to the system is not functioning.]”. PID 2260. 0 K working, 40K private. “ntoskrnl.exe!ExAllocateCachAwarePushLock+0x130”.

Windows 10 machine. Hybrid set-up. C: is SSD (sata cable). E: drive is HDD.

*If I had to guess this is related to “Trim” setting? ¯\_(ツ)_/¯

Thanks to anyone in advance for helping!
Josh

Reply | Quote

https://winaero.com/registry-process-windows-10/

..The purpose of this process is similar to that of the memory compression store process in that it is a minimal process whose address space is used to hold data on behalf of the kernel. However, while the memory compression process is used to hold compressed pages, the registry process is used to hold registry hive data (e.g. HKEY_LOCAL_MACHINE\SOFTWARE, HKEY_CURRENT_USER).

Storing registry hive data in the registry process gives the registry access to more powerful memory management capabilities which will allow us to reduce the registry’s memory usage in the future…

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

I was 2nd post in this thread -subsequently joined.  Thanks for feedback to everyone.  The “Process” (arguably, see above) was not listed in Task Manager (only Process Explorer).  Here is a screenshot from Process Explorer (ofc).

Two Processes interest me, “Registry”, and “Memory Compression” (listed at top).  Mostly b/c of the Path noting, “[A device attached to the system is not functioning.]”

Thanks much!  Much obliged

Reply | Quote

You can’t see any information about this process because the security on it is set to “deny” access to all users. This is because it is a very important system function and Windows doesn’t want anyone tampering with it.

“Deny” security is set when you want to prevent certain users having access to a specific file/folder/process/registry hive. (The default tends to be “read only”.)

It has nothing to do with “trim”, which is a disk process for SSDs.

cheers, Paul

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

The Registry isn’t a Process, neither is the Parent.

‘Hives’; like a collection of databases, preferences, etc.

Start here.

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

satrow wrote:

The ‘Registry’ isn’t a Process

According to Microsoft it is.

Alex5723 wrote:

The purpose of this process

…

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

I know you find this really difficult but – Source(s)?

It’s nothing like most of the file Processes listed in TaskMan, Process Explorer, etc.

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

I think that by posting the second quote box in the reply above, Alex meant for folks to check out this post of Alex’s in this current thread (it’s the third post down from the top) where the actual URL for said info is specified. 

EDITED to correct an oversight of mine with respect to the actual location of Alex’s post in the link I provided.

2 users thanked author for this post.

Josh_Puhn, satrow

Reply | Quote

The registry is not a process, but “Registry” process in Task Manager is – per Alex screenshot. This is the item that doesn’t show details because of the deny permission.

cheers, Paul

4 users thanked author for this post.

Josh_Puhn, n0ads, Alex5723, satrow

Reply | Quote

Alex’s screen shot shows the file running the Registry process is ntoskrnl.exe with a “File description” of NT Kernel & System.

So the real question is, why did Microsoft decided to call the “process” Registry, which obviously confuses it with their registry hive files, instead of “System Kernel” or some such?!?!

BTW, like @martins2, I also get the “[A device attached to the system is not functioning.]” message when using Process Explorer and am not sure what it refers to since Device Manager also doesn’t show any device errors on my system!

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

My understanding is that the ‘active’ parts of the Registry ‘process’ reside within the Windows kernel, where it’s fully protected and isolated. It contains the Registry hives of the logged on User and hardware.

The odd warning is because of the kernel/Ring0 protection (it isn’t a ‘real’ Process, so it can’t give the Access Denied or w/e the ‘normal’ Processes state).

Reply | Quote

For all those confused by the “A device attached to the system is not functioning” text –

This is a case of meaning lost in translation.  STATUS_UNSUCCESSFUL can be returned by a failed operation by the NT native code layer that lurks below the Windows API. The hexadecimal value of this NT status code is 0xC0000001.  When STATUS_UNSUCCESSFUL is translated to a Windows API error code it is represented as ERROR_GEN_FAILURE which has a decimal value of 31.  Finally, the text associated with ERROR_GEN_FAILURE is the confusing “A device attached to the system is not functioning.”

4 users thanked author for this post.

Josh_Puhn, n0ads, Paul T, satrow

Reply | Quote

Thanks EricB!  That’s a little comforting.  Any guess what’s doing?  How common are entries like the two w/in screenshot below?   Compression (related to HDD -HDD E: drive, C: is SSD)?  Registry?  Hmm, that’s probably harder to narrow-down.  The Registry Process Explorer entry can start slowing this machine down -as it gets Memory hungry. 

 

I’m attaching the screenshot again (as my 2nd “reply” was atop -I replied to my own post).  #New2AskWoody 

Thanks all!

J

 

Reply | Quote

Registry will be common to all recent Windows, Memory Compression probably limited to those with less than, say 16GB RAM, or frequently requiring higher page file usage but it’s nothing to do with disk storage.

Probably better to state your full hardware specs so that others can do their own comparisons, any resulting comments could be of more use to you, esp. if you can describe usage/time for your sessions.

I have no Memory Compression on a streamlined W11 with 1TB M2 and 32GB DDR4 (40% in use), I’ve no clue whether that would be the case for ‘normal’ W11 install on the same hardware, I didn’t study it. My Registry ‘process’ consumes ~2.3MB currently, when I wake it in the morning it will rise to maybe 8MB in ProcExp/TaskManDeluxe, I’ll check and note it if I remember.

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

Thanks for the follow-up @satrow!

This isn’t my machine, helping a friend.

Specs

 

Reply | Quote

2 More new screenshots I forgot to include, w/ 2nd  pane in Proc Explr

MemoryCompression & Registry.  Thanks again!

 

Reply | Quote

I very much doubt the Registry activity would give any noticeable performance hit, that’s much more likely an expected effect of running into using compressed memory. I have to add that I don’t have any real experience of W10’s compressed memory, I used 32 and 64GB but only used 10 for a couple of months.

12 GB’s okay but 16 or 32 would be better, streamlining Windows 10 might free up a little more memory. Shorter sessions between reboots would also minimise hitting the slower compressed memory.

I don’t know the capacity of the Sandisk Ultra 3D SSD but the smaller it is (250GB would have been my bare minimum for the i5-6xxx series) the greater the % free space out to be for best performance and longevity.

1 user thanked author for this post.

Josh_Puhn

Reply | Quote

Thank you for your time @sartow   On my machines I like 32GB & 64GB ram as well (I’m impatient and prefer debian based os’s).

This machine is pretty streamlined, tweaked Registry & Removed Bloatware.  Note: the problem(s) with Process Explorer are more recent… any Registry tweaks & Bloatware removal ran fine for a couple months+.

This is basically an old lady machine.  She doesn’t need 2 sticks of 16GB ddr4.  Seems the more RAM and say 14th gen+ CPU(s) result in MS Windows bloating up their end in soon-to-be Win12.  My $0.02.  This machine is fine for playing classica solitaire, searching the web for recipes, and checking email.  Weather, go to weather(dot)com, need a map, go to Bing/Googlemaps, et.  Developers will scale-back for a handful of apps, you know?  Sorry for the MS rant (macOS/osx Id say the same, BUT w/ an extra dash of “hype”, lol)  Win7 was pretty cool!

She/they gotta buy a new machine b/c win10 EOL looms, even though their computing needs are currently met in spades.  Uncool.  ¯\_(ツ)_/¯

REALLY appreciated your time sir/madam!

Kind Regards, Josh

Reply | Quote