none
RegFilter does not import values RRS feed

  • Question

  • I am running WES7 using FBWF and RegFilter.

    What I found is that when changing registry values covered by the regfilter the new values will not show up after reboot.

    But when I import the corresponding .*rgf file from the regfdata into the registry all is ok.

    So the values get saved to the regfdata.

    But when booting the system, the values from the regfdata will not be imported into the registry.

    What can happen to the regfilter that is does not import its values during boot ?

    Does the regfilter run as a service ?  How is it named ? I can not find anything close in the services list.

    Does the regfilter rely on any other service that I maybe have disabled ?

    • Edited by peter_gr Friday, February 16, 2018 3:09 PM
    Friday, February 16, 2018 2:25 PM

Answers

  • oh it is so simple

    I just forgot to change the monitored key names to numbers starting with 0, when I added my custom filters.

    sorry for that

    • Marked as answer by peter_gr Monday, February 26, 2018 1:31 PM
    Monday, February 26, 2018 1:31 PM

All replies

  • To clarify what you are seeing: write-throughs setup in registry filter and when you change the values (not the keys) the changes don't get saved. Is this correct?

    Double check the Spelling of the registry write-through that you put into ICE, and that you have all parameters including ID filed in.

    Registry Filter is not a service, but a driver - HKLM\SYSTEM\CurrentControlSet\services\RegFilter - regflt.sys. The functionality will only work when FBWF is enabled. For registry write-throughs, it doesn't mater if FBWF is on or off, the values should change. There is also a RAM disk driver that goes with registry filter. If this is somehow disabled, then registry filter will not work

    What services are you turning off? If you don't turn off these services, does registry filter work correctly?


    Sean Liming - Book Author: Starter Guide Windows 10 IoT Enterprise - www.annabooks.com / www.seanliming.com

    Friday, February 16, 2018 5:18 PM
    Moderator
  • What I see is that the values are saved ok into the regfdata file;

    inside regfdata there is a *.rgf file that contains the changes.

    The file content is very cryptic but the new string is there.

    So the values get saved.

    Does this also makes sure that the ramdisk driver is working correctly ?

    But when rebooting those values will not show up in the registry.

    When calling regedit I see the old values.

    When manually importing the .rgf file from regfdata the new values appear.

    I checked the fbwf; it is enabled and on.

    Regfdata is added to the exclusion list. The data inside regfdata seem to be correct.

    How can I check if the ramdisk Driver is on?

    What functionality is responsible to update the registry values by the regfdata values during System startup?

    In the Event Viewer an error pops up : The Registry Filter  was unable to get RAM Disk device object.

    So does the ram disk driver fails yet ?  To save the data into the ramdisk seems to work, but to load it seems to fail.

    Any idea ?

    Additionally info about disabled services will be added soon.


    • Edited by peter_gr Monday, February 26, 2018 12:48 PM
    Monday, February 26, 2018 12:40 PM
  • oh it is so simple

    I just forgot to change the monitored key names to numbers starting with 0, when I added my custom filters.

    sorry for that

    • Marked as answer by peter_gr Monday, February 26, 2018 1:31 PM
    Monday, February 26, 2018 1:31 PM