Bug in Registry on all Windows(XP?) ?!? - SysmonLogManager...(smlogcfg.dll) {7478EF65-8C46-11d1-8D99

[Thomas]

By analysis, using a registry cleaning tool (CCleaner) and subsequently
doing some manual investigation on a WinXPProSP2 and a WinXPHome (both
Danish versions) - I've detected something that does indeed look
like a general mal-registration of the "SysmonLogManager.Snapin
Extension" alias {7478EF65-8C46-11d1-8D99-00A0C913CAD4}, which is part
of "smlogcfg.dll".

"smlogcfg.dll" is the Performance Logs and Alerts Snap-in.
Oddly, - I don't get any error when adding the Snap-in in MMC
(Microsoft Management Console).

If you put a keen eye to the extract (found at the very bottom of this
posting, taken from the registry) focusing on the registration of the
"SysmonLogManager.Snapin Extension" class, - It seems (to me) that
someone (at microsoft) might have entered a space (instead of "taking
a break" ;-) i.e. someone entered "SysmonLogManager.Snapin Extension"
instead of "SysmonLogManager.SnapinExtension", which in turn have lead
to the 2 registry keys:
[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]
[HKEY_CLASSES_ROOT\Extension]
instead of just one registry key:
[HKEY_CLASSES_ROOT\SysmonLogManager.SnapinExtension]

======================================================================
My Question(s):
Is my understanding of class registration faulty?
or, if not: Why does adding the Snap-in in MMC not seem to provoke any
error, or is there a more subtle error? (Could it possibly bee that MMC
only reads from the HKEY_CLASSES_ROOT\CLSID\... keypaths, or ...)

Is pain lurking, waiting to be unleashed the day ex. "smlogcfg.dll"
gets updated by "Windows Update"?
======================================================================

Below extract is taken/exported from the Registry using "regedit",
and subsequently formatted to make it more readable (by rearranging
lines & adding indentation).

----------------------------------------------------
\HKEY_CLASSES_ROOT
\SysmonLogManager.PerformanceAbout
@="PerformanceAbout Class"
\CurVer
@="SysmonLogManager.ComponentData.1"
\SysmonLogManager.PerformanceAbout.1
@="PerformanceAbout Class"
\CLSID
@="{7478EF69-8C46-11d1-8D99-00A0C913CAD4}"

\CLSID
\{7478EF69-8C46-11d1-8D99-00A0C913CAD4}
@="PerformanceAbout Class"
\InprocServer32
@="C:\\WINDOWS\\System32\\smlogcfg.dll"
"ThreadingModel"="Apartment"
\ProgID
@="SysmonLogManager.PerformanceAbout.1"
\VersionIndependentProgID
@="SysmonLogManager.PerformanceAbout"
----------------------------------------------------
\HKEY_CLASSES_ROOT
\SysmonLogManager.ComponentData
@="ComponentData Class"
\CurVer
@="SysmonLogManager.ComponentData.1"
\SysmonLogManager.ComponentData.1
@="ComponentData Class"
\CLSID
@="{7478EF61-8C46-11d1-8D99-00A0C913CAD4}"

\CLSID
\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}
@="ComponentData Class"
\InprocServer32
@="C:\\WINDOWS\\System32\\smlogcfg.dll"
"ThreadingModel"="Apartment"
\ProgID
@="SysmonLogManager.ComponentData.1"
\VersionIndependentProgID
@="SysmonLogManager.ComponentData"
----------------------------------------------------
\HKEY_CLASSES_ROOT
\SysmonLogManager.Snapin
\HKEY_CLASSES_ROOT
\Extension
@="ComponentData Class"
\CurVer
@="SysmonLogManager.Snapin Extension.1"
\Extension.1
@="ComponentData Class"
\CLSID
@="{7478EF65-8C46-11d1-8D99-00A0C913CAD4}"

\CLSID
\{7478EF65-8C46-11d1-8D99-00A0C913CAD4}
@="ComponentData Class"
\InprocServer32
@="C:\\WINDOWS\\System32\\smlogcfg.dll"
"ThreadingModel"="Apartment"
\ProgID
@="SysmonLogManager.Snapin Extension.1"
\VersionIndependentProgID
@="SysmonLogManager.Snapin Extension"

 

[Chuck]

Only MS knows if it's a registry entry bug or a bug in software that uses
the entry.

By analysis, using a registry cleaning tool (CCleaner) and subsequently
doing some manual investigation on a WinXPProSP2 and a WinXPHome (both
Danish versions) - I've detected something that does indeed look
like a general mal-registration of the "SysmonLogManager.Snapin
Extension" alias {7478EF65-8C46-11d1-8D99-00A0C913CAD4}, which is part
of "smlogcfg.dll".

"smlogcfg.dll" is the Performance Logs and Alerts Snap-in.
Oddly, - I don't get any error when adding the Snap-in in MMC
(Microsoft Management Console).

If you put a keen eye to the extract (found at the very bottom of this
posting, taken from the registry) focusing on the registration of the
"SysmonLogManager.Snapin Extension" class, - It seems (to me) that
someone (at microsoft) might have entered a space (instead of "taking
a break" ;-) i.e. someone entered "SysmonLogManager.Snapin Extension"
instead of "SysmonLogManager.SnapinExtension", which in turn have lead
to the 2 registry keys:
[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]
[HKEY_CLASSES_ROOT\Extension]
instead of just one registry key:
[HKEY_CLASSES_ROOT\SysmonLogManager.SnapinExtension]

======================================================================
My Question(s):
Is my understanding of class registration faulty?
or, if not: Why does adding the Snap-in in MMC not seem to provoke any
error, or is there a more subtle error? (Could it possibly bee that MMC
only reads from the HKEY_CLASSES_ROOT\CLSID\... keypaths, or ...)

Is pain lurking, waiting to be unleashed the day ex. "smlogcfg.dll"
gets updated by "Windows Update"?
======================================================================

Below extract is taken/exported from the Registry using "regedit",
and subsequently formatted to make it more readable (by rearranging
lines & adding indentation).

----------------------------------------------------
\HKEY_CLASSES_ROOT
\SysmonLogManager.PerformanceAbout
@="PerformanceAbout Class"
\CurVer
@="SysmonLogManager.ComponentData.1"
\SysmonLogManager.PerformanceAbout.1
@="PerformanceAbout Class"
\CLSID
@="{7478EF69-8C46-11d1-8D99-00A0C913CAD4}"

\CLSID
\{7478EF69-8C46-11d1-8D99-00A0C913CAD4}
@="PerformanceAbout Class"
\InprocServer32
@="C:\\WINDOWS\\System32\\smlogcfg.dll"
"ThreadingModel"="Apartment"
\ProgID
@="SysmonLogManager.PerformanceAbout.1"
\VersionIndependentProgID
@="SysmonLogManager.PerformanceAbout"
----------------------------------------------------
\HKEY_CLASSES_ROOT
\SysmonLogManager.ComponentData
@="ComponentData Class"
\CurVer
@="SysmonLogManager.ComponentData.1"
\SysmonLogManager.ComponentData.1
@="ComponentData Class"
\CLSID
@="{7478EF61-8C46-11d1-8D99-00A0C913CAD4}"

\CLSID
\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}
@="ComponentData Class"
\InprocServer32
@="C:\\WINDOWS\\System32\\smlogcfg.dll"
"ThreadingModel"="Apartment"
\ProgID
@="SysmonLogManager.ComponentData.1"
\VersionIndependentProgID
@="SysmonLogManager.ComponentData"
----------------------------------------------------
\HKEY_CLASSES_ROOT
\SysmonLogManager.Snapin
\HKEY_CLASSES_ROOT
\Extension
@="ComponentData Class"
\CurVer
@="SysmonLogManager.Snapin Extension.1"
\Extension.1
@="ComponentData Class"
\CLSID
@="{7478EF65-8C46-11d1-8D99-00A0C913CAD4}"

\CLSID
\{7478EF65-8C46-11d1-8D99-00A0C913CAD4}
@="ComponentData Class"
\InprocServer32
@="C:\\WINDOWS\\System32\\smlogcfg.dll"
"ThreadingModel"="Apartment"
\ProgID
@="SysmonLogManager.Snapin Extension.1"
\VersionIndependentProgID
@="SysmonLogManager.Snapin Extension"

 

[forums4answers]

By analysis, using a registry cleaning tool (CCleaner) and subsequently
doing some manual investigation on a WinXPProSP2 and a WinXPHome (both
Danish versions) - I've detected something that does indeed look
like a general mal-registration of the "SysmonLogManager.Snapin
Extension" alias {7478EF65-8C46-11d1-8D99-00A0C913CAD4}, which is part
of "smlogcfg.dll".

"smlogcfg.dll" is the Performance Logs and Alerts Snap-in.
Oddly, - I don't get any error when adding the Snap-in in MMC
(Microsoft Management Console).

If you put a keen eye to the extract (found at the very bottom of this
posting, taken from the registry) focusing on the registration of the
"SysmonLogManager.Snapin Extension" class, - It seems (to me) that
someone (at microsoft) might have entered a space (instead of "taking
a break" ;-) i.e. someone entered "SysmonLogManager.Snapin Extension"
instead of "SysmonLogManager.SnapinExtension", which in turn have lead
to the 2 registry keys:
[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]
[HKEY_CLASSES_ROOT\Extension]
instead of just one registry key:
[HKEY_CLASSES_ROOT\SysmonLogManager.SnapinExtension]

======================================================================
My Question(s):
Is my understanding of class registration faulty?
or, if not: Why does adding the Snap-in in MMC not seem to provoke any
error, or is there a more subtle error? (Could it possibly bee that MMC
only reads from the HKEY_CLASSES_ROOT\CLSID\... keypaths, or ...)

Is pain lurking, waiting to be unleashed the day ex. "smlogcfg.dll"
gets updated by "Windows Update"?
======================================================================

Hi Thomas! (Assuming you are still around here...). What did you ended up doing to resolve this issue?

 

[Anon_F]

Er, your trying to get answers from a thread thats over 5 years old!
Doubt either posters have come back since posting so your wasting your time!!!

Oh and welcome to the forum.