CCleaner auto-edits Windows Registry

Page 1 of 2 12 LastLast

  1. Posts : 31
    W10 LTSC 2021
       #1

    CCleaner auto-edits Windows Registry


    I created a .reg file to disable all the CCleaner bloatware. The problem is that the software is able to auto-edit the registry back to its original values after a while, even if I blocked it from accessing the internet in Windows Firewall. How is it possible?
      My Computer


  2. Posts : 5,452
    Windows 11 Home
       #2

    A lot of software does that to protect its "features", including Windows. You have various options:

    1. Do not run CCleaner realtime, use a script (bat) to open it, perform a cleanup, close it and apply tweaks.
    2. Take permissions of those reg entries and prevent them from being modified, but CCleaner might freeze.
    3. Use something else.
      My Computer


  3. Posts : 6,842
    22H2 64 Bit Pro
       #3

    It does the same for me. Especially when I switch to/ from remote sever connection or other connections.

    I just run a script before using it in such cases.

    CCleaner auto-edits Windows Registry-run-scripts-ultra-virus-killer.jpg
      My Computer


  4. Posts : 6,842
    22H2 64 Bit Pro
       #4

    Or else go back to an earlier version pre 5.72 and disable updates then keep rules updated via winapp2ool.
      My Computer


  5. Posts : 1,255
    Windows 10 Pro
       #5

    Restricting CCleaner's access to the Internet has nothing to do with it's ability to modify it's own registry entries. CCleaner has almost unlimited access to the registry and can add, delete, or modify any registry entry belonging to any application, including of course it's own. Any application running under an elevated admin account can do this. The only way to prevent it changing it's own settings is to modify the registry key that contains these settings. That may have undesired implications for the programs functionality. And of course you would not be able to change these settings yourself. There are no security settings on individual entries, only on registry keys. And if the developers chose to do so they could revert any security settings you might change.
    Last edited by LMiller7; 28 Feb 2021 at 09:46.
      My Computer


  6. Posts : 6,842
    22H2 64 Bit Pro
       #6

    FYI:
    Ccleaner launched via shortcut:

    [Process Creation]

    02/28/2021 13:35:00
    Process: [7696] C:\Program Files\CCleaner\CCleaner64.exe
    Username/Domain: Chris/DESKTOP-F5E4G6R
    CommandLine: "C:\Program Files\CCleaner\CCleaner64.exe"
    MD5 Hash: C9BE8F1BF9690CE30B609858601A3EF3
    Bitness: 64-bit
    Publisher: Piriform Software Ltd
    Description: CCleaner
    Version: 5.73.0.8130
    Integrity Level: Medium
    Signer: Piriform Software Ltd
    System File: False
    Protected Process: False
    Metro Process: False
    Parent: [3168] C:\Windows\explorer.exe
    Parent CommandLine: C:\Windows\Explorer.EXE
    Parent Integrity: Medium
    Parent Signer: Microsoft Windows
    Parent System File: True
    Parent Protected Process: False
    Parent Metro Process: False


    [Process Creation]

    02/28/2021 13:35:02
    Process: [2680] C:\Program Files\CCleaner\CCleaner.exe
    Username/Domain: Chris/DESKTOP-F5E4G6R
    MD5 Hash: E66875F3DA6996126360240F0BD38C79
    Bitness: 32-bit
    Publisher: Piriform Software Ltd
    Description: CCleaner
    Version: 5.73.0.8130
    Integrity Level: High
    Signer: Piriform Software Ltd
    System File: False
    Protected Process: False
    Metro Process: False
    Parent: [1796] C:\Windows\System32\svchost.exe
    Parent CommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

    Parent Integrity: System
    Parent Signer: Microsoft Windows Publisher
    Parent System File: True
    Parent Protected Process: False
    Parent Metro Process: False


    [Process Creation]

    02/28/2021 13:35:02
    Process: [184] C:\Program Files\CCleaner\CCleaner64.exe
    Username/Domain: Chris/DESKTOP-F5E4G6R
    CommandLine: "C:\Program Files\CCleaner\CCleaner.exe" /uac
    MD5 Hash: C9BE8F1BF9690CE30B609858601A3EF3
    Bitness: 64-bit
    Publisher: Piriform Software Ltd
    Description: CCleaner
    Version: 5.73.0.8130
    Integrity Level: High
    Signer: Piriform Software Ltd
    System File: False
    Protected Process: False
    Metro Process: False


    [Process Creation]

    02/28/2021 13:35:06
    Process: [1576] C:\Windows\System32\wbem\WmiPrvSE.exe
    Username/Domain: NETWORK SERVICE/NT AUTHORITY
    CommandLine: C:\Windows\system32\wbem\wmiprvse.exe

    MD5 Hash: 801E8003C257C8F540B20F1E0DECD3A6
    Bitness: 64-bit
    Publisher: Microsoft Corporation
    Description: WMI Provider Host
    Version: 6.2.18362.1
    Integrity Level: System
    System File: True
    Protected Process: False
    Metro Process: False
    Parent: [448] C:\Windows\System32\svchost.exe
    Parent CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p
    Parent Integrity: System
    Parent Signer: Microsoft Windows Publisher
    Parent System File: True
    Parent Protected Process: False
    Parent Metro Process: False


    Ccleaner launched via script:

    [Process Creation]

    02/28/2021 13:35:24
    Process: [4840] C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
    Username/Domain: Chris/DESKTOP-F5E4G6R
    CommandLine: "C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe" -readfile "C:\Users\Chris\Desktop\Ccleaner.uvk"
    MD5 Hash: 1E88D67D028D5FFF7F0F599E2E5296F9
    Bitness: 32-bit
    Publisher: Carifred.com
    Description: Ultra Virus Killer
    Version: 10.15.1.0
    Integrity Level: Medium
    Signer: Da Silva Alfrédo
    System File: False
    Protected Process: False
    Metro Process: False
    Parent: [3168] C:\Windows\explorer.exe
    Parent CommandLine: C:\Windows\Explorer.EXE
    Parent Integrity: Medium
    Parent Signer: Microsoft Windows
    Parent System File: True
    Parent Protected Process: False
    Parent Metro Process: False


    [Process Creation]

    02/28/2021 13:35:24
    Process: [6460] C:\Windows\System32\consent.exe
    Username/Domain: SYSTEM/NT AUTHORITY
    CommandLine: consent.exe 6772 534 0000020CFB4A01A0
    MD5 Hash: EE2A1C85C472F89B146CC8EE598CCCBC
    Bitness: 64-bit
    Publisher: Microsoft Corporation
    Description: Consent UI for administrative applications
    Version: 6.2.18362.1
    Integrity Level: System
    Signer: Microsoft Windows
    System File: True
    Protected Process: False
    Metro Process: False
    Parent: [6772] C:\Windows\System32\svchost.exe
    Parent CommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
    Parent Integrity: System
    Parent Signer: Microsoft Windows Publisher
    Parent System File: True
    Parent Protected Process: False
    Parent Metro Process: False


    [Process Creation]

    02/28/2021 13:35:28
    Process: [5980] C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
    Username/Domain: Chris/DESKTOP-F5E4G6R
    CommandLine: "C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe" -readfile "C:\Users\Chris\Desktop\Ccleaner.uvk"
    MD5 Hash: 1E88D67D028D5FFF7F0F599E2E5296F9
    Bitness: 32-bit
    Publisher: Carifred.com
    Description: Ultra Virus Killer
    Version: 10.15.1.0
    Integrity Level: High
    Signer: Da Silva Alfrédo
    System File: False
    Protected Process: False
    Metro Process: False
    Parent: [3168] C:\Windows\explorer.exe
    Parent CommandLine: C:\Windows\Explorer.EXE
    Parent Integrity: Medium
    Parent Signer: Microsoft Windows
    Parent System File: True
    Parent Protected Process: False
    Parent Metro Process: False


    [Process Creation]

    02/28/2021 13:35:28
    Process: [1132] C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
    Username/Domain: Chris/DESKTOP-F5E4G6R
    CommandLine: "C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe" -readfile "C:\Users\Chris\Desktop\Ccleaner.uvk"
    MD5 Hash: 65F994C528418B97AEC772EE2441DEB2
    Bitness: 64-bit
    Publisher: Carifred.com
    Description: Ultra Virus Killer
    Version: 10.15.1.0
    Integrity Level: High
    Signer: Da Silva Alfrédo
    System File: False
    Protected Process: False
    Metro Process: False
    Parent: [5980] C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
    Parent CommandLine: "C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe" -readfile "C:\Users\Chris\Desktop\Ccleaner.uvk"
    Parent Integrity: High
    Parent Signer: Da Silva Alfrédo
    Parent System File: False
    Parent Protected Process: False
    Parent Metro Process: False


    [Process Creation]

    02/28/2021 13:35:36
    Process: [6540] C:\Program Files\CCleaner\CCleaner64.exe
    Username/Domain: Chris/DESKTOP-F5E4G6R
    CommandLine: "C:\Program Files\CCleaner\CCleaner64.exe"
    MD5 Hash: C9BE8F1BF9690CE30B609858601A3EF3
    Bitness: 64-bit
    Publisher: Piriform Software Ltd
    Description: CCleaner
    Version: 5.73.0.8130
    Integrity Level: High
    Signer: Piriform Software Ltd
    System File: False
    Protected Process: False
    Metro Process: False
    Parent: [1132] C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
    Parent CommandLine: "C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe" -readfile "C:\Users\Chris\Desktop\Ccleaner.uvk"
    Parent Integrity: High
    Parent Signer: Da Silva Alfrédo
    Parent System File: False
    Parent Protected Process: False
    Parent Metro Process: False


    So as far as I can work out a connection check does not run if using the script. Somehow if the connection check runs even if ccleaner is blocked via firewall then it reverts settings.
      My Computer


  7. Posts : 93
    Windows 10 pro 64 Bit Version 21H1 (OS Build 19043.844)
       #7

    A suggestion only, being that I have used Ccleaner for years (I don't use any cleaning software anymore), and a lot of other Cleaners, defraggers etc, DONT use Ccleaner on an SSD, if you have a HDD that's ok. The SSD Trim feature does it for you and using cleaners or defraggers on an SSD ruins its lifetime.
      My Computer


  8. Posts : 7,254
    Windows 10 Pro 64-bit
       #8

    Callender said:
    Or else go back to an earlier version pre 5.72 and disable updates then keep rules updated via winapp2ool.
    Going back to an earlier is never really an option as you run all sorts of risks. I better option, if you're concerned, would be to use Wise Disk Cleaner.
      My Computers


  9. Posts : 23,229
    Win 10 Home ♦♦♦19045.4291 (x64) [22H2]
       #9

    Bersekz said:
    I created a .reg file to disable all the CCleaner bloatware. The problem is that the software is able to auto-edit the registry back to its original values after a while, even if I blocked it from accessing the internet in Windows Firewall. How is it possible?


    My low-tech solution is to block ALL CCleaner executables that try to access the internet. And in the CCleaner preferences, I disable CCleaner updates and real time monitoring.
    I always run CCleaner manually and ONLY run CCleaner's Custom Clean and Registry tools.

    Version 5.74.8198 (free)



    I use Bitdefender Internet Security 2020...

    CCleaner auto-edits Windows Registry-image1.png
      My Computer


  10. Posts : 31
    W10 LTSC 2021
    Thread Starter
       #10

    Thanks to everyone who contributed to this thread, I've learned some new things. Yet, I think I'll stick to manually apply the registry edit for those few times I decide to clean up my system.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:28.
Find Us




Windows 10 Forums