"dozens of cmd.exe, conhost.exe, and reg,exe processes running"
are you sure the systems are not infected?
or is this from your patch management tool?
Windows 10 PCs - Application installs and uninstalls failing without recent reboot
Hello,
For several months I have seen the following issue on multiple PCs in our environment:
- Patches and application updates will not run. We use a third party patching tool, and it will report patches as failing. But if we try to run a patch or update manually, the installer prompt will briefly flash and then disappear. For example, trying to update Chrome using an msi file, the installer will flash briefly then disappear and never actually run.
- Uninstalling applications from Control Panel > Programs and Features > select application > prompt confirming uninstall > select Yes > flashes and stops > program does not uninstall.
This issue only occurs when a PC has not been rebooted for a while, e.g., at least a week. PCs that have been rebooted recently do not have this issue, and rebooting a PC that is currently having the issue will resolve it and allow installs/uninstalls after the reboot.
I noticed that there are dozens of cmd.exe, conhost.exe, and reg,exe processes running on the PCs after they have been on for a while, and if I start ending some of those processes, eventually the application install or uninstall will work without a reboot. Sometimes killing a few of the reg.exe processes resolves it, sometimes killing a few of the cmd.exe processes resolves.
For the Chrome example: the Event Viewer logs under Application show "Beginning Windows Installer transaction", "Ending a Windows Installer transaction", and "Product: Google Chrome -- Installation failed" all at the exact same time.
3 answers
Sort by: Most helpful
-
EckiS 916 Reputation points
2022-12-01T11:40:49.433+00:00 -
JAM_MS 1 Reputation point
2022-12-01T21:44:39.997+00:00 "are you sure the systems are not infected?
or is this from your patch management tool?"I'm fairly confident they're not infected. And I don't believe the processes are from our patch management tool. I have a feeling it's from a GPO, but I don't have much experience with GPOs or manage our GPO's. The processes seem to build up over time, e.g., after a reboot there is one cmd, one reg, and a few conhost processes but after half a day that increases to 9 cmd, 9 reg, and about 16 conhost processes.
-
Limitless Technology 44,496 Reputation points
2022-12-02T10:05:47.913+00:00 Hello there,
The first suggestion would be to run a deep scan and check the dozen of processes if they are legit.
You can also find the root cause of this behavior by using Windows tools. Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. You can get the tool from here https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. You can get the tool from here https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
----------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–