3 Replies Latest reply on Oct 6, 2011 11:27 AM by smittman

    Amtmon.exe causing long boot delays by creating large registry hive.

    smittman Apprentice

      Hope this helps someone, and maybe we can find a solid resolution.

      We are experiencing long boot ups on several HP Workstations that seems to be getting worse.  At first we thought it was a single model of pc, but then it started to 'spread'.  They would get the Windows XP Splash screen then go black and just sit there.  Some machines would bootup in 10 minutes, while others would take hours.  We found that we could restore to a eariler restore point, but after a week, or so, it would just come back.  Removing McAfee, LanDesk, and everything else we could find didn't help.  We used multiple tools to try and 'clean' the machines thinking it was a virus, and our McAfee just wasn't picking it up.

       

      After looking into it further I determined that the .Default registry hive was huge.  The "C:\Windows\System32\Config\Default" file was over a GB on the machines that took the longest to boot.  On a good machine it was under a MB.  After finally getting a problem pc to boot we looked into the "HKU\.Default" registry hive and found the "HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\" had a key under it called "Digest".  When we clicked on it it took the same amount of time to open as the pc did to boot up.  We then deleted it (taking again, the same amount of time), and then it booted right up, without delay.  After coming back up we noticed the key is being written back out.  This key does not exist on a machine that does not have the problem.

       

      Using PROCMON.EXE we found that this key was being written by the AMTMON.EXE.  When we disabled the LanDesk Out-of-Band Monitor Service it resolved the issue.

       

      My question to anyone:  Why is AMTMON writting this registry entry, and how do I fix it for good?  I am afraid that what I have done it only temporary, until I redeply the agent, or even update it.