On Tue, Aug 18, 2009 at 10:11 AM, James Rankin<[email protected]> wrote: > ... the first thing it does is call the main executable with the /regserver > switch.
Well, technically, only they know what that switch does, since it's their executable, and they could be doing whatever they want. But most likely, it tells the executable to self-register, as others have said. Registration should only need to be done at install, but it's a common tactic to attempt to re-register at every run, in an attempt to compensate for registry rot (which is still depressingly common). Worse still, many clueless programmers abort the task if re-registration fails due to permissions, thus introducing a stupid LUA bug. Get LUA Bug Light and see if you can grant permissions to the registry keys it needs to write to. (Be careful; don't just grant permission to everything, or you're defeating the purpose of not running as admin.) LUA Bug Light is *hugely* better for this than Process Monitor. PM is generic, which is very useful, but requires much interpretation on your part. LUA Bug Light does most of the analysis for you. http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
