Windows 10 Home resets some registry settings on reboot


For firewall purposes I made a copy of svchost.exe called mysvchost.exe and made some services run on mysvchost.exe by editing their ImagePath in the registry (under HKLM\SYSTEM\CurrentControlSet\Services). However, on reboot I noticed that the settings have reverted back to the old svchost.exe. How do I make the changed ImagePath stick through the reboot?


Posted 2020-01-09T00:29:09.330

Reputation: 11

I expect (not totally certain) that this program is being replaced by the valid copy in WinSXS. I don't think you can solve your problem this way. If you could, any virus writer could do the same thing and screw up your system (and everyone else's) – John – 2020-01-09T00:59:22.003

I am not sure what you mean. I am replacing svchost.exe in System32 by its exact copy (and not even replacing, just keeping the copy under the name mysvchost alongside it). I don't see svchost in WinSXS. Regarding the viruses, Windows can just check that mysvchost has exactly the same hash as the original svchost and is digitally signed by Microsoft. – teagut – 2020-01-09T01:06:04.617

I found a bunch of svchost.exe files in WinSXS (by processor model). I am not sure how else Windows would have replaced it (and it apparently did) – John – 2020-01-09T01:10:14.543

Ok, yes, you're right, there are svchost files in WinSXS. But it doesn't have anything to do with my question. My svchost wasn't replaced because I never deleted it in the first place. It's still sitting where it's always been, in system32. Also my copy of it, mysvchost.exe is still there as well, not deleted by Windows Defender or whatever. The only thing I changed was ImagePath in the registry for some services and those registry edits got reverted by Windows. – teagut – 2020-01-09T01:17:21.777

No answers