Windows 7 Troubleshooting - Known Root Causes

  • Article

[This documentation is preliminary and is subject to change.]

Disclaimer

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.  Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only.  MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.  Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

©2009 Microsoft Corporation.  All rights reserved.

Introduction

Windows Troubleshooting Platform brings a powerful and versatile facility for building diagnostics to solve a variety of computer problems. In fact, Windows 7 is equipped with a number of diagnostics that troubleshoot common PC problems such as printer, display, and audio issues that users may face. For any diagnostics to be effective the root causes must be identified, and carefully chosen data sources are the key to well crafted detection and resolution logics. In essence, the data sources are the means to gathering and modifying system states in order to determine if there is a problem and leading to correcting the problem.

This article shows the root causes for troubleshooters in Windows 7 and the data sources that can be considered for implementing the detection and resolution logic. Readers who are not familiar with Windows 7 Troubleshooting should start with the Windows Troubleshooting Guide and refer to the Windows Troubleshooting Platform for detailed implementation references.

Data source collection guidelines

There is no one set of data source from which to draw information from. At the same time the selection of data sources must be done with careful consideration. The following offers guidelines to consider when determining data sources.

  • Collect all the data that is required to make an accurate assessment of the system within the scope of the troubleshooter. There may be a need to combine data from a wide variety of sources in order to fully detect a particular root cause. However, the focus should be around the goals of the troubleshooter.
  • Choose the simplest and the most focused data source to consume. Testing diagnostics can be a challenging task. Choose the path to implement with the simplest code.
  • Select sources of information that will be available on the widest range of machines. This ensures consistent troubleshooting across a wide coverage.
  • Avoid installing custom tools as much as possible. Custom tools may be necessary but they most often than not lead to added complexity.
  • Consider the following categories of data sources which are listed in the order of most preferred to the least preferred.
    • PowerShell Cmdlets
    • Windows Management Infrastructure (WMI)
    • Registry Keys
    • Windows Events
    • Dispatchable COM Objects & .NET Providers
    • Windows Tools
    • Windows API

Troubleshooting Common Problems

The listing below illustrates the data sources to consider when examining some common PC problems. These are organized by problem categories with each highlighting the primary root causes. A root cause is composed of three stages: detection, resolution, and verification. In most cases, verification can be the same as the detection; meaning to verify what is fixed can be done with the same detection logic. However in some cases verification is not possible. For instance, when troubleshooting audio playback with low volume detection, the end-user can adjust the volume but there’s no way to programmatically determine whether such adjustment can be verified as fixed. This also leads to the discussion on when resolution must be performed by the end-user. For example if a detection of a root cause is video card lacking certain capability, the resolution is for the end-user to install the correct driver or upgrade the video card. Neither of these can be performed automatically. These are marked as “Manual” to indicate the action must be applied by the end-user.

  • Display Aero Desktop Effects
  • Audio Playback and Recording
  • System Maintenance
  • Printer
  • Performance
  • Windows Update
  • Hardware and Devices
  • Devices and Printer
  • Windows Media Player Settings
  • Windows Media Player Library
  • Windows Media Player DVD
  • Power
  • Internet Explorer Performance
  • Internet Explorer Safety

Display Aero Desktop Effects

Desktop Window Manager Session Manager service isn't running

Description

The Desktop Window Manager Session Manager service and the Desktop Window Manager process are used to display Aero desktop effects such as transparency.  The service or process is currently stopped.

Detection
  • Cmdlet: Get-Service(uxsms)

Resolution
  • Cmdlet: Restart-Service(uxsms)

Verification

Same as detection
Transparency is disabled

Description

Transparency must be enabled in order to display transparent window borders.

Detection
  • API: DwmGetColorizationColor

Resolution
  • Registry: HKCU:\Software\microsoft\windows\dwm(ColorizationOpaqueBlend)
  • Cmdlet: Restart-Service(uxsms)

Verification

Same as detection
Mirror drivers don't support Aero effects

Description

A running program uses a mirror driver (a type of display driver) which is not compatible with the Aero desktop experience.

Detection
  • API: EnumDisplayDevices

Resolution

Manual

Verification

Same as detection
Aero effects not supported on this Windows edition

Description

Some Aero features such as transparency are not included on certain Windows editions.

Detection
  • API: SLGetWindowsInformationDWORD

Resolution

Manual

Verification

Same as detection
Video card doesn't support required display settings

Description

Video card doesn't support DirectX 9.0 or higher, Pixel Shader Model 2.0 or higher, or doesn't have sufficient memory or memory bandwidth required to display Aero effects such as transparency.

Detection
  • Tool: WinSAT.exe

Resolution

Manual

Verification

Same as detection
Video card driver doesn't support Aero effects

Description

The current video card driver isn't compatible with the Windows Display Driver Model (WDDM).

Detection
  • Tool: WinSAT.exe

Resolution

Manual

Verification

Same as detection
Color depth is set too low

Description

To render Aero effects, the color depth must be set to 32 bits.

Detection
  • API: GetDeviceCaps

Resolution
  • API: ChangeDisplaySettingsEX

Verification

Same as detection
Themes service isn't running

Description

Starting the Themes service will enable Aero desktop effects such as transparency.

Detection
  • Cmdlet: Get-Service(themes)

Resolution
  • Cmdlet: Restart-Service(themes)

Verification

Same as detection
Current power settings don't support Aero desktop effects

Description

The Power Saver plan helps conserve power, and starts when computer is running on battery power. When running computer on battery power, Windows conserves power by disabling visual effects such as the Aero desktop experience.

Detection
  • Tool: Powercfg.exe
  • API: System.Windows.Form.SystemInformation::PowerStatus.PowerLineStatus

Resolution
  • Tool: Powercfg.exe

Verification

Same as detection
Desktop Window Manager is disabled

Description

The Desktop Window Manager must be enabled in order to display Aero desktop effects such as transparency.

Detection
  • API: DwmlsCompositionEnabled

Resolution
  • Registry: HKCU:\software\microsoft\windows\dwm(Composition, CompositionPolicy)
  • Cmdlet: Restart-Service(uxsms)

Verification

No verification
Transparency is disabled

Description

Transparency must be enabled in order to display transparent window borders.

Detection
  • API: DwmGetColorizationColor

Resolution
  • Registry: HKCU:\software\microsoft\windows\dwm(ColorizationOpaqueBlend)
  • Cmdlet: Restart-Service(uxsms)

Verification

Same as detection
The Windows Experience Index has not been computed

Description

The Windows Experience Index base score measures the capability of computer's hardware and software configuration and is one of many factors that determine whether the Aero desktop effects can run.

Detection
  • Registry: HKLM:\software\microsoft\windows\currentversion\winsat(VideoMemoryBandwidth)

Resolution
  • Tool: WinSAT.exe

Verification

Same as detection

Audio playback and recording

One or more audio service isn't running

Description

Both the Windows Audio and the Windows Audio End Point Builder services must be running for audio to work correctly.  At least one of these services isn't running.

Detection
  • Cmdlet: Get-Service(audiosrv, audioendpointbuilder)

Resolution
  • Cmdlet: Restart-Service(audiosrv, audioendpointbuilder)

Verification

Same as detection
Audio device muted

Description

Audio can't play if the device is muted.

Detection
  • API: IAudioEndpointVolume::GetMute

Resolution
  • API: IAutioEndpointVolume::SetMute

Verification

Same as detection
Low audio device volume

Description

Audio device volume might be too low to hear.

Detection
  • API: IAudioEndpointVolume::GetMasterVolumeLevelScalar

Resolution

Manual

Verification

No verification
The device is unplugged

Description

An audio device must be plugged in to play or record sound.

Detection
  • API: IMMDevice::GetState

Resolution

Manual

Verification

Same as detection
Check audio device

Description

There might be a problem with audio device.

Detection
  • WMI: Win32_SoundDevice

Resolution

Run the device troubleshooter

Verification

No verification

System Maintenance

Broken shortcuts

Description

Broken shortcuts are invalid references to programs and other resources.

Detection
  • WMI: Win32_ShortcutFile

Resolution
  • Cmdlet: Remove-Item

Verification

Same as detection
Disk volume error

Description

Hard disk volumes can contain bad sectors, lost clusters, cross-linked files, and directory errors.  These problems can cause the file system to report incorrect volume details and occupy excessive disk space.

Detection
  • API: DeviceIoControl

Resolution

Manual

Verification

No verification
Error reports are taking up disk space

Description

Error reports and logs are currently taking up [unwanted space]MB of disk space.

Detection
  • Registry:
  • Folder:
  • Folder: %AllUsersProfile%\Microsoft\Windows\WER\ReportQueue

Resolution

Same as detection

Verification

Same as detection
Troubleshooting history is taking up disk space

Description

Troubleshooting history and logs are currently taking up [unwanted space]MB of disk space.

Detection
  • Folder: %localappdata%\diagnostics
  • Folder: %localappdata%\elevateddiagnostics

Resolution

Same as detection

Verification

Same as detection

Printer

Print spooler service isn’t runing

Description

When the Print Spooler service isn't running, you may not be able to install printers, connect to a network printer, or print to a printer.

Detection
  • Cmdlet: Get-Service(spooler)

Resolution
  • Cmdlet: Start-Service(spooler)
  • WMI: Win32_BaseService

Verification

Same as detection
Print spooler service is experiencing problem

Description

Errors in the Print Spooler service might interrupt printing.

Detection
  • Event: Provider(Application Error), Data(spoolsv.exe), Id(1000)
  • Registry: HKLM:\software\policies\microsoft\windows nt\printers(PrintDriverIsolationExecutionPolicy)
  • Registry: HKLM:\software\policies\microsoft\windows nt\printers(PrintDriverIsolationOverrideCompat)

Resolution
  • Registry: HKLM:\software\policies\microsoft\windows nt\printers(PrintDriverIsolationExecutionPolicy)
  • Registry: HKLM:\software\policies\microsoft\windows nt\printers(PrintDriverIsolationOverrideCompat)
  • API: RefreshPolicy

Verification

Same as detection
No physical printer is installed

Description

A physical or network printer needs to be installed.

Detection
  • WMI: Win32_Printer

Resolution
  • Tool: Rundll32(printui.dll)

Verification

Same as detection
The printer selected is not the default printer

Description

Applications may not be printing to the selected printer because it is not the default printer.

Detection
  • WMI: Win32_Printer

Resolution
  • WMI: Win32_Printer

Verification

Same as detection
The printer cannot be contacted over the network

Description

Network problems might be preventing the printer from printing.

Detection
  • WMI: Win32_TCPIPPrinterPort
  • API: System.Net.NetworkInformation.Ping.Send
  • API: System.Net.Sockets.TcpClient.Connect

Resolution

Run the network troubleshooter

Verification

Same as detection
Printer is turned off

Description

The printer needs to be turned on in order to print.

Detection
  • API: OpenPrinter, GetPrinter, CloserPrinter

Resolution

Manual

Verification

No verification
Printer toner is low or empty

Description

When the printer toner is low or empty, documents might appear faint or not print at all.

Detection
  • API: OpenPrinter, GetPrinter, CloserPrinter

Resolution

Manual

Verification

No verification
Printer has a paper jam

Description

A paper jam is preventing the printer from operating normally.

Detection
  • API: OpenPrinter, GetPrinter, CloserPrinter

Resolution

Manual

Verification

No verification
Printer paper is low or empty

Description

When the printer paper is low or empty, you might not be able to print.

Detection
  • API: OpenPrinter, GetPrinter, CloserPrinter

Resolution

Manual

Verification

No verification
A print job in the print queue is preventing other print jobs from printing

Description

When a print job is caught in the print queue, newly submitted printing jobs can't be completed properly.

Detection
  • API: OpenPrinter, EnumJobs, CloserPrinter

Resolution
  • API: OpenPrinter, EnumJobs, SetJob, ClosePrinter
  • Cmdlet: Restart-Service(spooler)
  • Cmdlet: Start-Service(Fax)
  • Cmdlet: Remove-Item(*.sql, *.shd)
  • WMI: Win32_Printer

Verification

Same as detection
Printer is not shared with homegroup

Description

If a printer isn't shared on the homegroup, other computers might not be able to use the printer.

Detection
  • Registry: HKLM:\system\currentcontrolset\services\homegroupprovider\servicedata:PeerGroupName
  • WMI: Win32_Printer

Resolution
  • API: OpenPrinter, GetPrinter, SetPrinter, CloserPrinter

Verification

Same as detection
Plug and play printer has encountered a driver problem

Description

Errors with a printer driver may prevent the printer from printing.

Detection
  • WMI: Win32_PnpEntity

Resolution

Run hardware and devices troubleshooter

Verification

Same as detection

Performance

Power plan is set to power saver

Description

The Power saver plan uses the least amount of power but can also reduce performance.

Detection
  • Registry: HKLM:\software\microsoft\windows\currentversion\explorer\controlpanel\namespace\{025A5937-A6BE-4686-A844-36FE4BEC8B6D}(PreferredPlan)
  • API: PowerGetActiveScheme
  • API: PowerReadAcValueIndex
  • API: PowerReadDcValueIndex

Resolution
  • API: PowerSetActiveScheme

Verification

Same as detection
More than one user logged on to this computer

Description

When multiple users are logged on to the computer at the same time, additional computer resources might be used which can reduce performance.

Detection
  • API: WTSQuerySessionInformation
  • API: WTSEnumerateSessions
  • API: WTSFreeMemory

Resolution
  • API: WTSQuerySessionInformation
  • API: WTSEnumerateSessions
  • API: WTSFreeMemory
  • API: WTSLogoffSession
  • API: System.Security.Principal.WindowsIdentity.GetCurrent

Verification

Same as detection
Some devices are running in PIO mode

Description

PIO (Programmed Input/Output) is a hardware mode that is slower than DMA (Direct Memory Access) mode. Turning DMA on can help improve performance.

Detection
  • Registry: HKLM:\system\currentcontrolset\enum\pcide\idechannel\*\deviceparameters\target0(UserTimingModeAllowed)

Resolution
  • Registry: HKLM:\system\currentcontrolset\enum\pcide\idechannel\*\deviceparameters\target0(UserTimingModeAllowed)
  • API: CM_Locate_DevNode
  • API: CM_Reenumerate_DevNode

Verification

Same as detection
Multiple antivirus programs are running

Description

When more than one antivirus program is running at the same time, conflicts might occur that can reduce performance.

Detection
  • WMI: AntiVirusProduct

Resolution

Manual

Verification

Same as detection
Several programs are running at startup

Description

Multiple programs are starting when Windows starts, which can reduce performance.

Detection
  • Registry: HKLM:\software\microsoft\windows\currentversion\run
  • Registry: HKCU:\software\microsoft\windows\currentversion\run
  • Registry: HKLM:\software\wow6432node\microsoft\windows\currentversion\run
  • Registry: HKCU:\software\wow6432node\microsoft\windows\currentversion\run
  • Folder: %userprofile%\appdata\roaming\microsoft\windows\startmenu\programs\startup
  • Folder: %userprofile%\appdata\local\microsoft\windows\startmenu\programs\startup
  • Folder: %userprofile%\programdata\microsoft\windows\startmenu\programs\startup

Resolution

Same data source as detection

Verification

Same as detection
SuperFetch is not running

Description

When SuperFetch is not running, Windows can take longer to start programs that you commonly open.

Detection
  • Cmdlet: Get-Service(sysmain)

Resolution
  • Cmdlet: Start-Service(sysmain)
  • WMI: Win32_baseService

Verification

Same as detection
Visual effects might be affecting performance

Description

Your computer might not have enough system resources to run several programs at once and also run advanced visual effects like transparency. 

Detection
  • Registry: HKCU:\software\microsoft\windows\currentversion\explorer\visualeffects(VisualFxSetting)

Resolution
  • Tool: SystemPropertiesPerformance.exe

Verification

Same as detection

Windows Update

Searching for updates failed

Description

Windows Update encountered an error searching for updates online.

Detection
  • API: Microsoft.Update.Session.CreateUpdateSearcher.Search

Resolution

Run the network troubleshooter

Verification

No verification

Hardware and Devices

Device is disabled

Description

[Name of the device] is currently turned off in Windows.

Detection
  • WMI: Win32_PnpEntity(ConfigManagerErrorCode)

Resolution
  • API: SetupDiOpenDeviceInfo
  • API: SetupDiCreateDeviceInfoList
  • API: SetupDiDestroyDeviceInfoList
  • API: SetupDiSetClassInstallParams
  • API: SetupDiCallClassInstaller

Verification

Same as detection
Device has a driver problem

Description

There is a problem with the driver for [the device name]. The driver needs to be reinstalled.

Detection
  • WMI: Win32_PnpEntity(ConfigManagerErrorCode)

Resolution
  • API: SetupDiGetDeviceProperty
  • API: SetupDiSetDeviceProperty
  • API: CM_Locate_DevNode_Ex
  • API: CM_Reenumerate_DevNode_Ex
  • API: CMP_WaitNoPendingInstallEvents

Verification

Same as detection
Device doesn't have a driver

Description

There is no driver installed for [the device name]

Detection
  • WMI: Win32_PnpEntity(ConfigManagerErrorCode)
  • API: SetupDiGetDeviceProperty
  • API: SetupDiOpenDeviceInfo
  • API: SetupDiCreateDeviceInfoList
  • API: SetupDiDestroyDeviceInfoList

Resolution
  • API: SetupDiGetDeviceProperty
  • API: SetupDiSetDeviceProperty
  • API: SetupDiOpenDeviceInfo
  • API: SetupDiCreateDeviceInfoList
  • API: SetupDiDestroyDeviceInfoList
  • API: CM_Locate_DevNode_Ex
  • API: CM_Reenumerate_DevNode_Ex
  • API: CMP_WaitNoPendingInstallEvents

Verification

Same as detection
Device is not working properly

Description

Windows has detected a problem with [the device name]

Detection
  • WMI: Win32_PnpEntity(ConfigManagerErrorCode)

Resolution

Manual

Verification

Same as detection
Scan for recent hardware changes

Description

Scanning might find new devices attached to your computer and install them.

Detection

No detection

Resolution
  • API: CM_Locate_DevNode_Ex
  • API: CM_Reenumerate_DevNode_Ex
  • API: CMP_WaitNoPendingInstallEvents

Verification

No verification
Windows Update configured to never install drivers

Description

Driver updates aren't automatically installed when detected by Windows Update.

Detection
  • Registry: HKLM:\software\policies\microsoft\windows\driversearching
  • Registry: HKLM:\software\microsoft\windows\currentversion\driversearching

Resolution
  • Tool: Rundll32.exe(newdev.dll, deviceinternetsettingui)

Verification

Same as detection

Devices and Printer

Problem with printer

Description

There might be problems with [the printer name]. Windows will take additional steps to further troubleshoot.

Detection
  • API: IFunctionDiscovery
  • API: IFunctionInstanceCollection
  • API: IServiceProvider
  • API: IFunctionInstance
  • API: IPropertyStore

Resolution

Run the printer troubleshooter

Verification

No verification
Problem with PnP devices

Description

There are problems with some PnP devices. Windows will take additional steps to further troubleshoot these devices.

Detection
  • API: IFunctionDiscovery
  • API: IFunctionInstanceCollection
  • API: IServiceProvider
  • API: IFunctionInstance
  • API: IPropertyStore

Resolution

Run the device troubleshooter

Verification

No verification

Windows Media Player Settings

Default Windows Media Player settings may need to be restored

Description

Configuration settings might be set incorrectly.

Detection

No detection

Resolution
  • Registry: HKCU:\software\microsoft\mediaplayer\preferences

Verification

No verification
Settings for network streaming are corrupted

Description

The settings used by Windows Media Player for streaming media over the network are corrupted.  This might prevent you from playing content that is streamed, as opposed to content that is fully downloaded before being played.

Detection
  • File: $localdatapath\microsoft\windowsmedia\$wmpversion\wmsdkns.xml

Resolution
  • File: $localdatapath\microsoft\windowsmedia\$wmpversion\wmsdkns.xml

Verification

No verification
Windows Media Player unavailable on this Windows Edition

Description

Windows Media Player isn't pre-installed on certain Windows Editions.

Detection
  • Registry: HKLM:\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}(IsInstalled)

Resolution

Manual

Verification

No verification

Windows Media Player Library

Media library is corrupted

Description

The media library used by Windows Media Player is corrupted.  This might affect your ability to browse and search for media files on your computer.

Detection

No detection

Resolution
  • Folder: $localdatapath\microsoft\media player\

Verification

No verification
Windows Media Player unavailable on this Windows Edition

Description

Windows Media Player isn't pre-installed on certain Windows Editions.

Detection
  • Registry: HKLM:\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}(IsInstalled)

Resolution

Manual

Verification

No verification

Windows Media Player DVD

No DVD playback device detected or missing driver

Description

No DVD playback device was detected on your computer.

Detection
  • WMI: Win32_CDRomDrive

Resolution
  • API: CM_Locate_DevNode_Ex
  • API: CM_Reenumerate_DevNode_Ex
  • API: CMP_WaitNoPendingInstallEvents

Verification

Same as detection
DVD decoder not detected

Description

Windows Media Player requires a DVD decoder to play DVD media.  No DVD decoder was detected on your computer.

Detection
  • Registry: HKLM:\software\microsoft\windows\currentversion\media center\decoder\preferredmpeg2videodecoderclsid
  • Registry: HKLM:\software\microsoft\windows\currentversion\media center\decoder\preferredmpeg2audiodecoderclsid

Resolution

Manual

Verification

No verification
The DVD playback device is not working properly

Description

There are problems with the DVD playback device. Windows will take additional steps to further troubleshoot it.

Detection
  • WMI: Win32_CDRomDrive

Resolution

Run printer troubleshooter

Verification

No verification
Windows Media Player unavailable on this Windows Edition

Description

Windows Media Player isn't pre-installed on certain Windows Editions.

Detection
  • Registry: HKLM:\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}(IsInstalled)

Resolution

Manual

Verification

No verification

Power

An enabled screensaver prevents the display from going to sleep, increasing power consumption

Description

Using a screen saver instead of having the display go to sleep uses more power.

Detection
  • API: SystemParametersInfo(SPI_SETSCREENSAVEACTIVE)

Resolution
  • API: SystemParametersInfo(SPI_SETSCREENSAVEACTIVE)

Verification

Same as detection
Power scheme is currently set to high performance

Description

The period of time before your computer enters sleep mode is longer than the default setting, and might affect power usage. Setting power to Balanced will allow your computer to enter sleep mode and prolong battery life.

Detection
  • Registry: HKLM:\software\microsoft\windows\currentversion\explorer\controlpanel\nameSpace\{025A5937-A6BE-4686-A844-36FE4BEC8B6D}(PreferredPlan)
  • API: PowerGetActiveScheme
  • API: PowerReadAcValueIndex
  • API: PowerReadDcValueIndex

Resolution
  • API: PowerSetActiveScheme
  • API: PowerWriteAcValueIndex
  • API: PowerWriteDcValueIndex

Verification

Same as detection

Note: The set of data sources listed below can all be considered for implementing the following power troubleshooting root causes.

USB Selective Suspend is disabled, causing inefficient power consumption
Shorten the length of time before Windows turns off disk
Shorten the length of time before Windows enters sleep mode
Wireless adapter settings are not configured for power efficiency
Lowering laptop screen brightness will help prolong battery life
Minimum processor state is inefficient
Shorten the length of time before Windows turns off the display
Reduce the dim display idle time-out setting

Detection
  • API: PowerGetActiveScheme
  • API: PowerReadAcValueIndex
  • API: PowerReadDcValueIndex

Resolution
  • API: PowerWriteAcValueIndex
  • API: PowerWriteDcValueIndex
  • API: PowerSetActiveScheme

Verification

Same as detection

Internet Explorer Performance

Add-ons are causing Internet Explorer to stop responding

Description

One or more problematic add-ons were detected. These add-ons might be causing Internet Explorer to stop responding.

Detection
  • Registry: HKLM:\software\microsoft\internet explorer\toolbar\
  • Registry: HKLM:\software\microsoft\internet explorer\explorer bars\
  • Registry: HKLM:\software\microsoft\windows\currentversion\explorer\browser helper objects\
  • Registry: HKLM:\software\microsoft\internet explorer\extensions\
  • Registry: HKLM:\software\microsoft\code store database\distribution units\
  • Event: Application\Application Error\iexplore.exe

Resolution
  • Registry: HKLM:\software\microsoft\ windows\currentversion\ext\settings(add-on CLSID)

Verification

Same as detection
Caching policy setting for temporary Internet files isn't optimized

Description

Storing temporary Internet files can help speed up browsing when you return to websites that you visit often. If they are not saved, or deleted frequently, browsing might seem slow.

Detection
  • Registry: HKCU:\software\microsoft\windows\currentversion\internet settings\syncmode5

Resolution
  • Registry: HKCU:\software\microsoft\windows\currentversion\internet settings\syncmode5

Verification

Same as detection
Disk space allowed for temporary Internet files isn't optimized

Description

The current disk space allocated for the temporary Internet file cache is too large or too small.  This can reduce Internet Explorer performance.

Detection
  • Registry: HKCU:\software\microsoft\windows\currentversion\internet settings\5.0\cache\content\cachelimit

Resolution
  • Registry: HKCU:\software\microsoft\windows\currentversion\internet settings\5.0\cache\content\cachelimit

Verification

Same as detection
Setting the number of concurrent server connections too low or too high may cause Internet Explorer performance problems

Description

The number of concurrent or simultaneous connections that Internet Explorer can maintain to a single website or server has changed. Using the default setting might help improve performance.

Detection
  • Registry: HKCU:\software\microsoft\windows\currentversion\internet settings(MaxConnectionsPerServer, MaxConnectionPer1_0Server)

Resolution
  • Registry: HKCU:\software\microsoft\windows\currentversion\internet settings(MaxConnectionsPerServer, MaxConnectionPer1_0Server)

Verification

Same as detection
Add-ons may slow down Internet Explorer startup and tab creation

Description

One or more add-ons were detected. These add-ons might slow down Internet Explorer startup and tab creation.

Detection
  • Registry: HKCU:\software\microsoft\windows\currentversion\ext\stats\iexplore(LoadingTime)

Resolution
  • Registry: HKCU:\software\microsoft\windows\currentversion\ext\settings\(add-on CLSID)(Flags, Version)

Verification

Same as detection

Internet Explorer Safety

SmartScreen filter is turned off

Description

This setting checks for suspicious websites and can help make browsing the web safer.

Detection
  • Registry: HKCU:\software\microsoft\internet explorer\phishingfilter(EnabledV8)

Resolution
  • Registry: HKCU:\software\microsoft\internet explorer\phishingfilter(EnabledV8)

Verification

Same as detection
Popup blocker is turned off

Description

A pop-up is a small web browser window that appears on top of the website you're viewing. Pop-up windows often open as soon as you visit a website and are usually created by advertisers. Pop-up Blocker lets you limit or block most pop-ups.

Detection
  • Registry: HKCU:\software\microsoft\internet explorer\new windows(PopupMgr)

Resolution
  • Registry: HKCU:\software\microsoft\internet explorer\new windows(PopupMgr)
  • Registry: HKCU:\software\microsoft\internet explorer\new windows\allow

Verification

Same as detection
Internet Explorer default security settings have been modified

Description

Some Internet Explorer security settings have been changed from the default settings. This might reduce overall security.

Detection
  • API: IInternetZoneManagerEx2
  • API: IInternetZoneManagerEx2::GetZoneAttributesEx

Resolution
  • API: IInternetZoneManager::SetZoneAttributes

Verification

Same as detection