Fortinet white logo
Fortinet white logo

Shutdown Order of Services (Windows)

Shutdown Order of Services (Windows)

When configuring monitors, it is possible for false positives to occur depending upon the order services shutdown. For information on configuring monitors, see Monitor custom scans in the Add or modify a scan section of the Administration Guide.

Shutdown example (Service C is monitored):

  1. Shutdown initiated

  2. Service C stops

  3. Persistent Agent initiates monitor

  4. Service B stops

  5. Monitor completes

  6. Service A stops

  7. Persistent Agent stops

Result: Monitor fails because Service C was not running at the time of the monitor.

Configure the order in which services shutdown

Registry Entry: \HKLM\SYSTEM\CurrentControlSet\Control\PreshutdownOrder

Type: REG_MULTI_SZ

Add BNPagent to the top of the list so the service shuts down early in the process:

BNPagent

DeviceInstall

UsoSvc

gpsvc

trustedinstaller

Alternatively, add in the monitored service towards the bottom of the list:

BNPagent

DeviceInstall

UsoSvc

gpsvc

trustedinstaller

<Monitored Service>

It is recommended to test these settings on a machine first to validate. Once validated, push the registry entries to the Windows machines using a software management program or Group Policy. Note: Once settings are pushed to machines, they may require a reboot in order for the settings to apply.

Shutdown Order of Services (Windows)

Shutdown Order of Services (Windows)

When configuring monitors, it is possible for false positives to occur depending upon the order services shutdown. For information on configuring monitors, see Monitor custom scans in the Add or modify a scan section of the Administration Guide.

Shutdown example (Service C is monitored):

  1. Shutdown initiated

  2. Service C stops

  3. Persistent Agent initiates monitor

  4. Service B stops

  5. Monitor completes

  6. Service A stops

  7. Persistent Agent stops

Result: Monitor fails because Service C was not running at the time of the monitor.

Configure the order in which services shutdown

Registry Entry: \HKLM\SYSTEM\CurrentControlSet\Control\PreshutdownOrder

Type: REG_MULTI_SZ

Add BNPagent to the top of the list so the service shuts down early in the process:

BNPagent

DeviceInstall

UsoSvc

gpsvc

trustedinstaller

Alternatively, add in the monitored service towards the bottom of the list:

BNPagent

DeviceInstall

UsoSvc

gpsvc

trustedinstaller

<Monitored Service>

It is recommended to test these settings on a machine first to validate. Once validated, push the registry entries to the Windows machines using a software management program or Group Policy. Note: Once settings are pushed to machines, they may require a reboot in order for the settings to apply.