registry windows-update file-monitoring file-in-use

Detect Windows Automatic Updates

I have software that replaces core OS files. Problem is that Microsoft updates replace those files, rendering the program inoperative. How can I detect file replacement at boot time, due to automatic updates?

My idea is a registry watch on some key, what key? Any other ideas?

Solution

Boot-time file replacements are done by smss.exe by referring PendingFileRenameOperations value under HKLM\SYSTEM\CurrentControlSet\Control\Session Manager key. Also, AllowProtectedRenames should be set to 1 if files that are protected by Windows File Protection are going to be moved/deleted. Few resources that might be helpful:
http://msdn.microsoft.com/en-us/library/aa365240.aspx
http://www.techbytes.ca/techbyte101.html

Remove-ItemProperty does not seem to work with -LiteralPath
How can I write the LanguageID into the Registry in Inno Setup?
Can't call a Powershell script through the registry properly. A positional parameter cannot be found that accepts argument '$null'
Applying changes in HKCU\Control Panel\Colors immediately
Read source path from a registry on compile time in Inno Setup
Remove the "Include in library" item from the menu that returns IContextMenu::QueryContextMenu
What's the correct way to redirect registry access when using NtOpenKey?
Find Registry key name based on a value? PowerShell
Get self-contained EXE's path?
Writing Windows registry with backslash in sub-key name, in Python
COM Interop: Interface Not Found in VBA Despite Correct Class Registration
"Proper" way to find path to C# compiler?
How to read the values of IconLayouts REG_BINARY registry file
Detect and uninstall old version of application in Inno Setup using its version number stored in registry
TRegistry GetKeyNames not working as expected
How can I convert a REG_BINARY value from the registry into a string?
Anaconda Prompt launches wrong conda installation
How can I find sql server port number from windows registry?
How to extract R InstallPath from Registry using Excel VBA
Which reasons could make ShellExecute fail?
how does the .RGS file works
How To Run A Registry File With User Interaction In C#
NPM Publish Registry - 403 Forbidden - "You don't have permission to publish "..."
How do I get list of printers from HKU SIDs in the registry?
denied: requested access to the resource is denied when pushing image to gitlab registry
Reset application settings to a clear/clean state
Which custom dump flags are used in a WER mini dump?
How can I get and change the Value of the "(Standard)" key in the Registry with Powershell
Windows PowerShell Get Registry '(Default)' 'Value Size' and 'Value data'
magento registry already