In the latest versions of Windows 10 you may be noticed the registry process in your Task Manager, listed under the Processes and the Details tab. You probably asked yourself what it is all about, and whether it is a legitimate process or not.
There is no information on the process other than its name in the Task Manager. In the details tab you may find out that it runs under the system user, and that its description states “Registry” only.
As Microsoft published recently, the Registry process is a “minimal process whose address space is used to hold data on behalf of the kernel”. The Registry process is used to hold Software and User Registry hive data (HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_CURRENT_USER) to utilize memory management capabilities and reduce the memory usage of the Registry in the future.
However, some users have noticed that the memory usage of the Registry process increased in the most recent build because of hive data being handled by the process. But the kernel paged pool decreased by the same amount of memory as it was used to store the hive data previously.
