See WPA counterfreezer 1.0 utils (antiwpa3 win2k3 fix).ZiP\Counterfreezer 1.0
Quote:Explanation:
The patch will deny permissions of 'system' to write to
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents"
That regkey is used by msoobe and sysinfo and other programs to get
activation status. And if it's read-only the wpa-call inside winlogon
will not be able to set the activation status. But the wpa-call don't
uses the key to get how many days left(it gets that info elsewhere) so
It won't stop the internal activation counter.
Why this patch is is needed? The wpa-function is called from two locations in winlogon the major one is called at login. If antiwpa3 is running winlogon will thinks it's in safe mode and will skip it.
The other from winlogon message loop which will actualise the days counter every 1..8 hours. Normally that timer is not installed if it's in safe mode or if it is already activated. But for some reason in Win2k3 the WPA-function is called from this second location and makes the counter to continue.