Solved: Deleting Copied Executable Files Fails - Temporarily

Troubleshooting
Published May 16, 2012

I had a very interesting case recently where copied EXE files could not be deleted. They would simply remain in the folder like zombies, only to disappear a few minutes later.

The issue was reproducible across reboots and even across computer models. It looked like this:

Copy some files from the Windows directory to a test directory:

Files copied

Shift-delete all files (real delete, not moving them to the recycle bin). Some or all of the executables remain:

After delete files remain

A few minutes later, the files would finally disappear:

Folder empty

Such cases are always caused by a process holding open a handle to the “zombie” file. Finding the culprit is easy with Sysinternals Process Explorer. It is unfortunate, though, if it is “System” as in this case:

Open handle in Sysinternals Process Explorer

This happened on a hardened Windows installation image where many services had been disabled. By trial and error I found the root cause: it seems that disabling the Application Experience service is not such a good idea after all:

Application experience service disabled

The Application Experience service had been disabled because the German BSI (a government institute for IT security) recommends it. Microsoft apparently does not. Better stick with what the OS vender says, I guess…

File Copy Hardening Process Explorer Security

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

Streamed Video Audio Sync Problems on Windows 10 / Realtek Sound

Streamed Video Audio Sync Problems on Windows 10 / Realtek Sound

I have been watching streaming video for a very long time. It always worked beautifully, in high resolutions and from any site: YouTube, Netflix, Amazon Prime Video, you name it. Then suddenly I started to notice lip sync issues, probably around autumn/winter 2016. The longer a video played, the more the audio would get out of sync with the video, making watching and listening increasingly awkward. Recently I finally found the time to analyze these audio/video sync problems. Read on for a playback troubleshooting methodology followed by a workaround for the issue at hand.

Troubleshooting

Solved: Citrix Desktop Service Fails to Start, Logs Event 1006

Solved: Citrix Desktop Service Fails to Start, Logs Event 1006

I am sure you all love XenDesktop VDAs that just won’t register. Although this is becoming less and less of a problem I had another case recently. Checking the Obvious When a XenDesktop VDA is unregistered the first thing I do is check if the VM is actually turned on. With that out of the way I turn to the application event log, looking for entries with the source Citrix Desktop Service. This usually tells you what the problem is. Not this time, however. Apparently the Citrix Desktop Service (aka WorkstationAgent) ran into some error during startup. It logged the following event with ID 1006 and stopped:

Citrix/Terminal Services/Remote Desktop Services

Blocking Office Macros, Managing Windows & macOS via Intune

Blocking Office Macros, Managing Windows & macOS via Intune

How to centrally manage essential security settings of self-managed devices This is a guest post by Martin Kretzschmar, customer success engineer at vast limits, the uberAgent company. One thing I especially like about my everyday working life is the flexibility it offers. I appreciate the freedom of choice in terms of location, time and device. We want to avoid getting into micro-management but, being an IT company, we also need to provide the necessary security where needed.

Top 10 IT Security Tips for Individual Users

Top 10 IT Security Tips for Individual Users

This is a list of simple things that will protect you from nearly all the real-world IT security issues affecting individuals and SOHO users. 1. Install All the Updates What Should You Do? Enable automatic updates wherever possible Don’t use obsolete software versions Why Is It Important? Older software versions often have known security issues for which exploits are readily available. This means that even script kiddies can easily attack large numbers of users.

Latest Posts

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In the first post, I showed how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In this second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In a second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration

After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.

Mitsubishi Heat Pump Data in Home Assistant via Modbus

Mitsubishi Heat Pump Data in Home Assistant via Modbus

This article shows how to get detailed information about your Mitsubishi heat pump’s status and operations into Home Assistant. Prerequisites You’ll need a Mitsubishi Modbus interface, either the older A1M (serial Modbus/RTU via RS-485 only) or the newer A1M+ (Modbus/TCP via Ethernet in addition to Modbux/RTU). I’m using the Ethernet variant.

Home Automation, Networking & Self-Hosting