Solved: Deleting Copied Executable Files Fails - Temporarily

Troubleshooting
Published May 16, 2012

I had a very interesting case recently where copied EXE files could not be deleted. They would simply remain in the folder like zombies, only to disappear a few minutes later.

The issue was reproducible across reboots and even across computer models. It looked like this:

Copy some files from the Windows directory to a test directory:

Files copied

Shift-delete all files (real delete, not moving them to the recycle bin). Some or all of the executables remain:

After delete files remain

A few minutes later, the files would finally disappear:

Folder empty

Such cases are always caused by a process holding open a handle to the “zombie” file. Finding the culprit is easy with Sysinternals Process Explorer. It is unfortunate, though, if it is “System” as in this case:

Open handle in Sysinternals Process Explorer

This happened on a hardened Windows installation image where many services had been disabled. By trial and error I found the root cause: it seems that disabling the Application Experience service is not such a good idea after all:

Application experience service disabled

The Application Experience service had been disabled because the German BSI (a government institute for IT security) recommends it. Microsoft apparently does not. Better stick with what the OS vender says, I guess…

File Copy Hardening Process Explorer Security

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

Workaround for Unexpected Error in PowerCfg -SleepStudy

Workaround for Unexpected Error in PowerCfg -SleepStudy

PowerCfg is a nifty little tool for analyzing and configuring all kinds of things related to battery usage and power plans. In Windows 8.1 PowerCfg learned how to analyze the effectiveness of connected standby, a new low-power mode introduced in Windows 8 that enables applications to stay connected while the device (mostly) sleeps. All the more frustrating when that new command suddenly stops working.

Troubleshooting

Azure DevOps: Restricting Credentials to a Single Repository

Azure DevOps: Restricting Credentials to a Single Repository

You may find yourself in a situation where you need to limit a set of credentials to a single Git repository only - like I did when I was working on a Git-based configuration backup solution for Linux. In such a case, you want the Git credentials you are storing per machine to grant access to that machine’s repository only. As useful as such a setup is from a security point of view, it is currently difficult to implement in Azure DevOps.

Software development

Solved: Citrix Desktop Service Fails to Start, Logs Event 1006

Solved: Citrix Desktop Service Fails to Start, Logs Event 1006

I am sure you all love XenDesktop VDAs that just won’t register. Although this is becoming less and less of a problem I had another case recently. Checking the Obvious When a XenDesktop VDA is unregistered the first thing I do is check if the VM is actually turned on. With that out of the way I turn to the application event log, looking for entries with the source Citrix Desktop Service. This usually tells you what the problem is. Not this time, however. Apparently the Citrix Desktop Service (aka WorkstationAgent) ran into some error during startup. It logged the following event with ID 1006 and stopped:

Citrix/Terminal Services/Remote Desktop Services

Top 10 IT Security Tips for Individual Users

Top 10 IT Security Tips for Individual Users

This is a list of simple things that will protect you from nearly all the real-world IT security issues affecting individuals and SOHO users. 1. Install All the Updates What Should You Do? Enable automatic updates wherever possible Don’t use obsolete software versions Why Is It Important? Older software versions often have known security issues for which exploits are readily available. This means that even script kiddies can easily attack large numbers of users.

Latest Posts

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler.

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration

After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.

Mitsubishi Heat Pump Data in Home Assistant via Modbus

Mitsubishi Heat Pump Data in Home Assistant via Modbus

This article shows how to get detailed information about your Mitsubishi heat pump’s status and operations into Home Assistant. Prerequisites You’ll need a Mitsubishi Modbus interface, either the older A1M (serial Modbus/RTU via RS-485 only) or the newer A1M+ (Modbus/TCP via Ethernet in addition to Modbux/RTU). I’m using the Ethernet variant.

Home Automation, Networking & Self-Hosting

GitHub: Authenticated Access via SSH

GitHub: Authenticated Access via SSH

This article describes how to set up authenticated access to a (private or public) GitHub repository from Linux. Create & Set Up an SSH Key SSH Key Creation Create a new SSH key:

Software development