Solved: Deleting Copied Executable Files Fails - Temporarily

Troubleshooting
Published May 16, 2012

I had a very interesting case recently where copied EXE files could not be deleted. They would simply remain in the folder like zombies, only to disappear a few minutes later.

The issue was reproducible across reboots and even across computer models. It looked like this:

Copy some files from the Windows directory to a test directory:

Files copied

Shift-delete all files (real delete, not moving them to the recycle bin). Some or all of the executables remain:

After delete files remain

A few minutes later, the files would finally disappear:

Folder empty

Such cases are always caused by a process holding open a handle to the “zombie” file. Finding the culprit is easy with Sysinternals Process Explorer. It is unfortunate, though, if it is “System” as in this case:

Open handle in Sysinternals Process Explorer

This happened on a hardened Windows installation image where many services had been disabled. By trial and error I found the root cause: it seems that disabling the Application Experience service is not such a good idea after all:

Application experience service disabled

The Application Experience service had been disabled because the German BSI (a government institute for IT security) recommends it. Microsoft apparently does not. Better stick with what the OS vender says, I guess…

File Copy Hardening Process Explorer Security

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

Blocking Office Macros, Managing Windows & macOS via Intune

Blocking Office Macros, Managing Windows & macOS via Intune

How to centrally manage essential security settings of self-managed devices This is a guest post by Martin Kretzschmar, customer success engineer at vast limits, the uberAgent company. One thing I especially like about my everyday working life is the flexibility it offers. I appreciate the freedom of choice in terms of location, time and device. We want to avoid getting into micro-management but, being an IT company, we also need to provide the necessary security where needed.

Top 10 IT Security Tips for Individual Users

Top 10 IT Security Tips for Individual Users

This is a list of simple things that will protect you from nearly all the real-world IT security issues affecting individuals and SOHO users. 1. Install All the Updates What Should You Do? Enable automatic updates wherever possible Don’t use obsolete software versions Why Is It Important? Older software versions often have known security issues for which exploits are readily available. This means that even script kiddies can easily attack large numbers of users.

Workaround for Unexpected Error in PowerCfg -SleepStudy

Workaround for Unexpected Error in PowerCfg -SleepStudy

PowerCfg is a nifty little tool for analyzing and configuring all kinds of things related to battery usage and power plans. In Windows 8.1 PowerCfg learned how to analyze the effectiveness of connected standby, a new low-power mode introduced in Windows 8 that enables applications to stay connected while the device (mostly) sleeps. All the more frustrating when that new command suddenly stops working.

Troubleshooting

Azure DevOps: Restricting Credentials to a Single Repository

Azure DevOps: Restricting Credentials to a Single Repository

You may find yourself in a situation where you need to limit a set of credentials to a single Git repository only - like I did when I was working on a Git-based configuration backup solution for Linux. In such a case, you want the Git credentials you are storing per machine to grant access to that machine’s repository only. As useful as such a setup is from a security point of view, it is currently difficult to implement in Azure DevOps.

Software development

Latest Posts

Changing the Location of PowerShell Profile Scripts

A PowerShell profile is an init script that is executed when the shell starts. PowerShell searches for profile scripts in hard-coded locations. This article explains how to move profile scripts to any directory of your choice.

Changing the Location of the Windows Terminal Settings Files

Changing the Location of the Windows Terminal Settings Files

Windows Terminal stores its settings in configuration files that resides in the Windows user profile. This article explains how to move them to any directory of your choice. Where are the Settings Files Located? The location of the Windows Terminal settings file is hard-coded. The exact path depends on the app variant you installed, but it’s always in the user profile:

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In the first post, I showed how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In this second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In a second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.