Solved: Deleting Copied Executable Files Fails - Temporarily

Troubleshooting
Published May 16, 2012

I had a very interesting case recently where copied EXE files could not be deleted. They would simply remain in the folder like zombies, only to disappear a few minutes later.

The issue was reproducible across reboots and even across computer models. It looked like this:

Copy some files from the Windows directory to a test directory:

Files copied

Shift-delete all files (real delete, not moving them to the recycle bin). Some or all of the executables remain:

After delete files remain

A few minutes later, the files would finally disappear:

Folder empty

Such cases are always caused by a process holding open a handle to the “zombie” file. Finding the culprit is easy with Sysinternals Process Explorer. It is unfortunate, though, if it is “System” as in this case:

Open handle in Sysinternals Process Explorer

This happened on a hardened Windows installation image where many services had been disabled. By trial and error I found the root cause: it seems that disabling the Application Experience service is not such a good idea after all:

Application experience service disabled

The Application Experience service had been disabled because the German BSI (a government institute for IT security) recommends it. Microsoft apparently does not. Better stick with what the OS vender says, I guess…

File Copy Hardening Process Explorer Security

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

Azure DevOps: Restricting Credentials to a Single Repository

Azure DevOps: Restricting Credentials to a Single Repository

You may find yourself in a situation where you need to limit a set of credentials to a single Git repository only - like I did when I was working on a Git-based configuration backup solution for Linux. In such a case, you want the Git credentials you are storing per machine to grant access to that machine’s repository only. As useful as such a setup is from a security point of view, it is currently difficult to implement in Azure DevOps.

Software development

Error Connecting to C$: Device Attached to the System is not Functioning

Error Connecting to C$: Device Attached to the System is not Functioning

When I tried to connect to the administrative file share C$ on my wife’s computer I got the error A device attached to the system is not functioning. The other way round worked without a hitch, i.e. I could access my laptop’s C$ share from my wife’s computer.

Troubleshooting

Blocking Office Macros, Managing Windows & macOS via Intune

Blocking Office Macros, Managing Windows & macOS via Intune

How to centrally manage essential security settings of self-managed devices This is a guest post by Martin Kretzschmar, customer success engineer at vast limits, the uberAgent company. One thing I especially like about my everyday working life is the flexibility it offers. I appreciate the freedom of choice in terms of location, time and device. We want to avoid getting into micro-management but, being an IT company, we also need to provide the necessary security where needed.

My Beautifully Fast WordPress Webserver

My Beautifully Fast WordPress Webserver

Note: The installation described in this article worked very well for me. However, nine years after publishing this post I replaced this setup with a more modern dockerized installation that is easier to maintain. PHP upgrades, especially, are a lot simpler.

Latest Posts

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In the first post, I showed how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In this second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In a second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration

After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.

Mitsubishi Heat Pump Data in Home Assistant via Modbus

Mitsubishi Heat Pump Data in Home Assistant via Modbus

This article shows how to get detailed information about your Mitsubishi heat pump’s status and operations into Home Assistant. Prerequisites You’ll need a Mitsubishi Modbus interface, either the older A1M (serial Modbus/RTU via RS-485 only) or the newer A1M+ (Modbus/TCP via Ethernet in addition to Modbux/RTU). I’m using the Ethernet variant.

Home Automation, Networking & Self-Hosting