Solved: Deleting Copied Executable Files Fails - Temporarily

Troubleshooting
Published May 16, 2012

I had a very interesting case recently where copied EXE files could not be deleted. They would simply remain in the folder like zombies, only to disappear a few minutes later.

The issue was reproducible across reboots and even across computer models. It looked like this:

Copy some files from the Windows directory to a test directory:

Files copied

Shift-delete all files (real delete, not moving them to the recycle bin). Some or all of the executables remain:

After delete files remain

A few minutes later, the files would finally disappear:

Folder empty

Such cases are always caused by a process holding open a handle to the “zombie” file. Finding the culprit is easy with Sysinternals Process Explorer. It is unfortunate, though, if it is “System” as in this case:

Open handle in Sysinternals Process Explorer

This happened on a hardened Windows installation image where many services had been disabled. By trial and error I found the root cause: it seems that disabling the Application Experience service is not such a good idea after all:

Application experience service disabled

The Application Experience service had been disabled because the German BSI (a government institute for IT security) recommends it. Microsoft apparently does not. Better stick with what the OS vender says, I guess…

File Copy Hardening Process Explorer Security

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

Streamed Video Audio Sync Problems on Windows 10 / Realtek Sound

Streamed Video Audio Sync Problems on Windows 10 / Realtek Sound

I have been watching streaming video for a very long time. It always worked beautifully, in high resolutions and from any site: YouTube, Netflix, Amazon Prime Video, you name it. Then suddenly I started to notice lip sync issues, probably around autumn/winter 2016. The longer a video played, the more the audio would get out of sync with the video, making watching and listening increasingly awkward. Recently I finally found the time to analyze these audio/video sync problems. Read on for a playback troubleshooting methodology followed by a workaround for the issue at hand.

Troubleshooting

Creating an Application Crash Dump

Creating an Application Crash Dump

How to Create User Mode Crash Dump Files If you experience application crashes you may be asked by support to create a crash dump file.

Troubleshooting

My Beautifully Fast WordPress Webserver

My Beautifully Fast WordPress Webserver

Note: The installation described in this article worked very well for me. However, nine years after publishing this post I replaced this setup with a more modern dockerized installation that is easier to maintain. PHP upgrades, especially, are a lot simpler.

Top 10 IT Security Tips for Individual Users

Top 10 IT Security Tips for Individual Users

This is a list of simple things that will protect you from nearly all the real-world IT security issues affecting individuals and SOHO users. 1. Install All the Updates What Should You Do? Enable automatic updates wherever possible Don’t use obsolete software versions Why Is It Important? Older software versions often have known security issues for which exploits are readily available. This means that even script kiddies can easily attack large numbers of users.

Latest Posts

Introducing Sambee, Your Browser-Based File Manager for SMB Shares and Local Drives

Introducing Sambee, Your Browser-Based File Manager for SMB Shares and Local Drives

Sambee is a browser-based viewer and manager for files on SMB network shares and on your computer’s local drives. It supports single-pane and dual-pane views and can replace Windows File Explorer as well as Norton Commander-style tools on your PC and on your phone. And yes, it’s free and open source.

WSL Disk Space Cleanup

WSL Disk Space Cleanup

The Windows Subsystem for Linux (WSL) stores its virtual hard disks in the user profile on drive C:. These VHDX files can grow up to 1 TB in size, making it necessary to clean up and reclaim space occasionally. This article shows how.

Virtualization & Containers

Changing the Location of PowerShell Profile Scripts

A PowerShell profile is an init script that is executed when the shell starts. PowerShell searches for profile scripts in hard-coded locations. This article explains how to move profile scripts to any directory of your choice.

Changing the Location of the Windows Terminal Settings Files

Changing the Location of the Windows Terminal Settings Files

Windows Terminal stores its settings in configuration files that resides in the Windows user profile. This article explains how to move them to any directory of your choice. Where are the Settings Files Located? The location of the Windows Terminal settings file is hard-coded. The exact path depends on the app variant you installed, but it’s always in the user profile: