Solved

Unknown file in WINDOWS\system32\Microsoft\Protect\S-1-5-18\

Posted on 2009-05-06
2
3,451 Views
Last Modified: 2013-11-08
Some new files appeared on one of our servers the other day and I am trying to identify what it is.  The file is C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5fb8c11a-4409-4d41-b8b6-5d53311eebe1.  It is a hidden file and the contents are unreadable.  Does anyone know what goes in this protect folder?  Thanks.
0
Comment
Question by:delmarvamonkey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Expert Comment

by:Christopher McKay
ID: 24316981
Hi  delmarvamonkey,
That would be the system restore files.

To turn off system restore:

o disable System Restore: Start=>Control Panel=>Performance & Maintenance=>System Applet=>

1. On the System Applet, Click the System Restore tab,
2. Check the Turn off System Restore box,
3. Click OK, then click Yes. This will initiate the restore point purging process.
4. To re-enable System Restore, clear the Turn-Off System Restore check box from the same location

Hope this helps!

:o)

Bartender_1
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24317190
From http://support.microsoft.com/kb/818171:
The folders ... are used by the Data Protection API (DPAPI) and can be used by applications and services.

"In a new install, these folders will typically contain only a single key, or they may not contain any keys. Keys are recreated every 90 days. They are also recreated if DPAPI cannot decrypt the preferred master keys. If you have more than one key in these folders, you are not running a new install of your operating system, or your operating system has had modifications that caused multiple keys to be created."

The SID referenced is the local system account.  These files can be from other processes in addition to system restore - e.g. .net framework. http://msdn.microsoft.com/en-us/library/bb968830(VS.85).aspx

In short - don't worry about it unless it shows up in a virus scan.  These are encrypted files and shouldn't be messed with.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question