[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3723
  • Last Modified:

Unknown file in WINDOWS\system32\Microsoft\Protect\S-1-5-18\

Some new files appeared on one of our servers the other day and I am trying to identify what it is.  The file is C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5fb8c11a-4409-4d41-b8b6-5d53311eebe1.  It is a hidden file and the contents are unreadable.  Does anyone know what goes in this protect folder?  Thanks.
0
delmarvamonkey
Asked:
delmarvamonkey
1 Solution
 
Christopher McKayMicrosoft Network AdministratorCommented:
Hi  delmarvamonkey,
That would be the system restore files.

To turn off system restore:

o disable System Restore: Start=>Control Panel=>Performance & Maintenance=>System Applet=>

1. On the System Applet, Click the System Restore tab,
2. Check the Turn off System Restore box,
3. Click OK, then click Yes. This will initiate the restore point purging process.
4. To re-enable System Restore, clear the Turn-Off System Restore check box from the same location

Hope this helps!

:o)

Bartender_1
0
 
ParanormasticCryptographic EngineerCommented:
From http://support.microsoft.com/kb/818171:
The folders ... are used by the Data Protection API (DPAPI) and can be used by applications and services.

"In a new install, these folders will typically contain only a single key, or they may not contain any keys. Keys are recreated every 90 days. They are also recreated if DPAPI cannot decrypt the preferred master keys. If you have more than one key in these folders, you are not running a new install of your operating system, or your operating system has had modifications that caused multiple keys to be created."

The SID referenced is the local system account.  These files can be from other processes in addition to system restore - e.g. .net framework. http://msdn.microsoft.com/en-us/library/bb968830(VS.85).aspx

In short - don't worry about it unless it shows up in a virus scan.  These are encrypted files and shouldn't be messed with.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now