Solved

Unknown file in WINDOWS\system32\Microsoft\Protect\S-1-5-18\

Posted on 2009-05-06
2
3,487 Views
Last Modified: 2013-11-08
Some new files appeared on one of our servers the other day and I am trying to identify what it is.  The file is C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5fb8c11a-4409-4d41-b8b6-5d53311eebe1.  It is a hidden file and the contents are unreadable.  Does anyone know what goes in this protect folder?  Thanks.
0
Comment
Question by:delmarvamonkey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Expert Comment

by:Christopher McKay
ID: 24316981
Hi  delmarvamonkey,
That would be the system restore files.

To turn off system restore:

o disable System Restore: Start=>Control Panel=>Performance & Maintenance=>System Applet=>

1. On the System Applet, Click the System Restore tab,
2. Check the Turn off System Restore box,
3. Click OK, then click Yes. This will initiate the restore point purging process.
4. To re-enable System Restore, clear the Turn-Off System Restore check box from the same location

Hope this helps!

:o)

Bartender_1
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24317190
From http://support.microsoft.com/kb/818171:
The folders ... are used by the Data Protection API (DPAPI) and can be used by applications and services.

"In a new install, these folders will typically contain only a single key, or they may not contain any keys. Keys are recreated every 90 days. They are also recreated if DPAPI cannot decrypt the preferred master keys. If you have more than one key in these folders, you are not running a new install of your operating system, or your operating system has had modifications that caused multiple keys to be created."

The SID referenced is the local system account.  These files can be from other processes in addition to system restore - e.g. .net framework. http://msdn.microsoft.com/en-us/library/bb968830(VS.85).aspx

In short - don't worry about it unless it shows up in a virus scan.  These are encrypted files and shouldn't be messed with.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question