?
Solved

Curious Sandbox folders in server 2008

Posted on 2009-12-23
9
Medium Priority
?
5,498 Views
Last Modified: 2013-11-29
Hi All

I have a Windows Server 2008 file server where I have an external USB drive attached. In the last few weeks, a lot of folders with cryptic names have appeared in the root of this drive and every one of these folders has a folder called Sandbox inside it. There are no files in the folders and size is 0Kb.

Example folder names are

3f7d217ecc32c1744cbd039809f4e382
5f500a616f25bee45cec58ac4d65daee
6a5ec527b08c6cd12f8dd5
8bdc828c1989a47a0805731e
9d4f62bbccd412d5bccc8bb86de1
30b0d753626d47310b

Could anyone help see what they are, what created them and if they can be safely deleted. I don't have much 3rd party stuff installed on my server. Clean Windows Server.

Thanks.
0
Comment
Question by:netstarukltd
9 Comments
 
LVL 16

Accepted Solution

by:
warturtle earned 750 total points
ID: 26115601
Hello,

Try uploading some files within that Sandbox folder onto www.virustotal.com for a quick scan to see if they are any infections.

I also read on some Microsoft webpage that using Windows Update Standalone installer might also create those folders.

http://support.microsoft.com/kb/934307

Hope it helps.
0
 
LVL 41

Expert Comment

by:graye
ID: 26131903
Are you running a version of Kaspersky anti-virus software?   If so, those directories are probably the locations where it has "quarantined" files that it found as dangerous.
Open up Kasperksy and run a scan on that drive
0
 
LVL 22

Expert Comment

by:senad
ID: 26193735
Sandbox does not work with any version of Windows x64.
kaspersky installs sandbox folder but under x64 architecture they are useless.
You can delete these folders...

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 41

Expert Comment

by:graye
ID: 26194420
senad... just curious...  what lead you to believe that the Kaspersky "Safe Run" mode doesn't work in 64-bit windows?
0
 
LVL 22

Expert Comment

by:senad
ID: 26197140
Time ago I did some reading on sandboxie http://www.sandboxie.com/
Kaspersky is using Ronen Tzur's technology (sandbox).
Support for 64-bit is available in recent beta versions of Sandboxie.
But that is only Beta and for older versions of Windows.
However you can run Sandbox in 64-bit Windows 7 Professional/Enterprise
Ultima in Windows XP Mode.To run a Sandbox directly in W7 x64 is impossible.
It is due to kernel tampering protection x64 uses.
Also I tried "Safe Run" in Kaspersky (it kind of sandboxed x32 browser) but
it was 'mission failed'.It bloated my installation with folders ,something like the author
describes.
Also,I am a little skeptical to its effectiveness also on x32 platform.
0
 
LVL 41

Expert Comment

by:graye
ID: 26199346
... so, other than your personal experience, you don't have any references to cite to support your conclusion that Kaspersky's Safe Run doesn't work on Win7 x64?
just curious where you're getting all this...
0
 

Author Closing Comment

by:netstarukltd
ID: 31669340
Yes, it was Windows Update.
0
 

Expert Comment

by:PursleyC
ID: 37257970
We're seeing the same issues on all of our Windows 7 machines. Folders are being created on the root of C. They are named C:\hex value\sandbox. We delete them and then they come back. We've asked Microsof and Mcafee about it and nobody seems to have a solution. If anybody has any ideas where these folders are coming from and how to prevent them from being created I would greatly appreciate it. After searching google for the last hour is seems to be a very common occurance on both Windows 7 and Server 2008, but I have yet to find an answer. We could write a script to delete them and run the script on a recurring basis, but I would rather find root cause.
0
 
LVL 1

Expert Comment

by:ssplinter
ID: 37311455
We had the same mysterious folder on one of our 2008 windows DC's. After some searching we found that they were related to a Kaseya patch scan script running at a preset time every 7 days called "WUA Patch Scan 1 (x64)". I believe it as something to do with Kaseya's Agent logs function. Hope that helps.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question