Curious Sandbox folders in server 2008

Posted on 2009-12-23
Medium Priority
Last Modified: 2013-11-29
Hi All

I have a Windows Server 2008 file server where I have an external USB drive attached. In the last few weeks, a lot of folders with cryptic names have appeared in the root of this drive and every one of these folders has a folder called Sandbox inside it. There are no files in the folders and size is 0Kb.

Example folder names are


Could anyone help see what they are, what created them and if they can be safely deleted. I don't have much 3rd party stuff installed on my server. Clean Windows Server.

Question by:netstarukltd
LVL 16

Accepted Solution

warturtle earned 750 total points
ID: 26115601

Try uploading some files within that Sandbox folder onto www.virustotal.com for a quick scan to see if they are any infections.

I also read on some Microsoft webpage that using Windows Update Standalone installer might also create those folders.


Hope it helps.
LVL 41

Expert Comment

ID: 26131903
Are you running a version of Kaspersky anti-virus software?   If so, those directories are probably the locations where it has "quarantined" files that it found as dangerous.
Open up Kasperksy and run a scan on that drive
LVL 22

Expert Comment

ID: 26193735
Sandbox does not work with any version of Windows x64.
kaspersky installs sandbox folder but under x64 architecture they are useless.
You can delete these folders...

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 41

Expert Comment

ID: 26194420
senad... just curious...  what lead you to believe that the Kaspersky "Safe Run" mode doesn't work in 64-bit windows?
LVL 22

Expert Comment

ID: 26197140
Time ago I did some reading on sandboxie http://www.sandboxie.com/
Kaspersky is using Ronen Tzur's technology (sandbox).
Support for 64-bit is available in recent beta versions of Sandboxie.
But that is only Beta and for older versions of Windows.
However you can run Sandbox in 64-bit Windows 7 Professional/Enterprise
Ultima in Windows XP Mode.To run a Sandbox directly in W7 x64 is impossible.
It is due to kernel tampering protection x64 uses.
Also I tried "Safe Run" in Kaspersky (it kind of sandboxed x32 browser) but
it was 'mission failed'.It bloated my installation with folders ,something like the author
Also,I am a little skeptical to its effectiveness also on x32 platform.
LVL 41

Expert Comment

ID: 26199346
... so, other than your personal experience, you don't have any references to cite to support your conclusion that Kaspersky's Safe Run doesn't work on Win7 x64?
just curious where you're getting all this...

Author Closing Comment

ID: 31669340
Yes, it was Windows Update.

Expert Comment

ID: 37257970
We're seeing the same issues on all of our Windows 7 machines. Folders are being created on the root of C. They are named C:\hex value\sandbox. We delete them and then they come back. We've asked Microsof and Mcafee about it and nobody seems to have a solution. If anybody has any ideas where these folders are coming from and how to prevent them from being created I would greatly appreciate it. After searching google for the last hour is seems to be a very common occurance on both Windows 7 and Server 2008, but I have yet to find an answer. We could write a script to delete them and run the script on a recurring basis, but I would rather find root cause.

Expert Comment

ID: 37311455
We had the same mysterious folder on one of our 2008 windows DC's. After some searching we found that they were related to a Kaseya patch scan script running at a preset time every 7 days called "WUA Patch Scan 1 (x64)". I believe it as something to do with Kaseya's Agent logs function. Hope that helps.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question