?
Solved

File Server

Posted on 2012-12-26
4
Medium Priority
?
324 Views
Last Modified: 2012-12-28
I am monitoring my files server for anyone deleting file but I don't know why user User: NT AUTHORITY\SYSTEM keeps showing deleting  files sqlserv.exe and copy.exe. I ran my virus and it came up clean


26 Dec 2012 05:57:44 PM Computer: [KFSH-CL-FLPD-02] Monitor: [Watch F:\] Description: The following activities have occurred:
Op: Deleted
File: F:\KFSHHomeFolders\MedApp\mimages\sqlserv.exe
User: NT AUTHORITY\SYSTEM
App: System or Network

Op: Deleted
File: F:\KFSHHomeFolders\MedApp\mimages\copy.exe
User: NT AUTHORITY\SYSTEM
App: System or Network
0
Comment
Question by:YRMC_Infrastructure
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38721405
run the anitvirus scan on the system in safe mode then check
0
 

Author Comment

by:YRMC_Infrastructure
ID: 38721466
I ran it in safe and normal mode
0
 
LVL 27

Accepted Solution

by:
davorin earned 1000 total points
ID: 38721500
This is happening in the same folder (I guess) of some medical imaging application.
Is it possible that this is normal behavior for this application?
Application when needed creates/copies this two files and when the procedure is finished the files are deleted.

You can try to use process monitor to get some more details on which process is playing with this two files.
http://technet.microsoft.com/en-us/sysinternals/bb896645
0
 
LVL 5

Expert Comment

by:Imran Saeed
ID: 38723473
Can you attach the files here to analyze?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
Suggested Courses
Course of the Month15 days, 4 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question