Solved

File Server

Posted on 2012-12-26
4
305 Views
Last Modified: 2012-12-28
I am monitoring my files server for anyone deleting file but I don't know why user User: NT AUTHORITY\SYSTEM keeps showing deleting  files sqlserv.exe and copy.exe. I ran my virus and it came up clean


26 Dec 2012 05:57:44 PM Computer: [KFSH-CL-FLPD-02] Monitor: [Watch F:\] Description: The following activities have occurred:
Op: Deleted
File: F:\KFSHHomeFolders\MedApp\mimages\sqlserv.exe
User: NT AUTHORITY\SYSTEM
App: System or Network

Op: Deleted
File: F:\KFSHHomeFolders\MedApp\mimages\copy.exe
User: NT AUTHORITY\SYSTEM
App: System or Network
0
Comment
Question by:YRMC_Infrastructure
4 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38721405
run the anitvirus scan on the system in safe mode then check
0
 

Author Comment

by:YRMC_Infrastructure
ID: 38721466
I ran it in safe and normal mode
0
 
LVL 27

Accepted Solution

by:
davorin earned 500 total points
ID: 38721500
This is happening in the same folder (I guess) of some medical imaging application.
Is it possible that this is normal behavior for this application?
Application when needed creates/copies this two files and when the procedure is finished the files are deleted.

You can try to use process monitor to get some more details on which process is playing with this two files.
http://technet.microsoft.com/en-us/sysinternals/bb896645
0
 
LVL 5

Expert Comment

by:Imran Saeed
ID: 38723473
Can you attach the files here to analyze?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now