Why am I deleting these files

M

Mike

Hello,
I was told that the security regulations at my organization require me
to delete the following files. I was curious if anyone could tell me
why and possible consequences. Thanks for any help.

Delete:
ir* : c:\winnt\inf
c:\winnt\inf\system32\drivers
c:\winnt\inf\system32\drivers\dllcache

netir* : all directories
nscirda*: all directories
Posix: all directories
os2*.exe: all directories
*.ex_ : all directories
 
S

Shenan Stanley

Mike wrote:
> I was told that the security regulations at my organization require
> me to delete the following files. I was curious if anyone could
> tell me why and possible consequences. Thanks for any help.
>
> Delete:
> ir* : c:\winnt\inf
> c:\winnt\inf\system32\drivers
> c:\winnt\inf\system32\drivers\dllcache
>
> netir* : all directories
> nscirda*: all directories
> Posix: all directories
> os2*.exe: all directories
> *.ex_ : all directories

Who told you this?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
 
S

Special Access

On Thu, 12 Jun 2008 15:55:17 -0500, "Shenan Stanley"
<newshelper@gmail.com> wrote:

>Mike wrote:
>> I was told that the security regulations at my organization require
>> me to delete the following files. I was curious if anyone could
>> tell me why and possible consequences. Thanks for any help.
>>
>> Delete:
>> ir* : c:\winnt\inf
>> c:\winnt\inf\system32\drivers
>> c:\winnt\inf\system32\drivers\dllcache
>>
>> netir* : all directories
>> nscirda*: all directories
>> Posix: all directories
>> os2*.exe: all directories
>> *.ex_ : all directories
>
>Who told you this?
>
>--
>Shenan Stanley
> MS-MVP

Most likely an over-anxious security person. Even DISA (used to
secure Gov't computer systems) doesn't require you to delete all of
those files. POSIX and OS2, yes... but not the rest, especially the
dllcache directory!

Most security folks are of the mindset to eliminate any possibility of
compromise. For example, I can take an ex_ file and expand it to
allow me to use the exe that is being blocked by security settings
elsewhere. This may be stopped by setting the security the same, but
most security folks don't think that's enough of a prevention method.
Protection in multiple layers, in case one layer is compromised there
is another.

Mike
 
K

Kevin Hatfield

Kind of funny though :)

He is correct - those directories are being deleted due to the high
probability of being attacked by viruses/malware. The filenames
are being deleted because they can either be manipulated or exploited. This
seems a little paranoid..

Shouldn't actually hurt anything, though.

"Special Access" <nonyabidnezz@hotmail.com> wrote in message
news:j8n354trperbpajt6ffs0hq55uqsok0jnv@4ax.com...
> On Thu, 12 Jun 2008 15:55:17 -0500, "Shenan Stanley"
> <newshelper@gmail.com> wrote:
>
>>Mike wrote:
>>> I was told that the security regulations at my organization require
>>> me to delete the following files. I was curious if anyone could
>>> tell me why and possible consequences. Thanks for any help.
>>>
>>> Delete:
>>> ir* : c:\winnt\inf
>>> c:\winnt\inf\system32\drivers
>>> c:\winnt\inf\system32\drivers\dllcache
>>>
>>> netir* : all directories
>>> nscirda*: all directories
>>> Posix: all directories
>>> os2*.exe: all directories
>>> *.ex_ : all directories
>>
>>Who told you this?
>>
>>--
>>Shenan Stanley
>> MS-MVP
>
> Most likely an over-anxious security person. Even DISA (used to
> secure Gov't computer systems) doesn't require you to delete all of
> those files. POSIX and OS2, yes... but not the rest, especially the
> dllcache directory!
>
> Most security folks are of the mindset to eliminate any possibility of
> compromise. For example, I can take an ex_ file and expand it to
> allow me to use the exe that is being blocked by security settings
> elsewhere. This may be stopped by setting the security the same, but
> most security folks don't think that's enough of a prevention method.
> Protection in multiple layers, in case one layer is compromised there
> is another.
>
> Mike
 
S

Special Access

On Mon, 7 Jul 2008 14:20:52 -0500, "Kevin Hatfield"
<khatfield@fedex.com> wrote:

You're only paranoid if the whole world ISN'T out to get you <grin>

Shouldn't hurt if you secure the directories from all but system and
admin (read: remove EVERYONE group) as these are your "trusted" folks.
Also helps if you are behind (multiple) firewall(s)

Mike

>Kind of funny though :)
>
>He is correct - those directories are being deleted due to the high
>probability of being attacked by viruses/malware. The filenames
>are being deleted because they can either be manipulated or exploited. This
>seems a little paranoid..
>
>Shouldn't actually hurt anything, though.
>
>"Special Access" <nonyabidnezz@hotmail.com> wrote in message
>news:j8n354trperbpajt6ffs0hq55uqsok0jnv@4ax.com...
>> On Thu, 12 Jun 2008 15:55:17 -0500, "Shenan Stanley"
>> <newshelper@gmail.com> wrote:
>>
>>>Mike wrote:
>>>> I was told that the security regulations at my organization require
>>>> me to delete the following files. I was curious if anyone could
>>>> tell me why and possible consequences. Thanks for any help.
>>>>
>>>> Delete:
>>>> ir* : c:\winnt\inf
>>>> c:\winnt\inf\system32\drivers
>>>> c:\winnt\inf\system32\drivers\dllcache
>>>>
>>>> netir* : all directories
>>>> nscirda*: all directories
>>>> Posix: all directories
>>>> os2*.exe: all directories
>>>> *.ex_ : all directories
>>>
>>>Who told you this?
>>>
>>>--
>>>Shenan Stanley
>>> MS-MVP
>>
>> Most likely an over-anxious security person. Even DISA (used to
>> secure Gov't computer systems) doesn't require you to delete all of
>> those files. POSIX and OS2, yes... but not the rest, especially the
>> dllcache directory!
>>
>> Most security folks are of the mindset to eliminate any possibility of
>> compromise. For example, I can take an ex_ file and expand it to
>> allow me to use the exe that is being blocked by security settings
>> elsewhere. This may be stopped by setting the security the same, but
>> most security folks don't think that's enough of a prevention method.
>> Protection in multiple layers, in case one layer is compromised there
>> is another.
>>
>> Mike
>
 
You must log in or register to reply here.

Similar threads

1
Why robocopy only copy directories but not files?
Replies
0
Views
84
1614
1
B
Curious if it is safe to delete .tmp files with in C:\Windows\System32\DriverStore\Temp directory?
Replies
0
Views
270
BetaKast
B
L
I am trying to delete files on my computer, and it says I need permission.
Replies
0
Views
87
Lucasjeffrey
L
D
hello i was trying to free up space by deleting some files, is it safe to delete them?
Replies
0
Views
72
Dark Thunder122
D
E
Why I am getting alert for wpndatabase
Replies
0
Views
83
Evee.M
E
Back
Top Bottom