Why am I deleting these files

TheMSsForum.com: The Microsoft Software Forum

Hello,
I was told that the security regulations at my organization require me
to delete the following files. I was curious if anyone could tell me
why and possible consequences. Thanks for any help.

Delete:
ir* : c:\winnt\inf
c:\winnt\inf\system32\drivers
c:\winnt\inf\system32\drivers\dllcache

netir* : all directories
nscirda*: all directories
Posix: all directories
os2*.exe: all directories
*.ex_ : all directories
Top

Re: Why am I deleting these files by Shenan

Shenan
Thu Jun 12 15:55:17 CDT 2008

Mike wrote:
> I was told that the security regulations at my organization require
> me to delete the following files. I was curious if anyone could
> tell me why and possible consequences. Thanks for any help.
>
> Delete:
> ir* : c:\winnt\inf
> c:\winnt\inf\system32\drivers
> c:\winnt\inf\system32\drivers\dllcache
>
> netir* : all directories
> nscirda*: all directories
> Posix: all directories
> os2*.exe: all directories
> *.ex_ : all directories

Who told you this?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


Top

Re: Why am I deleting these files by Kevin

Kevin
Mon Jul 07 14:20:52 CDT 2008

Kind of funny though :)

He is correct - those directories are being deleted due to the high
probability of being attacked by viruses/malware. The filenames
are being deleted because they can either be manipulated or exploited. This
seems a little paranoid..

Shouldn't actually hurt anything, though.

"Special Access" <nonyabidnezz@hotmail.com> wrote in message
news:j8n354trperbpajt6ffs0hq55uqsok0jnv@4ax.com...
> On Thu, 12 Jun 2008 15:55:17 -0500, "Shenan Stanley"
> <newshelper@gmail.com> wrote:
>
>>Mike wrote:
>>> I was told that the security regulations at my organization require
>>> me to delete the following files. I was curious if anyone could
>>> tell me why and possible consequences. Thanks for any help.
>>>
>>> Delete:
>>> ir* : c:\winnt\inf
>>> c:\winnt\inf\system32\drivers
>>> c:\winnt\inf\system32\drivers\dllcache
>>>
>>> netir* : all directories
>>> nscirda*: all directories
>>> Posix: all directories
>>> os2*.exe: all directories
>>> *.ex_ : all directories
>>
>>Who told you this?
>>
>>--
>>Shenan Stanley
>> MS-MVP
>
> Most likely an over-anxious security person. Even DISA (used to
> secure Gov't computer systems) doesn't require you to delete all of
> those files. POSIX and OS2, yes... but not the rest, especially the
> dllcache directory!
>
> Most security folks are of the mindset to eliminate any possibility of
> compromise. For example, I can take an ex_ file and expand it to
> allow me to use the exe that is being blocked by security settings
> elsewhere. This may be stopped by setting the security the same, but
> most security folks don't think that's enough of a prevention method.
> Protection in multiple layers, in case one layer is compromised there
> is another.
>
> Mike


Top