1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Rapidly growing S-1-5-19 Folder

Discussion in 'Windows Security' started by Bill, Jun 2, 2009.

  1. Bill

    Bill Guest

    I detected a protected operating system folder S-1-5-19 that substantially
    increases in size from week to week. The folder path is C:\Documents and
    Settings\Local Service\Application Data\Microsoft\Protect\S-1-5-19.

    Checking folder properties, Size: 502 MB, Size on disk: 5.45GB, Contains:
    1,431,130 Files, 1 Folder

    The folder was created Sunday, January 25, 2009, 3:40:23PM.

    Around that time, I downloaded a number of Express Edition programs (SQL,
    C#, etc.) including Microsoft Sync Framework and Analysis Services earlier
    that same day.

    I have been spending a lot of time reading and working the C# exercises from
    the APress book "Beginning C# 2008: From Novice to Professional" (which is
    very good, by the way).

    The downloaded Express Edition files are on a laptop running XP Home
    Edition, and the C# project data files stored in an "untrusted" location on a
    desktop running Vista Home Premium which is connected to the laptop via a
    simple home wireless network.

    I don't understand what is going on, and I'm not sure this is a security
    issue. I just want to get rid of all those pesky files in the S-1-5-19
    folder somehow. Please help me figure this thing out.

    Thanks.

    Bill
     
    Bill, Jun 2, 2009
    #1
  3. PA Bear [MS MVP]

    PA Bear [MS MVP] Guest

    cf. Well-known security identifiers [SIDs] in Windows operating systems:


    Please state the full Windows version (e.g., WinXP SP3; Vista x64 SP2) of
    the machine where you find this Protected folder? Is the
    machine-in-question fully patched at Windows Update? Are all networked
    machines fully-patched?

    Is a valid, fully-functional anti-virus application running on each machine?

    Is a fully-functional firewall enabled on each machine?

    How has the wireless network been secured?


    Bill wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > I detected a protected operating system folder S-1-5-19 that substantially
    > increases in size from week to week. The folder path is C:Documents and
    > SettingsLocal ServiceApplication DataMicrosoftProtectS-1-5-19.
    >
    > Checking folder properties, Size: 502 MB, Size on disk: 5.45GB, Contains:
    > 1,431,130 Files, 1 Folder
    >
    > The folder was created Sunday, January 25, 2009, 3:40:23PM.
    >
    > Around that time, I downloaded a number of Express Edition programs (SQL,
    > C#, etc.) including Microsoft Sync Framework and Analysis Services earlier
    > that same day.
    >
    > I have been spending a lot of time reading and working the C# exercises
    > from
    > the APress book "Beginning C# 2008: From Novice to Professional" (which is
    > very good, by the way).
    >
    > The downloaded Express Edition files are on a laptop running XP Home
    > Edition, and the C# project data files stored in an "untrusted" location
    > on
    > a desktop running Vista Home Premium which is connected to the laptop via
    > a
    > simple home wireless network.
    >
    > I don't understand what is going on, and I'm not sure this is a security
    > issue. I just want to get rid of all those pesky files in the S-1-5-19
    > folder somehow. Please help me figure this thing out.
    >
    > Thanks.
    >
    > Bill<!--colorc--><!--/colorc-->
     
    PA Bear [MS MVP], Jun 2, 2009
    #2
  4. Bill

    Bill Guest

    PA Bear, Thanks for responding. I read the SID info.

    The laptop machine with the growing Protect Folder is running XP Home Edition.
    Version 5.1 (Build 2600.xpsp_sp3_gdr.090206-1234: Service Pack 3)

    The only networked machine is a desktop running Vista Home Premium.
    Version 6.0 (Build 6001, Service Pack 1). This morning when I checked, it
    had run a scheculed Windows Live OneCare tune-up last night and reported that
    it was missing an important 344MB update which turns out to be Service Pack
    2. It is downloading now.

    Both machines use Windows Live OneCare for firewall and anti-virus
    protection, as well as Webroot Spysweeper for spyware protection.

    The OneCare indicator is green on the laptop with the growing Protected
    folder and yellow on the desktop (which was green yesterday).

    Firewalls on both machines are On (Home/Work).
    Virus and spyware monitoring is On.
    Last scan on the Protected folder laptop happened this morning, and the scan
    report shows "no potentially harmful or unwanted software".

    The wireless network is linked to provider AT&T by a 2-wire HomePortal that
    is password protected. Wireless security is enabled. Authentication is
    WEP-Open, and using the default encryption key.

    Thanks again for your help.

    "PA Bear [MS MVP]" wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > cf. Well-known security identifiers [SIDs] in Windows operating systems:
    >
    >
    > Please state the full Windows version (e.g., WinXP SP3; Vista x64 SP2) of
    > the machine where you find this Protected folder? Is the
    > machine-in-question fully patched at Windows Update? Are all networked
    > machines fully-patched?
    >
    > Is a valid, fully-functional anti-virus application running on each machine?
    >
    > Is a fully-functional firewall enabled on each machine?
    >
    > How has the wireless network been secured?
    >
    >
    > Bill wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
    > > I detected a protected operating system folder S-1-5-19 that substantially
    > > increases in size from week to week. The folder path is C:Documents and
    > > SettingsLocal ServiceApplication DataMicrosoftProtectS-1-5-19.
    > >
    > > Checking folder properties, Size: 502 MB, Size on disk: 5.45GB, Contains:
    > > 1,431,130 Files, 1 Folder
    > >
    > > The folder was created Sunday, January 25, 2009, 3:40:23PM.
    > >
    > > Around that time, I downloaded a number of Express Edition programs (SQL,
    > > C#, etc.) including Microsoft Sync Framework and Analysis Services earlier
    > > that same day.
    > >
    > > I have been spending a lot of time reading and working the C# exercises
    > > from
    > > the APress book "Beginning C# 2008: From Novice to Professional" (which is
    > > very good, by the way).
    > >
    > > The downloaded Express Edition files are on a laptop running XP Home
    > > Edition, and the C# project data files stored in an "untrusted" location
    > > on
    > > a desktop running Vista Home Premium which is connected to the laptop via
    > > a
    > > simple home wireless network.
    > >
    > > I don't understand what is going on, and I'm not sure this is a security
    > > issue. I just want to get rid of all those pesky files in the S-1-5-19
    > > folder somehow. Please help me figure this thing out.
    > >
    > > Thanks.
    > >
    > > Bill<!--colorc--><!--/colorc-->
    >
    > <!--colorc--><!--/colorc-->
     
    Bill, Jun 3, 2009
    #3

Share This Page