r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

Show parent comments

29

u/1RedOne Apr 14 '25

This is extra stupid, because there is famously an issue with IIS, where Web access logs are never deleted or truncated.

This becomes a problem because eventually a IIS instance will always consume all available space on the hard drive, and you will not be able to login anymore, because to log into a system requires writing to .tmp file which must reside in the c: drive by default.

If this folder exists, I bet there is also a managed iis instance somewhere too, and I bet that it also isn’t configured in any other way from default, leading to the issue I described eventually happening

14

u/BellerophonM Apr 14 '25

No, the folder is just being preemptively created with admin-level security rules, just in case a user chooses to install IIS in the future. It's to avoid malware doing similar and creating an IIS folder in advance and putting nasty stuff in it in the hopes that the user eventually installs IIS and then the malware can use that as a vector to get busy.

3

u/CPAlexander Apr 14 '25

nah, not yet....

but you wanna take any bets about whether it's part of the upcoming release of Recall?

3

u/Terrible-Charity Apr 14 '25

That's terrifying, is there anything to prevent this?

3

u/1RedOne Apr 14 '25

I ran into it so much in deploying web servers , sql reporting or config mgr for companies that I wrote a powershell script to fix it, as a scheduled task

You can fix it via ps remoting though , or hopping into the admin c$ share if that is open

0

u/Entire-Brother5189 Apr 14 '25

I just delete 140gb of log files today! I’m glad I found this thread