Process from OUTLOOK.EXE deleting home folder files

J

jtsm

Hi There,

I have a strange issue where users files from their homedrives are being
deleted at seeminly random times. After running procmon on the machine and
capturing it deleting the files. It appears to be coming from OUtlook.exe,
has anyone heard of this type of issue before?

Thanks
 
R

Roady [MVP]

What kind of files are you referring to?

Which kind of configuration are we talking about here?
 
J

jtsm

Any file type found on the root of the home folder (also mapped)

Using Outlook 2007 SP2 on an XP Pro SP3 machine.

process monitor example..

11:00:58.9604484 AM OUTLOOK.EXE 4760 IRP_MJ_CREATE H:\ SUCCESS Desired
Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory,
Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write,
AllocationSize: n/a, OpenResult: Opened File System Domain\DomUser 0
11:00:58.9641865 AM OUTLOOK.EXE 4760 IRP_MJ_CREATE H:\ SUCCESS Desired
Access: Read Data/List Directory, Synchronize, Disposition: Open, Options:
Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write,
AllocationSize: n/a, OpenResult: Opened File System Domain\DomUser 0
11:00:58.9655311
AM OUTLOOK.EXE 4760 IRP_MJ_DIRECTORY_CONTROL H:\* SUCCESS Type:
QueryDirectory, Filter: *, 2: . File System Domain\DomUser 0
11:00:58.9717682 AM OUTLOOK.EXE 4760 IRP_MJ_CREATE H:\ SUCCESS Desired
Access: Read Data/List Directory, Synchronize, Disposition: Open, Options:
Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write,
AllocationSize: n/a, OpenResult: Opened File System Domain\DomUser 0
11:00:58.9732938
AM OUTLOOK.EXE 4760 IRP_MJ_DIRECTORY_CONTROL H:\Agenda_July2009.doc SUCCESS Type:
QueryDirectory, Filter: Agenda_July2009.doc, 2: Agenda_July2009.doc File
System Domain\DomUser 0
11:00:58.9824123
AM OUTLOOK.EXE 4760 IRP_MJ_CREATE H:\Agenda_July2009.doc SUCCESS Desired
Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory
File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a, OpenResult: Opened File System Domain\DomUser 0
11:00:58.9869961
AM OUTLOOK.EXE 4760 IRP_MJ_QUERY_INFORMATION H:\Agenda_July2009.doc SUCCESS Type:
QueryAttributeTagFile, Attributes: A, ReparseTag: 0x0 File
System Domain\DomUser 0
11:00:58.9884530
AM OUTLOOK.EXE 4760 IRP_MJ_SET_INFORMATION H:\Agenda_July2009.doc SUCCESS Type: SetDispositionInformationFile, Delete: True File System Domain\DomUser 0
11:00:58.9910112
AM OUTLOOK.EXE 4760 IRP_MJ_CLEANUP H:\Agenda_July2009.doc SUCCESS File
System Domain\DomUser 0
11:00:58.9915610
AM OUTLOOK.EXE 4760 IRP_MJ_CLOSE H:\Agenda_July2009.doc SUCCESS File
System Domain\DomUser 0

And the delete in the log is...

11:00:58.9884530
AM OUTLOOK.EXE 4760 IRP_MJ_SET_INFORMATION H:\Agenda_July2009.doc SUCCESS Type: SetDispositionInformationFile, Delete: True File System Domain\DomUser 0

has proven very hard to track the cause...

Thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Synchronization problems while moving folders to new email 1
Outlook.exe process hangs on exit in Outlook 2007 2
Disabling RSS Integration 1
Outlook 2007 - "has stopped working" on Vista Ultimate 3
Deleting temp int. files using Vista Outlook 2007? 11
Outlook 2003 Locks/Crashes attaching file: Fault Bucket 1
Inbox folder disappears 1
Problem with deleting calendar entries 1

Top