On Wed, Jun 29, 2011 at 11:57 AM, Miller Bonnie L. <[email protected]> wrote: > Trying to find out if c:\windows\security\tmp.edb
"tmp.edb" is a standard name used by the Extensible Storage Engine (ESE). ESE *is* used by the security configuration template system, and it *does* have some ESE-related files living in "C:\windows\security\", so that's a plausible name. The problem is, malware writers know this too, so they often create files with plausible or even completely legitimate names (displacing legitimate files). A very cursory eyeball scan of Google results does suggest that is a possibility. Or it could be a false positive that randomly matched some signature. The only way to know for sure is to examine the file contents. A very quick check of TMP.EDB files on my systems doesn't seem to find any obvious header or "magic number". I don't think Microsoft documents the format of this file. However, you might look at *your* TMP.EDB and see if it's anything obvious -- especially if it has a Windows executable header. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
