3

There is a custom script that errors out when running is getting access denied. I looked at Process Mon from sysinternals but I don't see where it shows what is blocking access to a file/folder. I need to find out if it's the antivirus(without uninstalling it), previous iterations of the code, or something else that has a lock on the file. How can I do that?

Pavix
  • 31
  • 1
  • Are you logging the activities and outputs from the script? If not, I would try getting that going. If so, is there an error being logged? – Todd Wilcox Dec 13 '17 at 16:05

1 Answers1

1

The simple answer: not.

If it's AV/Screening/Driver stuff, the lock occurs in the (kernel) FS-API, which is not visible to processes in userland. If it's in Userland, the administrator's procmon or, with more comfort, handle.exe will show the culprit to you. You can use handle.exe to see the programs that have a file open, or to see the object types and names of all the handles of a program - IF there are such.

bjoster
  • 4,423
  • 5
  • 22
  • 32