16
3
A file is being deleted seemingly randomly throughout the day. The vendor of the software whose file is being deleted says that another piece of software installed on the computer is deleting it, while the other software's vendor says the opposite.
I've tried using Process Monitor so I can pinpoint exactly what's deleting it, but even when filtered specifically to that file, createfile operations are being triggered a few times a second, and I can't filter it to deletions specifically.
Is there a tool or script I can use to specifically monitor deletion attempts on a single file?
temporarily set the file to read only, then within procmon you should see and access denied with the process name. – user33788 – 2010-06-08T20:22:11.733
Unfortunately, I'm not sure that's feasible, the deletions are far enough between that I can't keep the service offline without a lot of work setting up a backup on another system, but short enough between to keep us busy fixing things every time it happens. – Jordan Milne – 2010-06-09T01:33:42.443