I have a couple of Windows boxes (Windows XP and Windows Server 2008) where a few EXE files (unwise.exe - from Wise installation system - among others) simply disappear from time to time.
I tried to narrow down this issue by disabling antivirus, anti spyware, etc. (I started by looking at their log files and quarantine), but with no luck. There weren't any clues in the event viewer either.
Any suggestion?
You could run Process Monitor continuously, but with a filter of:
This will accumulate a log of all deleted files. Next time you notice a file gone missing, pull up Process Monitor and see what process was responsible for deleting the file.
Turn on File Auditing for the relevant folders. The next time they're deleted, the Event Viewer will have information on who/what deleted them.
You might want to turn it on only for Delete events - otherwise your Event Viewer will be rapidly overrun by standard events (like file access, etc.).
This sounds like a perfect job for Windows Sysinternals Process Monitor. This powerful tool allows you to monitor almost every activity on your system.
While it is powerful it can be also dangerous because when not using proper filters and logging methods it can have a considerable impact on your system (Virtual Memory exhaustion to name one).
In your case I'd do the following:
Ctrl+EFile -> Backing Files... -> Use file named(a separate disk/partition is best for this)Filter -> Filter...selectEvent Class is File SystemthenIncludeand pressAddPath is <path>thenIncludeand pressAddandOKFilter -> Drop Filtered EventsCtrl+EThis should give you some hints about what exactly is happening to your files while having low impact on your system.