I am running out of disk space on C:-drive. We see many (millions of) files in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
What are these files ?
Why are so many files created? How can we prevent this from happening? Can these files be deleted?
Asked
Active
Viewed 5.1k times
13
Oliver Salzburg
- 89,072
- 65
- 269
- 311
3 Answers
5
I have found the answer by some analysis and testing. The problem is caused by SSL checking performed by ESET antivirus software.
Disable SSL scanning in ESET and these files will stop appearing in great quantities.
ESET SSL scanning is also connected to MITM attack warning in Chrome (also see links posted in given Q/A and comments).
4
The files are related to SSL certificates issued through the Windows webserver, IIS.
A solution to delete these files is suggested here:
OK so I have found a way to clear down the folder: forfiles /d -90 /C "cmd /c del @file /F /A:AS"
This looks for files older than 90 days and runs cmd - the del command with force option and files with attributes A and S (archive & system). I dont know why it wasn't working without the /A:AS on the end, maybe because they are system files.
Forfiles is a utility to perform batch operations on multiple files.
CAUTION: before you proceed to remove the files, make sure they are not crucial to any production-critical web sites !
Kez
- 16,911
pleinolijf
- 1,571
2
There are four common reasons why the files in the MachineKeys folder are not automatically removed:
- There is a permission issue that is preventing OS to remove file from that folder. Compare the folder permissions with the ones listed in this document
- There is a code related issue. The application is not removing X.509 certificates once it uses them for communication. More details
- A security software might be performing SSL check and causing these files to persist. Try disabling this software
- Enterprise CA might be failing to respond the request. Check Event Viewer logs for the failed requests
Ned
- 151