Why am I unable to delete a read-only file in Live Response?
The session shows the following error:
Remote error 0x80070005 - Access is denied.
As a workaround the attrib commands can be leveraged:
attrib -r [filename.ext]
Once the read-only attribute has been removed (with the command above), the Live Response built-in "delete" command can be used to remove the file.
Alternatively, the Sysinternals tool sdelete from Microsoft also allows the removal of read-only files
sdelete /r [filename.ext]
Carbon Black recommends extensive testing and special care when using powerful deletion tools like SDelete
An enhancement request has been made to add native functionality to delete read-only files
If the error seen is like below, this indicates that an attempt has been made to delete a directory, which is not an available feature in Live Response.
Remote error 0x8007000C - The access code is invalid. |