0

ProcMon.exe tells me that many different processes including ones owned by standard users, admins, and the SYSTEM user are receiving "ACCESS DENIED" error results when trying to read "C:/$Extend/$Reparse:$R:$INDEX_ALLOCATION".

Google returns nothing useful from MSDN, but i assume these are NTFS or Windows Search folders. What processes need to be able to r C:\$Extend? w? x?

Set the ProcMon.exe filter to include contains "C:\" for path and include contains "ACCESS DENIED", but exclude "SUCCESS" for results.

Improve this question

1 Answer 1

Reset to default
1

This folder is part of the disks NTFS metadata.

You should never see NTFS meta-structures, so thats one mystery, but either way $EXTEND is NOT user readable, and you should never ever touch it.

Reparse Points are structures that allow the disk to be extended, by including non-contigious data, like volume mount points, hard links, etc.

Improve this answer
1
  • It should be added that $INDEX_ALLOCATION is a MFT attribute that contains a list of children of said directory.
    – Andrea Lazzarotto
    Commented Jun 23, 2016 at 12:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .