Access official resources from Carbon Black experts
Why am I unable to delete a read-only file in Live Response?
The session shows the following error:
Remote error 0x80070005 - Access is denied.
attrib -r [filename.ext]
Once the read-only attribute has been removed (with the command above), the Live Response built-in "delete" command can be used to remove the file.
Alternatively, the Sysinternals tool sdelete from Microsoft also allows the removal of read-only files
sdelete /r [filename.ext]
Carbon Black recommends extensive testing and special care when using powerful deletion tools like SDelete
An enhancement request has been made to add native functionality to delete read-only files, please feel free to upvote:
https://community.carbonblack.com/t5/Idea-Central/Allow-deletion-of-read-only-files-in-Live-Response...
If the error seen is like below, this indicates that an attempt has been made to delete a directory, which is not an available feature in Live Response.
Remote error 0x8007000C - The access code is invalid. |
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.