Some times, when you analysis dynamically a malware sample and this created files and then deleted them, disable the permissions for delete files in one specific folder could be useful.
Ok, I know, you might be thinking “a sandbox can do that”, but there are times when you need to run the sample manually (because you need a special configuration to run the sample, because you need to interact with it, etc). In this scenario this procedure can be useful.
Right clic on the folder, then “properties”.
Then go to “Security” tab and clic on “Advanced”.
After that, clic on “Disable inheritance”.
Next, clic on “Convert inherited permissions into explicit permissions on this object”
After that, select a user and clic on “Edit” button.
Select “Show advanced permissions”.
Finally, deselect the permissions “Delete subfolders and files” and “Delete”.
