FileSystemWatcher no longer has old filename in some Windows 7 machines

294 views Asked by At

This one is too bizarre for me. In my Framework 4.0 WinForms app, FileSystemWatcher recently started giving me a null for OldName and only the parent folder for OldFullPath, not the full path of the old filename. However, some of the Windows 7 computers do this while others do not. I tried uninstalling our company anti-virus program temporarily but that didn't make any difference. I rolled back my code but it didn't make any difference.

I tried switching my application from Framework 4.0 to 4.5.2 but the problem persisted. In fact, I believe the problem is at a lower level than .NET because I wrote a test C++ program that uses ReadDirectoryChangesW() and a similar problem occurs: the problem computer never receives the FILE_ACTION_RENAMED_OLD_NAME notification, only the FILE_ACTION_RENAMED_NEW_NAME one.

I compared running processes and ended ones that are running on the problem computer but not on the non-problem one. Both computers are up to date with Windows Updates; I am hoping not to have to start uninstalling them.

I have one Windows 8 computer and the problem is not there; however, upgrading from 7 to 8 is not an option for several other deployments.

It just occurred to me to look at kernel32.dll on the respective machines, since that is where ReadDirectoryChangesW() lives. It's different.

Worky: v6.1.7601.18798 No worky: v6.1.7601.18869

Was there a recent change to the API that I need to accommodate?

Update: I found a non-working machine with v6.1.7601.18409 so that's not the problem.

1

There are 1 answers

0
Craig Silver On

In a word, Kaspersky.

To elaborate, I thought I had already tested removing KAS but maybe I didn't reboot after or something, and it's odd because it is also installed on a computer at work that does not present the problem--same version of KAS.

Note that this version is a corporate version, which installs:

Kaspersky Endpoint Security 10 for Windows and Kaspersky Security Center Network Agent

A central policy is pushed out to each client computer and enforced. It has control over settings, like trusted applications (a whitelist). When IT pushed out a whitelist entry for my specific application, it fixed the problem.

Note that there are several checkboxes to select for each trusted application entry. This fix only needed one of them.

Under Settings | Anti-Virus protected | Exclusions and trusted applications | Settings, there is a list that can be added to.

Do not scan opened files X Do not monitor application activity Do not inherit restrictions of the parent process (application) Do not monitor child application activity Allow interaction with application interface Do not scan network traffic

Honourable mention must go to my co-worker, Arti Chauhan, who suggested more than once that KAS might be the problem. I thought I had fully tested when I guess I hadn't.