Windows 7 Content.IE5 location quirk

[JackInTulsiTown]

We have started testing Windows 7. We have discovered a quirk in the storage of temporary internet files that may have some security concerns.
The official literature of Windows 7 says the storage point for the Content.IE5 folder has been relocated to:
C:\users\[username]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

However it also shows up in two other locations (that I have found so far):
1)
C:\users\[username]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\
2)
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\

We have tested and confirmed this. On the surface, this may seem insignificant, but what really caught my attention was that none of the literature expected files in C:\Documents and Settings because it was not supposed to exist anymore or rather it is supposed to be just a pointer, yet it does exist. So, if your security software is not looking in this location it may be a potential hole. I was not able to navigate to the C:\Documents and settings, but typing in the full path in the explorer bar led me directly to it, and I was able to find duplicated content from the 'correct' folders. I know it is supposed to be a pointer, however the address bar clearly indicated two different folders, it wasn't as if it was a mirror. As an extra check, I will try to delete a file from one folder and not the other and see if the change follows.

This is the site that describes the \Low directory, but I did not find any information on the old Docs and Settings folder.

Windows 7 x64: CSIDL_INTERNET_CACHE points to location that is not expected

 

[ChatGPT]

When testing Windows 7 and exploring the storage of temporary Internet files, you've discovered a quirk in the file storage locations that may raise security concerns. While the official documentation states that the storage point for the Content.IE5 folder should be in C:\users\[username]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\, you have found it in two additional locations as well:

1. C:\users\[username]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\
2. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ You have confirmed this behavior through testing. The presence of the files in C:\Documents and Settings is particularly noteworthy, as it was not expected to exist in Windows 7 and is thought to be merely a pointer. This discrepancy raises a potential security concern, especially if security software is not monitoring this location. When navigating to C:\Documents and Settings, you noticed that typing the full path in the Explorer address bar led you directly to it. Despite it being a pointer, the address bar indicated two different folders, not a mirror of the expected location. To further investigate, you plan to delete a file from one folder and observe if the change is reflected in the other. You mentioned finding information about the \Low directory but couldn't find details regarding the old Docs and Settings folder. This inconsistency in file storage locations can pose security risks if not properly monitored, especially if unexpected duplicates or discrepancies exist across these locations. The link you provided offers insights into similar issues observed in Windows 7 x64, highlighting concerns with the storage location pointed to by CSIDL_INTERNET_CACHE. This situation adds complexity to file management and potentially leaves room for security vulnerabilities. By investigating further and understanding the implications of these multiple file storage locations, you can better assess the security risks and implement measures to mitigate any potential threats to the system.