What temp directories can be safely emptied?

[yhbrent]

I just finished reading the excellent book "Computer Security for the
Home and Small Office" by Thomas Greene. On pp. 170-2, in the context
of a general discussion on data hygiene, he mentions periodically
deleting (even securely wiping) temp files as a good practice.

I recently wrote a Java program that identifies temp directories, and
will also attempt to empty the contents of all temp directories that it
is instructed to empty.

To identify temp directories, my program currently just looks for
directories with "temp" or "tmp" in their name (but rejects them if the
substring is "template"). It also includes the print spool directory
WINDOWS\system32\spool\PRINTERS
as a special case.

Running this portion of the program on my C drive yields this huge list
of temp directories:
C:\Documents and Settings\SamSmith\Application Data\Azureus\tmp
C:\Documents and Settings\SamSmith\Application
Data\ScanSoft\PaperPort\9\Temp
C:\Documents and Settings\SamSmith\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\tmp
C:\Documents and Settings\SamSmith\Application
Data\Sun\Java\Deployment\cache\tmp
C:\Documents and Settings\SamSmith\Application
Data\Sun\Java\Deployment\tmp
C:\Documents and Settings\SamSmith\Local Settings\Temp
C:\Documents and Settings\SamSmith\Local Settings\Temporary Internet
Files
C:\Documents and Settings\Default User\Local Settings\Temp
C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temp
C:\Documents and Settings\LocalService\Local Settings\Temporary
Internet Files
C:\Documents and Settings\NetworkService\Local Settings\Temp
C:\Documents and Settings\NetworkService\Local Settings\Temporary
Internet Files
C:\Documents and Settings\UserLimited\Local Settings\Temp
C:\Documents and Settings\UserLimited\Local Settings\Temporary
Internet Files
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files
C:\WINDOWS\PCHealth\HelpCtr\Temp
C:\WINDOWS\Temp
C:\WINDOWS\WinSxS\InstallTemp
C:\WINDOWS\assembly\temp
C:\WINDOWS\assembly\tmp
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\config\systemprofile
C:\WINDOWS\system32\spool\drivers\w32x86\3\temp
C:\WINDOWS\system32\spool\PRINTERS

My question is which temp directories can be safely emptied?

Right now, I have configured the program to only empty the user ones
inside
C:\Documents and Settings\
since I am assuming that no critical system files should be placed in
there. Please let me know if this is a bad assumption!

But what about all those temp directories under C:\WINDOWS:
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files
C:\WINDOWS\PCHealth\HelpCtr\Temp
C:\WINDOWS\Temp
C:\WINDOWS\WinSxS\InstallTemp
C:\WINDOWS\assembly\temp
C:\WINDOWS\assembly\tmp
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\config\systemprofile
C:\WINDOWS\system32\spool\drivers\w32x86\3\temp
? Are all of these safe to empty as well, or could critical system
files be found there too?

Also, are there any other known special case temp directories besides
C:\WINDOWS\system32\spool\PRINTERS
(where by "special case" I mean that the temp directory does not have
"temp" or "tmp" in its name)?

The reason why I ask is because my program will also search for temp
files throughout the hard drive and report those outside of the already
identified temp directories. I am currently identifying temp files as
any file whose name starts with '~' or whose extension is ".tmp". My
program found these additional temp files:
C:\Documents and Settings\SamSmith\Application
Data\Azureus\torrents\AZU14343.tmp
C:\Documents and Settings\SamSmith\Application
Data\Microsoft\Office\fbc1C.tmp
C:\WINDOWS\002376_.tmp
C:\WINDOWS\DUMP30f3.tmp
C:\WINDOWS\Installer\MSI22.tmp
C:\WINDOWS\Installer\MSI23.tmp
C:\WINDOWS\Installer\MSI24.tmp
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET7.tmp
C:\WINDOWS\system32\CONFIG.TMP
Are these files also safe to delete?

Note that my Java program only issues a delete command, and if it fails
(e.g. because the file is somehow locked), then the program merely logs
that fact and moves on. I have seen file deletion fail with some of
the C:\Documents and Settings files such as

C:\Documents and Settings\SamSmith\Local
Settings\Temp\hsperfdata_SamSmith
--what is this one???

C:\Documents and Settings\SamSmith\Local Settings\Temp\~DF831.tmp
--what is this one??? nothing seems to be able to kill it, even from
win explorer!

C:\Documents and Settings\SamSmith\Local Settings\Temporary Internet
Files\Content.IE5
--was not deleted because my program was unable to delete the subfile
C:\Documents and Settings\SamSmith\Local Settings\Temporary Internet
Files\Content.IE5\index.dat
so I guess I will have to use one of those specialized windows apps
to remove this dreaded file

Also note that my program runs every night as part of a batch process
that includes restarting the machine, defraging the drive, and running
cipher.exe /w to wipe all free space. This temp file deletion program
will only run well after the reboot process has finished, so
installation files that were left in a temp directory waiting for the
next reboot to be moved should not be a problem.

 

[yhbrent]

I should have added to my original posting that I am running win xp
sp2.

Also, please let me know if there is a more appropriate newsgroup than
this one. I did a newsgroup search prior to posting and did find some
older discussions that are somewhat related to my concerns. The
postings seemed to be on the win2k newsgroup or other random groups.
They also did not address all the particular concerns that my original
posting above raises (altho I found postings claiming that it is OK to
empty C:\WINDOWS\Temp once you have fully rebooted).

 

[Jim]

All temp files can be deleted. XP will not allow deletion of files that are
being used by some application; hence, it is safe to clean out all temp
files. Leave the folders alone though.
Jim