Several weeks back some strange directories began showing up on the root of an external hard drive attached to a workstation. The directory names were a random string of hex characters (ex – f70c1dfbdd743f2730354f01951da804) and they seemed to increase by a few each day.
Attempting to navigate to (or delete) one of the folders prompts for admin approval, and the only content is an amd64 folder which is empty. These are exactly the types of folders created during installation of a Microsoft update…but such updates will usually remove the folder when installation is completed, and in this case there is no indication of an update coming down recently (the most recent folder was created a couple hours ago, whereas the last Software Update install was over a week ago):
Taking the creation date/time of the most recent folder and look for actions in the Application Event Log, the source of the issue is easily identified:
In this case, the ConfigMgr 2012 site managing the system is at SP1 with no Cumulative Updates installed, and the workstation in question is Windows 8.1 Enterprise 64-bit. Because System Center Endpoint Protection is enabled for the environment, the SCEP 2012 client is attempting to install on the workstation but fails because it does not support Windows 8.1 at the current level, and the install does not fully remove the extraction folder following the failure.
So, until the site and the client (because the SCEP installation files are part of the locally installed client) are updated to the SP1 CU3 or R2, the workstation will continue to see these random folders appearing as SCEP 2012 periodically attempts to install.