Sysmon at this point looks like a better option as it installs itself as part of the boot process and survives reboots. However, will this tie in the connection of the "c" file and what application/ file it's part of? At this point, I don't think it's a malware that I or others are dealing with. I do believe it's tied in with MS or an MS app (edge perhaps?), or at the very least the WU service, but that still doesn't explain why some have it, and others don't - is it different flighting of insider builds, different editions of Windows 11, etc. I will give Sysmon a try as well through. Because this is just bothering the heck out of me. Per ChatGPT, I asked "What is the Panther folder in the windows directory of Windows 11? I've noticed a new folder called NewOS?" and found that in an earlier conversation on modified/ created xml files on this thread that:
"The
Panther folder in the Windows directory of a Windows system is related to the
Windows installation process. It is primarily used during
system upgrades, installations, or major updates to store logs and temporary files. This folder is particularly helpful for diagnosing issues during Windows installations or upgrades, as it contains logs that detail each step of the process.
Logs Found in the Panther Folder
Common log files in this folder include:
- Setupact.log: Tracks actions taken during setup.
- Setuperr.log: Logs errors encountered during the setup process.
- CompatData files: Contain compatibility-related information when upgrading Windows.
"NewOS" Folder
The
NewOS folder is likely created during an operating system upgrade or a major update to Windows. It often serves as a placeholder or working directory for files required for the new version of the OS being installed. For example:
- It may hold temporary files or installation data for the new operating system while the upgrade is in progress.
- Once the update or upgrade is completed successfully, this folder might remain if cleanup operations don’t delete it.
If you notice these folders, it usually means that:
- A major Windows update or upgrade has been recently attempted or completed.
- Diagnostic information is stored there to aid in troubleshooting if the update/upgrade fails.
You can review the logs in these folders to check for issues or simply verify that the installation was successful. However, unless you need to troubleshoot a problem, it is usually safe to leave these folders as they are. If you're low on disk space, and the upgrade completed successfully, you can back up and delete them, though caution is recommended."
Hence, that's why I believe it to be the reason why I was able to get the new features last night after restoring the "c" file immediately right after I the restored of the "c" file (of course, with a crash that followed). I didn't have those new features prior to then (coincidence?). However, I'm not sure of it's association with the WU service itself....Is it a marker of who gets new features and who doesn't? Is it a left over? That's where I'm at now.
I do recall now though, it was Whistler.....
www.tenforums.com
support.microsoft.com
