The C:\ProgramData\Microsoft\Crypto\RSA\MachineKey folder is where Windows stores SSL certificate pair keys
for the computer and all users. Whenever a connection is established and a certificate request is generated, a new file is created and stored in that sub-directory.
If there is a large number of files in that folder it could be caused by SSL checking performed by ESET NOD32 Antivirus. ESET utilizes a Man-in-the-middle attack (MITM)
to decrypt SSL traffic so it can scan the contents. In order to do this, it must generate a fake key for each SSL website visited so the browser does not indicate with an alert that the connection has been compromised. Disabling SSL scanning in ESET
will prevent these files from accumulating in large numbers.
BTW...Files that are showing in a security scan log as being locked, skipped, unable to open, not tested, unable to scan, etc usually are not indicative of a malware infection.
"Object is locked skipped
", "File locked
", "Locked file. Not tested
", "file cannot be accessed
, "Access Denied
", "Some files could not be scanned
", "file could not be opened
", "Error Opening
", "unable to open
", "Password Protected
" or "Encrypted
" notations in an anti-virus/anti-malware scan are not uncommon. Some files and services are locked by the operating system
or running programs during use for protection
, so scanners cannot access them. Other legitimate files, especially those used by security programs, may be obfuscated
or password protected
in order to conceal itself so they do not allow access as a protective measure. When the scanner finds such an object, it makes a note and then just skips to the next one. That explains why it may show with such notations but no action taken in certain anti-virus or anti-malware log scan reports. These are normal when using many security scanning programs so there is seldom a need for concern.