- April Update for Windows 11 24H2 created a mysterious empty folder
- Some advised this could be deleted but this is actually not the case
- If you delete the ‘Inetpub’ folder, a security fix is used by April -Patch
Windows 11 24H2 users who were confused by a mysterious empty folder that appears on their system drive after applying the latest update to us should be aware that this is not a mistake but a intentional move – and the said folder should not be deleted.
In case you missed it, Windows 11 24h2 last week received its cumulative update for April 2025, creating an ‘Inetpub’ folder that was the source of some confusion or irritation to those who noticed it.
You may also remember that some people advised that it was fine to just delete the folder, not an unreasonable conclusion to reach out to see when it was empty, did not seem to do anything and was related to Microsoft’s Internet Information Services (IIS) Web server software for developers (and showed up for those who had not installed).
At that time, I still advised that you were removing it at your own risk and that it might be best to be alone – as it was empty and seemed harmless (and also just because you never quite know what’s going on with Windows). It seems that I was right as Microsoft has now warned against removing the folder, as mentioned in the beginning.
Microsoft told Windows most recently that the folder is created as part of a security fix for a vulnerability that “can let local attackers fool the system of accessing or changing unintended files or folders.”
In his advice for this security patch, Microsoft notes: “After installing the updates listed in the Table Security Updates for Your Operating System, a new new [inetpub folder] will be created on your [system drive]. This folder should not be deleted, regardless of whether Internet Information Services (IIS) is active on the target unit. This behavior is part of changes that increase protection and do not require any action from the administrators and end users. “
In short, it doesn’t matter if you use IIS or not, you should leave this folder alone. Without the folder is present, the said security hole remains present in Windows 11, giving attackers a potential opportunity to compromise your PC (at least if they are local for the device, which means they have physical access).
Analysis: What if I have already deleted the folder, though?
This is a weird affair and I assumed this was a mistake when I wrote about it last week as it seemed like a strange way of implementing a security fix. Of course, what Microsoft should have done makes it very clear in the release notes of this patch, that it creates the folder and that users should leave it at peace (while noting that it is empty and harmless).
As I have already observed, however, it is best to continue with caution when tinking with Windows. What is particularly strange about this affair is that it has been reported that it has been reported that the same folder has been reported, so maybe this was part of the implementation of security fixes in these cases – who knows it.
How about if you have already deleted the folder? In this case, you need to reintroduce it and Windows latest is available with the solution. You need to open Control panelThen go in Programs> Programs and Features. To the left you see an opportunity to ‘Turn on Windows features to or from ‘ – Click on this. Scroll down the alphabetical list of features and find ‘Internet information services‘And check the check box next to this, and then click OK button.
The folder is now recreated. If you deleted it last week, be sure to complete these steps.
