Endpoint Encryption

I have a security issue with creation of self-decrypting archive.

When the self-decrypting archive, exe file, is created all included files are copied to temporary folder, which is defined in Windows User Variables, e.g. TMP=%USERPROFILE%\Local Settings\Temp, and the folder could for example be named PGP3D.

The files, which are included in the archive, that has Read-Only attribute will not be deleted after the archive has been created, and therefore still remain in the TEMP folder.

This is of course a security issue!

This has been tested on PGP Desktop version 10.1.1 and also on the latest PGP Desktop version 10.1.2 version.

Also, are the files simply deleted from the TEMP folder or are they wiped?

I can't better answer your concern here, but want to point out that if it is not adequately addressed here, you may want to make a Feature Request as to how you would recomment this be improved. 

You may also like to know that if you use PGP's option of "Shred when emptying the Recycle Bin" (Disk tab of PGP Options) that all files deleted from the Recycle Bin, and all files including system and application temp files that are deleted with bypassing the Recycle Bin, are wiped.