"Wgua_critical_files" In My Windows 11 Device


I have got loads of files named "wgua_critical_files" with many different type of fil endings, many includes macro.

They resides in folders that are hidden. The more I delete, the more new files are created.

I have searched the web, but no clear result. (Ransome ware, was one suggestion)

Any ideas?

Many thanks in advance for your help.



  • Gjoksi
    Gjoksi DEFENDER OF THE YEAR 2022 ✭✭✭✭✭


    They could be Ransomware or they could be part of WatchGuard security soultion:

    Anyway, if you suspect that those files are ransomware, you should try the Bitdefender Ransomware Recognition Tool:

    and see if you can get the appropriate decryption tool, if it exists.

    Next, you should do a full system scan with Bitdefender.

    Finally, you could also contact Bitdefender Consumer Support by chat, telephone or e-mail:


    NOTE: Bitdefender telephone support is not toll-free!


  • Those files are ransomware decoy files made by the app Panda AV. If you've had it or installed it in recent years then these files would have been autogenerated when you enabled ransomware protection and are purposefully vulnerable. They are populated by a number of methods. If you no longer use Panda and do not want them, I would redownload the app and disable ransomware protection. Doing so should trigger the app to disable all methods for creating those files. Then you can reboot and delete the files (if they haven't been deleted during the reboot process). From there you should be able to uninstall Panda AV. If that feature is off by default you may have to enable, reboot, disable, reboot, delete files, uninstall, reboot. If you currently use Panda and would like to keep the ransomware protection enabled then these files are normal and can be ignored. They shouldn't affect your PC or its files in any way. If you don't like seeing them, you may be able to hide them as they are created. However that may interfere with the decoy process as Panda uses both hidden and non hidden files and it might just keep creating more of them. My advice would be to leave it alone and ignore it if you wish to use Panda's ransomware protection. If you don't want to use Panda and do not wish to redownload it, then you may have to do some research on which methods Panda uses (like event triggers, registry files, batch files, etc) and delete all of them manually. With either method you may also have to find a way to delete all the files without the OS running (like plugging your local drive into another computer as if it were an external and deleting them without any OS running on the drive). Some of those files may create replacements of themselves when deleted so it could be a real pain to do even if you redownload Panda. I personally use Panda and know it to be a very good and trustable application so if you would like a recommendation I can promise there's no harm in redownloading it. I would try that method first.