System File Checker
| A component of Microsoft Windows | |
|---|---|
| Details | |
| Type | System utility |
| Included with | Windows 98 and later |
| Related components | |
| System Restore Windows Recovery Environment Windows Resource Protection |
|
System File Checker is a utility in Microsoft Windows that allows users to scan for and restore corruptions in Windows system files. This utility is available on Windows 98, Windows 2000 and all subsequent versions of Windows NT family of operating systems. In Windows Vista and Windows 7, System File Checker is integrated with Windows Resource Protection, which protects registry keys and folders as well as critical system files. Under Windows Vista, sfc.exe can be used to check specific folder paths, including the Windows folder and the boot folder.
Windows File Protection works by registering for notification of file changes in Winlogon. If any changes are detected to a protected system file, the modified file is restored from a cached copy located in a compressed folder at %WinDir%\System32\dllcache. Windows Resource Protection (WRP) works by setting discretionary access control lists (DACLs) and access control lists (ACLs) defined for protected resources. Permission for full access to modify WRP-protected resources is restricted to the processes using the Windows Modules Installer service (TrustedInstaller.exe). Administrators no longer have full rights to system files.
Contents
History
Due to problems with Windows applications being able to overwrite system files in Windows 95, Microsoft has since implemented a number of security measures to protect system files from malicious attacks, corruptions, or problems such as DLL hell.
System File Checker was first introduced on Windows 98 as a GUI utility. It offered scanning and restoration of corrupted system files by matching the version number against a database containing the original version number of the files in a fresh Windows 98 installation. This method of file protection was basic. It determined system files by file extension and file path. It was able to restore files from the installation media or a source specified by the user. Windows 98 did not offer real-time system file protection beyond file attributes; therefore, no preventive or reactive measure was available.
All Windows NT-based operating systems since Windows 2000 introduced real-time file protection, called Windows File Protection (WFP).[1]
In addition, the System File Checker utility (sfc.exe) was reimplemented as a more robust command-line utility that integrated with WFP. Unlike the Windows 98 SFC utility, the new utility forces a scan of protected system files using Windows File Protection and allows the immediate silent restoration of system files from the DLLCache folder or installation media.
SFC did not appear on Windows ME,[2] as it was replaced with System File Protection (SFP).[3] Similar to WFP, SFP offered real-time protection.
Issues
The System File Checker component included with versions of Windows 2000 earlier than Service Pack 4 are known to override patches distributed by Microsoft. [4] This problem has since been rectified in Windows 2000 Service Pack 4.
Usage
In Windows NT-based operating systems, System File Checker can be invoked via Windows Command Prompt, with the following command:
sfc /scannow
If it finds a problem, it will attempt to replace the problematic files from the DLL Cache (%WinDir%\System32\Dllcache\). If the file is not in the DLL Cache or the DLL Cache is corrupted, the user will be prompted to insert the Windows installation media or provide the network installation path. System File Checker determines the Windows installation source path from the registry values SourcePath and ServicePackSourcePath. [5] It may keep prompting for the installation media even if the user supplies it if these values are not correctly set. [6]
In Windows Vista and onwards, files are protected using Access control lists (ACLs), however the above command has not changed.
System File Checker in Windows Vista and later Windows operating systems can scan specific individual files. Also, scans can be performed against an offline Windows installation folder to replace corrupt files, in case the Windows installation is not bootable. For performing offline scans, System File Checker must be run from another working installation of Windows Vista or a later operating system or from the Windows setup DVD which gives access to the Windows Recovery Environment.
In cases where the component store is corrupted, a tool called CheckSUR can be installed on Windows Vista and 7, which checks the store against its own payload and repairs the corruptions that it detects. Windows 8 and later integrate the functionality of CheckSUR into DISM.
References
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ System File Checker does not accept a network location that contains the installer CD when you use the scannow switch in Windows XP SP2 or in Windows Server 2003
- ↑ You are prompted to insert a Windows XP SP2 CD when you try to run the System File Checker tool on a Windows XP SP2-based computer
External links
- System File Checker (sfc)
- Description of Windows XP and Windows Server 2003 System File Checker (Sfc.exe)
.svg){kind=logo}
