Windows File Protection: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 02:28, 6 June 2007 edit Voidvector (talk \| contribs) Extended confirmed users, Pending changes reviewers 10,970 edits m see also ← Previous edit		Latest revision as of 10:31, 3 July 2025 edit undo Citation bot (talk \| contribs) Bots 5,861,813 edits Removed parameters. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Wikipedia articles in need of updating from June 2025 \| #UCB_Category 50/831
(45 intermediate revisions by 39 users not shown)
Line 1: {{Short description\|Microsoft Windows security sub-system}} '''Windows File Protection''' (WFP) is a technology included in all [[Microsoft Windows]] [[operating system]]s beginning with [[Windows 2000]] to prevent programs from replacing critical Windows system files. Protecting core system files files prevents problems such as [[DLL hell]] with programs and the operating system. Windows 2000, [[Windows XP]] and [[Windows Server 2003]] include it under the name of ''Windows File Protection'', [[Windows Me]] includes it as ''System File Protection'', whereas [[Windows Vista]] includes [[Windows Resource Protection]] which expands the technology to protect core [[Windows registry\|registry]] keys and values and prevent potentially damaging system configuration changes. {{Multiple issues\| {{more footnotes\|date=October 2015}} {{Outdated\|date=June 2025}} }} '''Windows File Protection''' ('''WFP'''), a sub-system included in [[Microsoft Windows]] [[operating system]]s of the [[Windows 2000]] and [[Windows XP]] era, aims to prevent programs from replacing critical Windows [[system file]]s.<ref name="h795">{{cite book \|url=https://books.google.com/books?id=krByP88msCwC&pg=PA99 \|title=Configuring Windows 2000 without Active Directory \|publisher=Syngress \|year=2001 \|isbn=978-0-08-047672-8 \|pages=99–105 \|access-date=2025-03-01}}</ref><ref name="c359">{{cite book \|last=Carvey \|first=H. \|url=https://books.google.com/books?id=rsdAX92FWBgC&pg=PA180 \|title=Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 \|publisher=Syngress \|year=2012 \|isbn=978-1-59749-728-2 \|page=180 \|access-date=2025-03-01}}</ref><ref name="b652">{{cite book \|last=Hart-Davis \|first=G. \|url=https://books.google.com/books?id=Fy8_GF42WCIC&pg=PA439 \|title=Mastering Windows XP Home Edition \|publisher=Wiley \|year=2006 \|isbn=978-0-7821-5059-9 \|page=439 \|access-date=2025-03-01}}</ref> Protecting core system files mitigates problems such as [[DLL hell]] with programs and the operating system. Windows 2000, [[Windows XP]] and [[Windows Server 2003]] include WFP under the name of ''Windows File Protection''; [[Windows Me]] includes it as '''System File Protection''' ('''SFP'''). When Windows File Protection is active, replacing or deleting a system file that has no [[file lock]] to prevent it from being overwritten, causes Windows to immediately and silently restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files. For the Windows NT family, the cached folder is located at ''%WinDir%\System32\Dllcache''. Windows Me stores the cache at a different ___location.▼ == Operation == Windows File Protection protects critical system files that are installed as part of Windows (for example, files with a [[Dynamic link library\|.dll]], [[EXE\|.exe]], .ocx, and .sys extension and some [[TrueType]] fonts). Windows File Protection uses the file signatures and catalog files that are generated by [[code signing]] to verify if protected system files are the correct versions. Replacement of protected system files is supported only through the following mechanisms: ▲~~When~~With Windows File Protection is active, replacing or deleting a system file that has no [[File locking\|file lock]] to prevent it ~~from being~~getting overwritten, causes Windows to immediately and silently to restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files. ~~For the~~The [[Windows NT]] family, uses the cached folder ~~is located at ''~~{{mono\|%~~WinDir~~SystemRoot%\System32\Dllcache''}}. [[Windows Me]] ~~stores~~caches ~~the~~its ~~cache~~entire atset aof ~~different~~compressed ~~___location~~cabinet setup files and stores them in the {{mono\|%windir%\Options\Install}} folder. * Windows [[Service pack\|Service Pack]] installation using Update.exe * [[Hotfix]]es installed using Hotfix.exe or Update.exe * Operating system upgrades using Winnt32.exe * [[Windows Update]] IfWFP acovers ~~program~~all ~~uses~~files awhich ~~different~~the ~~method~~operating tosystem ~~replace~~installs ~~protected~~(such ~~files~~as {{mono\|DLL}}, ~~Windows~~{{mono\|EXE}}, ~~File~~{{mono\|SYS}}, ~~Protection~~{{mono\|OCX}} ~~restores~~etc.), ~~the~~ ~~original~~protecting ~~files~~them from deletion or from replacement by older versions. The [[~~Windows~~digital ~~Installer~~signature]]s ~~adheres~~of tothese ~~Windows~~files ~~File~~are ~~Protection~~checked ~~when~~using ~~installing~~[[code ~~critical~~signing]] ~~system~~and the signature catalog files ~~and~~stored ~~calls~~in ~~Windows~~the ~~File~~{{mono\|%SystemRoot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}}} ~~Protection~~folder. ~~with~~Only acertain ~~request~~operating tosystem ~~install~~components such as the ''Package Installer'' (Update.exe) or [[Windows Installer]] (Msiexec.exe) can replace ~~the~~these ~~protected~~files. ~~file~~Changes ~~instead~~made ofusing ~~trying~~any toother ~~install~~methods orin order to replace athese ~~protected~~files ~~file~~are reverted and the files are silently restored from the ~~itself~~cache. If Windows File Protection cannot automatically find the file in the cached folder, it searches the network path or prompts the user for the Windows installation disc to restore the appropriate version of the file. WFP integrates with the [[System File Checker]] ({{mono\|sfc.exe}}) utility. ~~== See Also ==~~ [[System File Checker]] [[Windows Vista]] and later Windows systems do not include Windows File Protection, but they include [[Windows Resource Protection]] which protects files using [[Access control list\|ACLs]]. Windows Resource Protection aims to protect core [[Windows registry\|registry]] keys and values and prevent potentially damaging system configuration changes, besides operating system files. The non-use of ACLs in Windows File Protection was a design choice: Not only did it allow operation on non-NTFS systems, but it prevented those same "bad" installers from failing completely from a file access error. == References == {{Reflist}} == External links == Line 19 ⟶ 26: [http://www.microsoft.com/whdc/archive/wfp.mspx Whitepaper on Windows File Protection] * [http://support.microsoft.com/kb/253571 Overview of System File Protection (Windows Me)] * [~~http~~https://~~msdn2~~web.~~microsoft~~archive.~~com~~org/~~en-us~~web/~~library~~20160321062438/~~aa382503~~https://bitsum.com/aboutwfp.~~aspx~~asp Hacking Windows ~~Resource~~File Protection ~~in Windows Vista~~] * [https://filehare.com/download-protected-folder/ Effective Files Protection Tool] {{Windows Components}} [[Category:~~Microsoft~~Discontinued Windows components]] ~~[[Category:Windows administration]]~~ ~~[[Category:Windows components]]~~