Windows File Protection: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 18:19, 18 June 2018 edit 86.165.219.56 (talk) No edit summary ← Previous edit		Latest revision as of 10:31, 3 July 2025 edit undo Citation bot (talk \| contribs) Bots 5,862,126 edits Removed parameters. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Wikipedia articles in need of updating from June 2025 \| #UCB_Category 50/831
(9 intermediate revisions by 8 users not shown)
Line 1: {{Short description\|Microsoft Windows security sub-system}} {{no footnotes\|date=October 2015}}▼ {{Multiple issues\| '''Windows File Protection''' ('''WFP'''), a sub-system included in [[Microsoft Windows]] [[operating system]]s of the [[Windows 2000]] and [[Windows XP]] era, aims to prevent programs from replacing critical Windows [[system file]]s. Protecting core system files mitigates problems such as [[DLL hell]] with programs and the operating system. Windows 2000, [[Windows XP]] and [[Windows Server 2003]] include WFP under the name of ''Windows File Protection''; [[Windows Me]] includes it as '''System File Protection''' ('''SFP''').▼ ▲ {{nomore footnotes\|date=October 2015}} {{Outdated\|date=June 2025}} }} ▲'''Windows File Protection''' ('''WFP'''), a sub-system included in [[Microsoft Windows]] [[operating system]]s of the [[Windows 2000]] and [[Windows XP]] era, aims to prevent programs from replacing critical Windows [[system file]]s.<ref name="h795">{{cite book \|url=https://books.google.com/books?id=krByP88msCwC&pg=PA99 \|title=Configuring Windows 2000 without Active Directory \|publisher=Syngress \|year=2001 \|isbn=978-0-08-047672-8 \|pages=99–105 \|access-date=2025-03-01}}</ref><ref name="c359">{{cite book \|last=Carvey \|first=H. \|url=https://books.google.com/books?id=rsdAX92FWBgC&pg=PA180 \|title=Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 \|publisher=Syngress \|year=2012 \|isbn=978-1-59749-728-2 \|page=180 \|access-date=2025-03-01}}</ref><ref name="b652">{{cite book \|last=Hart-Davis \|first=G. \|url=https://books.google.com/books?id=Fy8_GF42WCIC&pg=PA439 \|title=Mastering Windows XP Home Edition \|publisher=Wiley \|year=2006 \|isbn=978-0-7821-5059-9 \|page=439 \|access-date=2025-03-01}}</ref> Protecting core system files mitigates problems such as [[DLL hell]] with programs and the operating system. Windows 2000, [[Windows XP]] and [[Windows Server 2003]] include WFP under the name of ''Windows File Protection''; [[Windows Me]] includes it as '''System File Protection''' ('''SFP'''). == Operation == With Windows File Protection active, replacing or deleting a system file that has no [[File locking\|file lock]] to prevent it getting overwritten causes Windows immediately and silently to restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files. The [[Windows NT]] family uses the cached folder ~~<tt>~~{{mono\|%~~WinDir~~SystemRoot%\System32\Dllcache~~</tt>~~}}. [[Windows Me]] caches its entire set of compressed cabinet setup files and stores them in the ~~<tt>~~{{mono\|%~~Systemroot~~windir%\Options\Install~~</tt>~~}} folder. WFP covers all files which the operating system installs (such as ~~<tt>~~{{mono\|DLL~~</tt>~~}}, ~~<tt>~~{{mono\|EXE~~</tt>~~}}, ~~<tt>~~{{mono\|SYS~~</tt>~~}}, ~~<tt>~~{{mono\|OCX~~</tt>~~}} etc.), protecting them from deletion or from replacement by older versions. The [[digital signature]]s of these files are checked using [[code signing]] and the signature catalog files stored in the ~~<tt>~~{{mono\|%~~Systemroot~~SystemRoot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}~~</tt>~~}} folder. Only certain operating system components such as the ''Package Installer'' (Update.exe) or [[Windows Installer]] (Msiexec.exe) can replace these files. Changes made using any other methods in order to replace these files are reverted and the files are silently restored from the cache. If Windows File Protection cannot automatically find the file in the cached folder, it searches the network path or prompts the user for the Windows installation disc to restore the appropriate version of the file. WFP integrates with the [[System File Checker]] (~~<code>~~{{mono\|sfc.exe~~</code>~~}}) utility. [[Windows Vista]] and later Windows systems do not include Windows File Protection, but they include [[Windows Resource Protection]] which protects files using [[Access control list\|ACLs]]. Windows Resource Protection aims to protect core [[Windows registry\|registry]] keys and values and prevent potentially damaging system configuration changes, besides operating system files. The non-use of ACLs in Windows File Protection was a design choice: Not only did it allow operation on non-NTFS systems, but it prevented those same "bad" installers from failing completely from a file access error. == References == {{Reflist}} == External links == Line 19 ⟶ 27: * [http://support.microsoft.com/kb/253571 Overview of System File Protection (Windows Me)] * [https://web.archive.org/web/20160321062438/https://bitsum.com/aboutwfp.asp Hacking Windows File Protection] * [https://filehare.com/download-protected-folder/ Effective Files Protection Tool] {{Windows Components}}