Windows File Protection happens to be a built-in Windows feature designed to protect critical system files from getting replaced or overwritten, be it inadvertently or intentionally. And in the unlikely scenario of that ever happening, the feature also restores the original copy of the particular file automatically to ensure smooth operation of the PC.
What is Windows File Protection?
Those files that are needed by the operating system as well as other supported applications for the smooth functioning of the PC come under the coverage of Windows File Protection. Such files typically have extensions such as .dll, .exe, .ocx, and .sys extension and some True Type fonts.
It works on the basis of file signatures and catalog files generated by code signing to make sure if the files under its purview are indeed the ones that came with the original Windows installation. If not, the affected files are identified and replaced though the replacement is done strictly in accordance with the following method:
- Windows Service Pack installation using Update.exe
- Hotfixes installed using Hotfix.exe or Update.exe
- Operating system upgrades using Winnt32.exe
- Windows Update
How Windows File Protection Works
Further, there are two ways the WFP feature works though fortunately for the user, most of its working goes on behind the scene and requires least intervention by the user. For instance, the WFP feature kicks in automatically whenever there is a directory change notification raised. The latter again springs to life if there is a change detected in any files present in the protected directory.
The next thing for WFP to do is to determine which file has undergone a change and if the file is in the protected category. If yes, WFP will then attempt to match the file signature with the file catalog to make sure if the new version of the file is indeed genuine. If not, WFP will then replace the file with the correct version of it from the cache folder – %systemroot%system32dllcache.
Or if the said file is missing in the cache folder, WFP will then attempt to source the same from the installation source which can be either the Windows DVD, image file or such. In such a scenario, WFP shows a message wherein it mentions the name of the corrupted file along with the original location of the said file. Point to note here is that the said messages will be shown only if you are logged in as an administrator. Else, the system will wait for the administrator to log in for the message to be displayed.
SFC scannow and Windows File Protection
The other protection mechanism WFP feature comes with is the System File Checker or SFC. The way it works is this – the System File Checker will scan all protected file once the GUI mode of setup is complete. This way, SFC will ensure all protected files are exactly how it should be. The SFC will also scan all the catalog files as well, the ones that are used to check the authenticity of the protected files.
And just in case there is any discrepancy found in the catalog file, it makes the necessary correction using the cached version of the file from the cache folder. However, if the cached copy of the catalog file is also missing, WFP feature will request for the original Windows installation media to retrieve the correct version of the affected catalog file.
Windows File Protection originally debuted with Windows 2000 followed by other subsequent Windows versions such as Windows XP and Windows Server 2003. With Windows Me, it came to be identified as System File Protection or SFP through the basic functioning remained the same.
Starting Windows Vista and all subsequent editions of Windows post that, its Windows Resource Protection that took on the role. That included preventing undesired system configuration changes, protecting crucial registry keys and values besides ensuring all critical operating system files are in the current form and order, thereby preventing what has come to be known in the tech circle as the dreaded .dll hell state.
RELATED POSTS TO CHECK OUT:
- What is Windows Time Service and how is it useful?
- What is $Windows.~WS folder in Windows 10?
- We answer: What is Process Explorer, and how can you use it in Windows 10?