Windows File Protection: Here is all you want to know

Reading time icon 5 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Windows File Protection is a feature in Windows 10 that ensures the protection of critical system files.
  • The article below will be discussing in greater detail what it is, how to use it, and some alternatives.
  • To read more on the subject, check out our dedicated WFP Hub.
  • If the topic of data protection interests you, we have a specialized Data Protection page as well.

Windows File Protection happens to be a built-in Windows feature designed to protect critical system files from getting replaced or overwritten, be it inadvertently or intentionally.

In the unlikely scenario of that ever happening, the feature also restores the original copy of the particular file automatically to ensure the smooth operation of the PC.

What is Windows File Protection?

Those files that are needed by the operating system as well as other supported applications for the smooth functioning of the PC come under the coverage of Windows File Protection.

Such files typically have extensions such as .dll, .exe, .ocx, and .sys extension and some True Type fonts.

It works on the basis of file signatures and catalog files generated by code signing to make sure if the files under its purview are indeed the ones that came with the original Windows installation.

If not, the affected files are identified and replaced though the replacement is done strictly in accordance with the following method:

  • Windows Service Pack installation using Update.exe
  • Hotfixes installed using Hotfix.exe or Update.exe
  • Operating system upgrades using Winnt32.exe
  • Windows Update

Third-party file protection programs

A far simpler alternative than to use your system’s built-in tools is to use third-party software that is especially dedicated to this particular task. In the case at hand, One program that can ensure the safety of your files is none other than WinZip.

While most of you may know it as a basic archiving tool, WinZip has evolved a lot ever since its inception, adding many new features to its toolset, including the ability to lock files and protect them from deletion.

This is done via something that the developer likes to call banking-level encryption, meaning that no one other than yourself will ever have access to the data that you are archiving.

Of course, it hasn’t forgotten its roots, since it can still unzip all major file formats, compress files in the best ways possible, and even share them afterward over various platforms.



&aff_sub2=Native” current_url=”true” button_text=”Get it now” image=”×160.png”]

How does Windows File Protection work?

Further, there are two ways the WFP feature works though fortunately for the user, most of its working goes on behind the scene and requires least intervention by the user.

For instance, the WFP feature kicks in automatically whenever there is a directory change notification raised. The latter again springs to life if there is a change detected in any files present in the protected directory.

The next thing for WFP to do is to determine which file has undergone a change and if the file is in the protected category:

  • If yes, WFP will then attempt to match the file signature with the file catalog to make sure if the new version of the file is indeed genuine.
  • If not, WFP will then replace the file with the correct version of it from the cache folder – %systemroot%system32dllcache.

Or if the said file is missing in the cache folder, WFP will then attempt to source the same from the installation source which can be either the Windows DVD, image file or such.

In such a scenario, WFP shows a message wherein it mentions the name of the corrupted file along with the original location of the said file. Point to note here is that the said messages will be shown only if you are logged in as an administrator.

Else, the system will wait for the administrator to log in for the message to be displayed.

SFC scannow and Windows File Protection

The other protection mechanism WFP feature comes with is the System File Checker or SFC. The way it works is this – the System File Checker will scan all protected file once the GUI mode of setup is complete.

This way, SFC will ensure all protected files are exactly how it should be. The SFC will also scan all the catalog files as well, the ones that are used to check the authenticity of the protected files.

And just in case there is any discrepancy found in the catalog file, it makes the necessary correction using the cached version of the file from the cache folder.

However, if the cached copy of the catalog file is also missing, the WFP feature will request the original Windows installation media to retrieve the correct version of the affected catalog file.

Windows File Protection originally debuted with Windows 2000 followed by other subsequent Windows versions such as Windows XP and Windows Server 2003.

With Windows Me, it came to be identified as System File Protection or SFP through the basic functioning remained the same.

Starting Windows Vista and all subsequent editions of Windows post that, its Windows Resource Protection that took on the role.

That included preventing undesired system configuration changes, protecting crucial registry keys and values besides ensuring all critical operating system files are in the current form and order, thereby preventing what has come to be known in the tech circle as the dreaded .dll hell state.


More about the topics: windows 10, winZip