System File Checker (sfc) is a little-known Windows command using CMD. Its job is to confirm whether the Windows system files are damaged or not.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
To prevent malware from entering critical system components, Windows makes every effort to maintain the integrity of the file system. If you try to replace a “protected” file, you may receive an error message. That’s Windows File Protection, now known as Windows Resource Protection.
System File Protection: protect system files
The principle behind System file protection (sfp) is that Windows keeps information about important files, which may include, file date/time, size, and Password hash. When files are updated “officially”, this information is also updated to reflect the new files.
Windows will regularly check all those files to make sure they’re still safe, and that the data, size, and hashes all match what was before. If something goes wrong, Windows may display an error message.
Unusual problems include:
- Malware is the main reason for System file protection to exist. Malware can get into the system by itself by modifying Windows’ own files. System file protection detects errors and repairs damage.
- Other programs will often replace components of the system, sometimes breaking things.
- Other accidental failures.
So, what happens when a problem is found?
Repair damaged files
If you’ve ever searched for system files on Windows, it’s not uncommon for you to find some of the following:
- The original file, used by Windows.
- Previous versions of files are saved by Windows Update, so you can uninstall these updates if needed.
- Copies of the File are cached, as a performance enhancement measure to load files faster when needed.
- File backup.
When system file protection needs to restore a certain file, it usually tries to use the original file first.
Also, many systems will have a copy on the recovery partition, and when all else fails, the original Windows can be used to repair the system.
In any case, the repair process also checks to see if the copy it is restoring is correct. If it is incorrect, it will be ignored. Because these copies are on your hard disk, malware authors will try to replace or damage them all to prevent you from repairing the system.
SFC: Command to check System File
SFC is a command line tool that checks if all the files protected by the system are correct and tries to repair the unprotected ones. It’s a great tool when you suspect system files have been corrupted or if you just think there’s something wrong with your system.
SFC requires administrative rights. Right click on the button Start and choose Command Prompt (Admin), Windows PowerShell (Admin) or Windows Terminal (Admin).
After confirming any UAC prompts, type sfc /scannow and press Enter.
SFC will scan your system immediately. It may take a few minutes to run.
If you have installation devices, such as DVD, USB, then you can use it in case SFC needs it to replace corrupted System Files.
Although it is not considered necessary, you need to restart the machine if SFC replaces any system files.
Microsoft has more detailed SFC documentationwith more options to check at startup, how to control the size of the system file protection cache, and more. There is also a Windows resource protection document, which covers the mechanism by which Windows use to try to keep your system files (and a few other things) safe.
In addition, you can also use the 4 best Windows debugging tools here.
