System File Checker

sfc
Developer(s)Microsoft
Initial releaseJune 25, 1998; 26 years ago (1998-06-25)
Operating systemMicrosoft Windows
TypeSystem utility
LicenseProprietary commercial software
Websitedocs.microsoft.com/en-us/windows-server/administration/windows-commands/sfc

System File Checker (SFC[1]) is a utility in Microsoft Windows that allows users to scan for and restore corrupted Windows system files.[2]

Overview

Microsoft ships this utility with Windows 98, Windows 2000 and all subsequent versions of the Windows NT family of operating systems. In Windows Vista, Windows 7 and Windows 10, System File Checker is integrated with Windows Resource Protection (WRP), which protects registry keys and folders as well as critical system files. Under Windows Vista, sfc.exe can be used to check specific folder paths, including the Windows folder and the boot folder.

Windows File Protection (WFP) works by registering for notification of file changes in Winlogon. If any changes are detected to a protected system file, the modified file is restored from a cached copy located in a compressed folder at %WinDir%\System32\dllcache.

Windows Resource Protection (WRP) works by setting discretionary access-control lists (DACLs) and access control lists (ACLs) defined for protected resources. If any changes are detected to a protected system file, the modified file is restored from a cached copy located in a folder at %WinDir%\WinSxS\Backup.[3] Permission for full access to modify WRP-protected resources is restricted to the processes using the Windows Modules Installer service (TrustedInstaller.exe). Administrators no longer have full rights to system files.

History

Due to problems with Windows applications being able to overwrite system files in Windows 95, Microsoft has since implemented a number of security measures to protect system files from malicious attacks, corruptions, or problems such as DLL Hell.

System File Checker was first introduced on Windows 98 as a GUI utility. It offered scanning and restoration of corrupted system files by matching the version number against a database containing the original version number of the files in a fresh Windows 98 installation. This method of file protection was basic. It determined system files by file extension and file path. It was able to restore files from the installation media or a source specified by the user. Windows 98 did not offer real-time system file protection beyond file attributes; therefore, no preventive or reactive measure was available.

All Windows NT-based operating systems since Windows 2000 introduced real-time file protection, called Windows File Protection (WFP).[4]

In addition, the System File Checker utility (sfc.exe) was reimplemented as a more robust command-line utility that integrated with WFP. Unlike the Windows 98 SFC utility, the new utility forces a scan of protected system files using Windows File Protection and allows the immediate silent restoration of system files from the DLLCache folder or installation media.

SFC did not appear on Windows ME,[5] as it was replaced with System File Protection (SFP).[6] Similar to WFP, SFP offered real-time protection.

Issues

The System File Checker component included with versions of Windows 2000 earlier than Service Pack 4 overrode patches distributed by Microsoft;[7] this was rectified in Windows 2000 Service Pack 4.

Usage

In Windows NT-based operating systems, System File Checker can be invoked via Windows Command Prompt (with Admin privilege[8]), with the following command:

  • sfc /scannow (to repair problems)
  • or sfc /verifyonly (no repair)

If it finds a problem, it will attempt to replace the problematic files from the DLL Cache (%WinDir%\System32\dllcache). If the file is not in the DLL Cache or the DLL Cache is corrupted, the user will be prompted to insert the Windows installation media or provide the network installation path. System File Checker determines the Windows installation source path from the registry values SourcePath and ServicePackSourcePath.[9] It may keep prompting for the installation media even if the user supplies it if these values are not correctly set.[10]

In Windows Vista and onwards, files are protected using access control lists (ACLs), and if it finds a problem, it will attempt to replace the problematic files from the Windows Side-by-side Backup (%WinDir%\WinSxS\Backup).[3] However, the above command has not changed.

System File Checker in Windows Vista and later Windows operating systems can scan specified files. Also, scans can be performed against an offline Windows installation folder to replace corrupt files, in case the Windows installation is not bootable. For performing offline scans, System File Checker must be run from another working installation of Windows Vista or a later operating system or from the Windows setup DVD[11] or a recovery drive which gives access to the Windows Recovery Environment.

In cases where the component store is corrupted, the "System Update Readiness tool" (CheckSUR) can be installed on Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008, replaced by "Deployment Image Service and Management Tool" (DISM) for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2 or Windows Server 2012. This tool checks the store against its own payload and repairs the corruptions that it detects by downloading required files through Windows update.[12]

References

  1. ^ Boswell, William (2003). "Using the System File Checker, SFC". Inside Windows Server 2003. Inside Series. p. 860. ISBN 9780735711587. Retrieved 2017-07-23. You do not need to hack the Registry to change the WFP settings. A command-line utility comes with Windows Server 2003 to set these values. Called the System File Checker, or SFC, the utility can also rebuild the D11Cache directory files if files are accidentally deleted.
  2. ^ "MS-DOS and Windows command line SFC command".
  3. ^ a b stevewhims (2021-01-07). "Protected Resource List - Win32 apps". learn.microsoft.com. Retrieved 2024-03-15.
  4. ^ "Description of the Windows File Protection Feature". Support. Microsoft. December 15, 2003. Archived from the original on October 20, 2004. Retrieved August 28, 2006.
  5. ^ Spector, Lincoln (February 14, 2001). "Answer Line: Windows 98 Utilities Missing in Windows Me?". PC World. IDG. Archived from the original on June 5, 2011. Retrieved December 26, 2011.
  6. ^ "System File Protection and Windows Me". Microsoft. December 4, 2011. Archived from the original on June 22, 2004. Retrieved August 28, 2006.
  7. ^ "The SFC /SCANNOW Command May Overwrite Hotfix Files". Support. Microsoft. October 30, 2006. Archived from the original on November 16, 2006. Retrieved February 1, 2010.
  8. ^ "SFC - System File CheckerWindows CMD". SS64.com. Retrieved 2023-09-12.
  9. ^ "System File Checker does not accept a network location that contains the installer CD when you use the scannow switch in Windows XP SP2 or in Windows Server 2003". Support. Microsoft. January 13, 2005. Archived from the original on January 16, 2007.
  10. ^ "You are prompted to insert a Windows XP SP2 CD when you try to run the System File Checker tool on a Windows XP SP2-based computer". Support. Microsoft. July 5, 2005. Archived from the original on February 7, 2007.
  11. ^ kumar, Rohit (26 July 2016). "Run System File Checker Tool to Repair Windows 10/8/7 files". Craxworld. Self Published. Archived from the original on September 11, 2016.
  12. ^ "Fix Windows Update errors by using the DISM or System Update Readiness tool". Support. Microsoft. January 22, 2017. Retrieved February 11, 2017.

Further reading