Windows System File Checker helps stop system failures

When system files are modified, Windows File Protection Service checks to make sure that the modified file is the correct version to protect against system failure. If the version is incorrect, or if Windows can't verify the file's authenticity, Windows displays the following error message:

A file replacement was attempted on the protected system file filename. To maintain system stability, the file has been restored to the correct Microsoft version. If problems occur with your application, please contact the application vendor for support.

Once this error has been triggered, two things happen.

As you can imagine, the Windows File Protection Service goes a long way toward protecting a system's integrity. Unfortunately, it only checks system files for authenticity at certain times, and not every time they are accessed. But there is a way you can invoke a system file check manually to verify a file's authenticity.

Note that not every Windows system file is protected. Some files, such as INI files, are regularly updated through the course of normal operations. Windows protects files that use the following extensions: .EXE, .DLL, .SYS, .OCX, .TTF and .FON. Also keep in mind that only files that are a part of Windows are protected. Applications often create files that use these extensions, but such files are not protected.

Scanning protected operating system files involves using Microsoft's command-line tool called the System File Checker. Unlike many other Windows command-line tools, the syntax for using System File Checker is extremely simple. To perform an immediate scan, enter the following command:

SFC /SCANNOW

Y

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

SFC /SCANONCE

Or you can have System File Checker scan the system files at every boot, although doing so significantly slows down the boot process. To do that, enter this command:

SFC /SCANBOOT

The System File Checker initially checks the DLL cache for valid versions of the system files. However, the DLL cache is a favorite target for malicious software. If your system is infected, you can force the System File Checker to completely delete the contents of the DLL cache and then repopulate the cache with known good files from the Windows installation CD. The command to do that is:

SFC /PURGECACHE

Sometimes the DLL cache may be too small to contain all of the system files that you would like to cache. You can, however, use System File Checker to adjust the cache size. To do that, enter this command:

SFC /CACHESIZE=x</p>

In this case, the cache size is entered in megabytes but in hexadecimal format. If you wanted to set the cache size to 200 MB, enter the following command:

SFC /CACHESIZE=C8

The easiest way to convert the cache size from megabytes to a hexadecimal representation is to use the Windows Calculator found on the Programs | Accessories menu. When the calculator opens, select the Scientific option from the View menu. Make sure the DEC option is selected, and then type in the number of megabytes that you would like to use for your cache size. Now, click the Hex button, and the number will be converted to hexadecimal format.

To conclude, when you are manually adjusting the System File Checker's behavior, remember: If you happen to make a mistake, you can fix it. Simply enter the SFC /REVERT command and the System File Checker will return to its default configuration.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. He writes regularly for SearchWinComputing.com and other TechTarget sites.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.