The SFC improves system stability.
In order to prevent malware from compromising critical system components, Windows works hard to maintain the integrity of its files. If you try to replace a “protected” file, you may get a message that the operating system has put the old, approved version back. That’s Windows File Protection, which is now called Windows Resource Protection.
Unfortunately, automated protection doesn’t cover every conceivable situation in which your system files could be damaged. Sometimes it’s as simple as a hard disk error.
As a result, automated checking is nice, but sometimes you need to take matters into your own hands.
Enter the SFC, the System File Checker.
Become a Patron of Ask Leo! and go ad-free!
SFC: System File Checker
SFC scans your system files and confirms they have not been compromised or replaced with unofficial versions. If an unexpected version is found, SFC attempts to restore it from copies or original installation media. Run SFC by entering “SFC /scannow” in an admin Command Prompt or PowerShell.
System file protection
The premise behind system file protection is that Windows keeps information for critical files — possibly including, but not limited to, the date/time stamp of the file, its size, and its cryptographic hash. When files are “officially” updated, this information is also updated to reflect the new official files.
Every so often, Windows checks all those files to make sure they still match, meaning the time stamp, size, and hash value all match what is expected. If they don’t, something is wrong, and Windows will likely report the error.
Unfortunately, “wrong” can be the result of many different things:
- Malware is the primary reason system file protection exists. Malicious software can inject itself into the system by modifying Window’s own files. System file protection detects when this happens and repairs the damage.
- Set-up programs often replace system components with their own, sometimes breaking things. System file protection notices when this happens.
- Random other failures.
So, what happens when a problem is found?
Repairing altered files
If you’ve ever searched for a system file on Windows, it’s not uncommon to find several copies:
- The original file, used by Windows.
- Previous versions of the file saved by Windows Update, so you can uninstall specific updates if needed.
- Cached copies of the file, kept as a performance enhancement that loads the file more quickly when needed.
- Back-up copies of the file.
When system file protection needs to restore a file, it usually tries the original first.
In addition, many systems include a copy of Windows on a restore or recovery partition, and, when all else fails, the original Windows installation media might be used.
In all cases, the repair process also checks that the copy it’s restoring is correct. If it fails to have the expected information, it will be skipped. Because many of those sources are on your hard disk, malware authors attempt to replace or damage them all to prevent the repair process from working.
SFC: the System File Checker
SFC is a command-line tool that checks that all of the files covered by system file protection are as they should be, and tries to repair those that are not. It’s a good utility to run when you suspect system files have been somehow corrupted, or if you just think there’s something wrong with your system.
SFC requires administrative privileges. Right-click on the Start button and click on Command Prompt (Admin), Windows PowerShell (Admin), or Windows Terminal (Admin).
After confirming any UAC prompts, type “sfc /scannow” (that’s “sfc”, a space, “/scannow” without any quotation marks) at the prompt and press Enter.
SFC scans your system immediately. It can take several minutes to run.
If you have installation media, such as a DVD, you might have it available in case SFC needs it to replace a damaged file.
While it’s not documented as being required, I’d reboot your machine if SFC replaces any system files. I like to be sure the file replacement actually takes effect.
Microsoft has more detailed SFC documentation, including more options to check at boot time, how to control the size of the system file protection cache, and so on. There is also Windows Resource Protection documentation, which covers the mechanism Windows uses to try to keep your system files (and a few other things) safe automatically.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!