Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

SFC: The System File Checker – How to Run It and Why

Improving system stability.

SFC - The System File Checker
SFC – The System File Checker. (Screenshot: askleo.com)
The System File Checker is a little-known, simple-to-run command-line program. It validates that Window's operating files are undamaged.
Applies to Windows: 11, 10, 8, 7, Vista, XP

In order to prevent malware from compromising critical system components, Windows works hard to maintain the integrity of its files. If you try to replace one of the “protected” files, you may get a message that the operating system has put the old approved version back. That’s “Windows File Protection”, now called “Windows Resource Protection”.

Unfortunately, there are occasionally ways around automated protection. Sometimes it’s as simple as a hard disk error causing a system file to be damaged.

As a result, automated checking is nice, but sometimes you need to take matters into your own hands.

Enter the SFC, the System File Checker.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

SFC: System File Checker

SFC scans your system files and confirms they have not been compromised or replaced with unofficial versions. If an unexpected version is found SFC attempts to restore it from overhead copies or original installation media. Run SFC by entering “SFC /scannow” in an admin Command Prompt or PowerShell.

System file protection

The premise behind system file protection is that Windows keeps additional information possibly including, but not limited to, the date/time stamp of the file, its size, and its cryptographic hash. When files are “officially” updated this information is also updated to reflect the new official files.

Every so often, Windows checks all those files to make sure they still match, meaning the time stamp, size, and hash value all match what is expected. If they don’t something is wrong, and Windows will likely report the error.

Unfortunately, “wrong” can be the result of many different things:

  • Malware is the primary reason system file protection exists. Malicious software can inject itself into the system by modifying Window’s own files. System file protection detects when this happens and repairs the damage.
  • Set-up programs often replace system components with their own, sometimes breaking things. System file protection notices when this happens.
  • Random other failures.

So, what happens when a problem is found?

Repairing altered files

If you’ve ever searched for a system file on Windows, it’s not uncommon to find several copies:

  • The original file, used by Windows.
  • Previous versions of the file saved by Windows Update, so you can uninstall specific updates if needed.
  • Cached copies of the file, kept as a performance enhancement that loads the file more quickly when needed.
  • Back-up copies of the file.

It’s typically the first that’s used when system file protection needs to restore a file.

In addition, many systems include a copy of Windows on a restore or recovery partition, and when all else fails, the original Windows installation media might be used.

In all cases, the repair process also checks that the copy it’s restoring is correct. If it fails to have the expected information, it will be skipped. Because many of those sources are on your hard disk, malware authors attempt to replace or damage them all to prevent the repair process from working.

SFC: the System File Checker

SFC is a command-line tool that checks that all of the files covered by system file protection are as they should be, and that tries to repair those that are not. It’s a good utility to run when you suspect system files have been somehow corrupted, or even if you just think there’s “something wrong” with your system.

SFC requires administrative privileges. Right click on the start button, and click on Command Prompt (Admin), Windows PowerShell (Admin), or Windows Terminal (Admin).

Command Prompt (Admin)
Command Prompt (Admin) In Windows 10 (Screenshot: askleo.com)
Windows Terminal (Admin)
Windows Terminal (Admin) in Windows 11 (Screenshot: askleo.com)

After confirming any UAC prompts, type “sfc /scannow” (that’s “sfc”, a space, “/scannow”) at the prompt and press Enter.

A successful run of the System File Checker.
A successful run of the System File Checker. Click for larger image. (Screenshot: askleo.com)

SFC scans your system immediately. It can take several minutes to run.

If you have installation media, such as a DVD, you might have it available, just in case SFC needs it to replace a damaged file.

While it’s not documented as being required, I’d reboot your machine if SFC replaces any system files. I like to be sure the file replacement actually takes effect.

Microsoft has more detailed SFC documentation, including more options to check at boot time, control the size of the system file protection cache, and so on. There is also Windows Resource Protection documentation, which covers the mechanism Windows uses to keep your system files (and a few other things) safe automatically.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

155 comments on “SFC: The System File Checker – How to Run It and Why”

  1. firstly thanks for being there Leo..many appreciate you and we in the Green Isle would call those who complain as above (some) begrudgers ….this what i got when i ran the check as advised by you
    “windows resource protection found corrupt files but was unable to fix some of them. details are included in the CBS.log windir\logs\CBS\CBS.log for example C:windows\logs\CBS\CBS.log. note that logging is currently not supported in offline servicing scenarios ”

    that was all it wrote …no solution offered thanx mr. gates.. am running 8.1 on a 2GIG MEMORY notebook only weeks old and is as slow as a tranqed tortoise lately.. i used up to date Superantispyware free and Loaris trojan remover latest version latest updates and Bitdefender antivirus plus 2015 up to date and full scan before the test and all clear

    WINDOWS SEARCH CANNOT FIND THE FILE BUT SURE WINDOWS ALWAYS GAD PROBLEMS EVEN FINDING ITS OWN DERRIERE…..

    ANY ADVICE LEO ?

    Reply
  2. I have Windows XP pro but when I tried to run the file checker it asked for my Windows CD but would not accept it, even though it had SP3 on it. After much trial and error here is what worked for me.

    Copy the I386 folder from the Windows CD onto C:\. Next click on the Start menu than Run. In the Run box type regedit. This opens the registry.

    Scroll down to a) hkey-local-machine b) Software c) Microsoft d) Windows e) Current Version f) Setup

    You will see two lines that need to be changed. They are Servicepacksource and sourcepath. Double click on each one and change the value to C:\ and press OK after each item.

    Get out of the registry and reboot.

    In the run box type sfc /scannow.

    My computer than ran the file checker. It took about a half hour.

    Once completed, I rebooted and got into Microsoft update.

    Because my Windows CD is a few years old and does not reflect all the updates since, I thought that there would be updates but there were none.

    For those people who do not have a Windows CD, I googled “free downloads i386 for windows xp sp3”. There appeared to be a few websites that offered the download but a couple of times my virus checker wouldn’t allow it, so be careful. I didn’t actually download any files since I already have a Windows CD but if your desperate this maybe the way to go.

    Reply
  3. Leo,
    Thanks for this information. I think I have discovered a method to help with SFC recover file methods:
    First of all: SFC can run in it’s own window, so when it cannot find the file it needs: open up another explorer window and do a full system search for the exact file it is looking for. Many times SFC does not search “everywhere” for the file it needs. If you can find the file it needs,: switch focus back to the SFC window and tell it where the required file is located…SFC will continue in it’s search for the next file it can’t find and halt again..repeat the process until all it wants is satisfied. Sometimes one may even have to insert a CD or DVD that has the required file….no concern, SFC window will wait for you to find it! Kinda painfull, but it works to verify that all your system files are correct as far as SFC/WFP is concerned.
    Thanks again,
    jubal

    Reply
  4. Similar to a lot of the other apps MS provides, there are many glitches in running SFC, chief of which is that the updated versions of the system files do not relate to what one has on their installation CD. As a consequence of this, I have found that running SFC is virtually worthless.

    Reply
    • I think you left out a step. If you type Windows Key + x, it brings up the same menu as right clicking the Start Button. From that menu, select “Command Prompt (Admin)”

      Reply
  5. Thanks Glen for the tip! I’d like to know if there is a resource that would provide other tips of it’s kind, any suggestions?

    Reply
  6. Dear Leo

    You state that we should have installation discs handy. I got windows 10 courtesy of a free download provided by by MS to update from Windows 8, can I still make fixes / repairs?

    Dane Hardinge

    Reply
    • That should work. That’s one advantage of upgrading to Windows 10 that isn’t discussed enough. For people who didn’t get installation media with their preinstalled versions of Windows 7&8, we now have installation media.

      Reply
  7. I was wondering i am not an advanced user. would I be able to Run SFC, the System File Checker.
    I don’t have command propmt I have power shell in my start up, Is that the same

    Reply
    • Open Powershell. Right-click on thee Powershell icon in th Taskbar. Select “Run as administrator” from the pull-up menu. Click on Yes in the UAC prompt. Type sfc /scannow.

      Reply
  8. I have used a paid software called Reimage which seems to automate the process of SFC and replaces any corrupt files with its own data base of good system files. In the course of doing it, it also does a few other cleanups like malware etc. It seems to work (at least not getting my system to an unbootable state) although I cannot tell exactly what files, if any, it has changed. The initial scan almost always says I have Windows damage. Can you do a review of this software or comment on it?

    Reply
  9. I ran sfc /scannow and this is what it said:

    “Windows Resources Protection found currupt files but was unable to fix some of them. For online repairs, details are included in the CBS log file located at windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offiline repairs, details are included in the log file provided by the /OFFLOGFILE flag.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.