 | This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) (Learn how and when to remove this message)
|
Windows File Protection (WFP), a sub-system included inMicrosoft Windowsoperating systems of theWindows 2000 andWindows XP era, aims to prevent programs from replacing critical Windowssystem files.[1][2][3] Protecting core system files mitigates problems such asDLL hell with programs and the operating system. Windows 2000,Windows XP andWindows Server 2003 include WFP under the name ofWindows File Protection;Windows Me includes it asSystem File Protection (SFP).
With Windows File Protection active, replacing or deleting a system file that has nofile lock to prevent it getting overwritten causes Windows immediately and silently to restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files. TheWindows NT family uses the cached folder%SystemRoot%\System32\Dllcache.Windows Me caches its entire set of compressed cabinet setup files and stores them in the%windir%\Options\Install folder.
WFP covers all files which the operating system installs (such asDLL,EXE,SYS,OCX etc.), protecting them from deletion or from replacement by older versions. Thedigital signatures of these files are checked usingcode signing and the signature catalog files stored in the%SystemRoot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder. Only certain operating system components such as thePackage Installer (Update.exe) orWindows Installer (Msiexec.exe) can replace these files. Changes made using any other methods in order to replace these files are reverted and the files are silently restored from the cache. If Windows File Protection cannot automatically find the file in the cached folder, it searches the network path or prompts the user for the Windows installation disc to restore the appropriate version of the file.
WFP integrates with theSystem File Checker (sfc.exe) utility.
Windows Vista and later Windows systems do not include Windows File Protection, but they includeWindows Resource Protection which protects files usingACLs. Windows Resource Protection aims to protect coreregistry keys and values and prevent potentially damaging system configuration changes, besides operating system files.
The non-use of ACLs in Windows File Protection was a design choice: Not only did it allow operation on non-NTFS systems, but it prevented those same "bad" installers from failing completely from a file access error.
