Windows System File Checker helps stop system failures

When system files are modified, Windows File Protection Service checks to make sure that the modified file is the correct version to protect against system failure. If the version is incorrect, or if Windows can't verify the file's authenticity, Windows displays the following error message:

A file replacement was attempted on the protected system file filename. To maintain system stability, the file has been restored to the correct Microsoft version. If problems occur with your application, please contact the application vendor for support.

Once this error has been triggered, two things happen.

1. Windows writes an entry to the system log as a means of documenting what just happened.

2. Windows restores the file to the correct version. Initially, Windows checks the DLL cache to see if it contains a valid copy of the file. Often, though, the DLL cache is too small to contain all of the system files, so Windows may prompt you to insert the Windows XP installation CD or the latest service pack CD instead.

More on preventing system failure How to detect data corruption in files and folders. How to ease troubleshooting: View running services in command line.

As you can imagine, the Windows File Protection Service goes a long way toward protecting a system's integrity. Unfortunately, it only checks system files for authenticity at certain times, and not every time they are accessed. But there is a way you can invoke a system file check manually to verify a file's authenticity.

Note that not every Windows system file is protected. Some files, such as INI files, are regularly updated through the course of normal operations. Windows protects files that use the following extensions: .EXE, .DLL, .SYS, .OCX, .TTF and .FON. Also keep in mind that only files that are a part of Windows are protected. Applications often create files that use these extensions, but such files are not protected.

Scanning protected operating system files involves using Microsoft's command-line tool called the System File Checker. Unlike many other Windows command-line tools, the syntax for using System File Checker is extremely simple. To perform an immediate scan, enter the following command:

SFC /SCANNOW

You can also tell System File Checker to scan your system files at the next reboot by entering this command:

SFC /SCANONCE

Or you can have System File Checker scan the system files at every boot, although doing so significantly slows down the boot process. To do that, enter this command:

SFC /SCANBOOT

The System File Checker initially checks the DLL cache for valid versions of the system files. However, the DLL cache is a favorite target for malicious software. If your system is infected, you can force the System File Checker to completely delete the contents of the DLL cache and then repopulate the cache with known good files from the Windows installation CD. The command to do that is:

SFC /PURGECACHE

Sometimes the DLL cache may be too small to contain all of the system files that you would like to cache. You can, however, use System File Checker to adjust the cache size. To do that, enter this command:

SFC /CACHESIZE=x</p>

In this case, the cache size is entered in megabytes but in hexadecimal format. If you wanted to set the cache size to 200 MB, enter the following command:

SFC /CACHESIZE=C8

The easiest way to convert the cache size from megabytes to a hexadecimal representation is to use the Windows Calculator found on the Programs | Accessories menu. When the calculator opens, select the Scientific option from the View menu. Make sure the DEC option is selected, and then type in the number of megabytes that you would like to use for your cache size. Now, click the Hex button, and the number will be converted to hexadecimal format.

To conclude, when you are manually adjusting the System File Checker's behavior, remember: If you happen to make a mistake, you can fix it. Simply enter the SFC /REVERT command and the System File Checker will return to its default configuration.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. He writes regularly for SearchWinComputing.com and other TechTarget sites.

Rate this Tip To rate tips, you must be a member of SearchWinComputing.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Windows File Management Windows registry hack improves offline file access for mobile users How to format NTFS: More tricks to improve file system performance Windows scripting secrets for disk quota management Optimizing NTFS file system performance TeraCopy beefs up Windows file copy operations How to receive automatic notification of file changes Identify file extension types with TrID How to reverse NTFS object ownership from administrators to object's creator -- and why Use PageDefrag to defragment immovable system files Five Windows desktop tasks you should automate Windows File Management Research Windows Systems and Network Management Tools and Techniques Windows registry hack improves offline file access for mobile users Reducing the size of network backups in Windows Monitor network bandwidth with CyberGauge How to format NTFS: More tricks to improve file system performance Key enhancements to SCCM give admins more control over assets, licensing Archiving information with New-Item in Windows PowerShell More tips for preventing system startup issues in Windows XP The new Microsoft System Center: What happened to SMS and MOM? Application lifecycle management made simple with app virtualization New Russinovich tool scans for open file references from command line Windows Systems Management and Administration Tips for Windows domain controller optimization Quick hits: Troubleshooting service account failure, batch job execution Case Study: Troubleshooting Windows service dependency failures Troubleshooting common Windows service failures How to format NTFS: More tricks to improve file system performance Key enhancements to SCCM give admins more control over assets, licensing Windows scripting secrets for disk quota management Optimizing NTFS file system performance The new Microsoft System Center: What happened to SMS and MOM? TeraCopy beefs up Windows file copy operations RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.