Windows File Protection
Encyclopedia
Windows File Protection a sub-system included in Microsoft Windows
operating system
s of the Windows 2000
and Windows XP
era, aims to prevent programs from replacing critical Windows system file
s. Protecting core system files mitigates problems such as DLL hell
with programs and the operating system. Windows 2000, Windows XP
and Windows Server 2003
include WFP under the name of Windows File Protection; Windows Me
includes it as System File Protection.
to prevent it getting overwritten causes Windows immediately and silently to restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files. The Windows NT
family uses the cached folder %WinDir%\System32\Dllcache. Windows Me
caches its entire set of compressed cabinet setup files and stores them in the %Systemroot%\Options\Install folder.
WFP covers all files which the operating system installs (such as DLL, EXE, SYS, OCX etc.), protecting them from deletion or from replacement by older versions. The digital signature
s of these files are checked using code signing
and the signature catalog files stored in the %Systemroot%\system32\catRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder. Only certain operating system components such as the Package Installer (Update.exe) or Windows Installer
(Msiexec.exe) can replace these files. Changes made using any other methods in order to replace these files are reverted and the files are silently restored from the cache. If Windows File Protection cannot automatically find the file in the cached folder, it searches the network path or prompts the user for the Windows installation disc to restore the appropriate version of the file.
WFP integrates with the System File Checker
(
Windows Vista
does not include Windows File Protection, but it includes Windows Resource Protection
which protects files using ACLs
. Windows Resource Protection aims to protect core registry
keys and values and prevent potentially damaging system configuration changes, besides operating system files.
Note that the non-use of ACLs in Windows File Protection was a design choice: Not only did it allow operation on non-NTFS systems, but it prevented those same "bad" installers from failing completely from a file access error.
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s of the Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
era, aims to prevent programs from replacing critical Windows system file
System file
A system file is a computer file important to the operating system. More specifically, it may refer to:* .sys — a Microsoft Windows file extension for system-related files* The System suitcase on Mac OS* Any file marked with a "system" attribute...
s. Protecting core system files mitigates problems such as DLL hell
DLL hell
In computing, DLL Hell is a term for the complications that arise when working with dynamic link libraries used with Microsoft Windows operating systems, particularly legacy 16-bit editions which all run in a single memory space....
with programs and the operating system. Windows 2000, Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
and Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
include WFP under the name of Windows File Protection; Windows Me
Windows Me
Windows Millennium Edition, or Windows Me , is a graphical operating system released on September 14, 2000 by Microsoft, and was the last operating system released in the Windows 9x series. Support for Windows Me ended on July 11, 2006....
includes it as System File Protection.
Operation
With Windows File Protection active, replacing or deleting a system file that has no file lockFile locking
File locking is a mechanism that restricts access to a computer file by allowing only one user or process access at any specific time. Systems implement locking to prevent the classic interceding update scenario ....
to prevent it getting overwritten causes Windows immediately and silently to restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files. The Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
family uses the cached folder %WinDir%\System32\Dllcache. Windows Me
Windows Me
Windows Millennium Edition, or Windows Me , is a graphical operating system released on September 14, 2000 by Microsoft, and was the last operating system released in the Windows 9x series. Support for Windows Me ended on July 11, 2006....
caches its entire set of compressed cabinet setup files and stores them in the %Systemroot%\Options\Install folder.
WFP covers all files which the operating system installs (such as DLL, EXE, SYS, OCX etc.), protecting them from deletion or from replacement by older versions. The digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
s of these files are checked using code signing
Code signing
Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash....
and the signature catalog files stored in the %Systemroot%\system32\catRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder. Only certain operating system components such as the Package Installer (Update.exe) or Windows Installer
Windows Installer
The Windows Installer is a software component used for the installation, maintenance, and removal of software on modern Microsoft Windows systems...
(Msiexec.exe) can replace these files. Changes made using any other methods in order to replace these files are reverted and the files are silently restored from the cache. If Windows File Protection cannot automatically find the file in the cached folder, it searches the network path or prompts the user for the Windows installation disc to restore the appropriate version of the file.
WFP integrates with the System File Checker
System File Checker
System File Checker is a utility in Microsoft Windows that allows users to scan for and restore corruptions in Windows system files. This utility is available on Windows 98, Windows 2000, Windows XP, and Windows Server 2003...
(
sfc.exe
) utility.Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
does not include Windows File Protection, but it includes Windows Resource Protection
Windows Resource Protection
Windows Resource Protection is a feature in Windows Vista that replaces Windows File Protection. It protects registry keys and folders in addition to critical system files. The way it protects resources differs entirely from the method used by Windows File Protection.- Overview :Windows File...
which protects files using ACLs
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
. Windows Resource Protection aims to protect core registry
Windows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
keys and values and prevent potentially damaging system configuration changes, besides operating system files.
Note that the non-use of ACLs in Windows File Protection was a design choice: Not only did it allow operation on non-NTFS systems, but it prevented those same "bad" installers from failing completely from a file access error.
See also
- Windows Resource ProtectionWindows Resource ProtectionWindows Resource Protection is a feature in Windows Vista that replaces Windows File Protection. It protects registry keys and folders in addition to critical system files. The way it protects resources differs entirely from the method used by Windows File Protection.- Overview :Windows File...
- System File CheckerSystem File CheckerSystem File Checker is a utility in Microsoft Windows that allows users to scan for and restore corruptions in Windows system files. This utility is available on Windows 98, Windows 2000, Windows XP, and Windows Server 2003...
- Access Control ListAccess control listAn access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
- Security IdentifierSecurity IdentifierIn the context of the Microsoft Windows NT line of operating systems, a Security Identifier is a unique name which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000...