HOW TO: Verify That Windows File Protection Is Running in Windows Server 2003 (814597)
The information in this article applies to:
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Small Business Server 2003, Premium Edition
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Small Business Server 2003, Standard Edition
For a Microsoft Windows 2000 version of this article, see
the following Microsoft Knowledge Base article: 318767 HOW TO: Verify That Windows File Protection Is Running in Windows 2000
IN THIS TASKSUMMARYThis step-by-step article describes how to verify that the
Windows File Protection feature is running and protecting your system files. In
Windows Server 2003 , Windows File Protection prevents the replacement of
protected system files such as .sys, .dll, .ocx, .ttf, .fon, and .exe files.
Windows File Protection runs in the background and protects all files that are
installed by the Windows Setup program. Windows File Protection detects
attempts by other programs to replace or move a protected system file. Windows
File Protection checks the file's digital signature to determine if the new
file is the correct Microsoft version. If the file is not the correct version,
Windows File Protection either replaces the file from the backup that is stored
in the Dllcache folder or from the Windows CD. If Windows File Protection
cannot locate the appropriate file, it prompts you for the location. Windows
File Protection also writes an event to the Event log that notes the
file-replacement attempt. By default, Windows File Protection is always enabled
and allows Windows digitally-signed files to replace existing files. Currently,
signed files are distributed through:
- Windows Service Packs
- Hotfix distributions
- Operating system upgrades
- Windows Update
- Windows Device Manager/Class Installer
back to the topHow to Verify that Windows File Protection Is Running- Start Windows Explorer, and then open the Windows\System32
folder.
- Right-click the Calc.exe file, and then
click Rename.
- Type Calc.old to rename the file for
the Calculator program.
- Wait several moments, and then note that Windows replaces
the missing Calc.exe file. You may have to refresh the file list to confirm
that the file is replaced. If Windows replaces the missing Calc.exe file, the
Windows File Protection feature is protecting your files.
Note When Windows File Protection restores a file, a log entry is
logged in System Event Viewer that is similar to the following:
File replacement was attempted on the protected system
file C:\Windows\System32\Calc.exe. This file was restored to the original
version to maintain system stability. The file version of the system file is
5.2.3752.0 back to the
top
| Modification Type: | Major | Last Reviewed: | 12/19/2003 |
|---|
| Keywords: | kbWebServices kbAppServices kbHOWTOmaster KB814597 |
|---|
|