Description of the Sfplog.txt File (260195)


The information in this article applies to:

  • Microsoft Windows Millennium Edition
This article was previously published under Q260195

SUMMARY

System File Protection (SFP) is a feature of Windows Millennium Edition (Me) that is designed to protect critical system files. For more information about SFP, see the following article in the Microsoft Knowledge Base:

253571 Description of the System File Protection Feature

SFP logs information in the Windows\System\SFP\Sfplog.txt file. This log file records all events that are relevant to SFP, including the date and time that an event occurred.

MORE INFORMATION

Each entry in the Sfplog.txt file is preceded by either "Normal" or "Critical," depending on the type of entry, and then the date and time.
Some examples of actions logged by SFP include:
  • SFP FirstRun

    This is logged when Stmgr.exe starts the SFP process on the computer. This entry records the operating system version information.
  • File drive:\path\filename has been deleted

    This is logged when a protected file is deleted.
  • Invalid file drive:\path\filename, version number copied. Correct version is number

    This is logged when a protected file is replaced with the wrong version.
  • Invalid file drive:\path\filename, version number copied. New file has correct version, but invalid hash

    This is logged when SFP detects that a protected file has been replaced, and the hash value calculated for the file does not match hash value recorded for the file in the catalog.
  • SFP restored file drive:\path\filename to version number

    This is logged when SFP restores the correct version of a protected file.
  • SFP cannot restore file drive:\path\filename back. Original file has invalid hash

    This is logged when SFP is not able to restore the proper file version. This can be caused by a missing catalog or by a file operation that was not intercepted by the SFP monitoring process. In the second case, the original file is not available to be restored. One example of such a situation is when a protected file is replaced in Safe mode. If the file is changed again in "normal" mode, this entry is added to the log, and the file is not protected.
  • SFP could not install catalog drive:\path\filename - certificate is not trusted

    This is logged when an installation process attempts to add a catalog that does not have a valid signature.
Modification Type:MinorLast Reviewed:9/28/2004
Keywords:kbinfo KB260195
©2004 Microsoft Corporation. All rights reserved.