Windows protected file system

From Wikipedia, the free encyclopedia

Windows File Protection (WFP), a sub-system included in Microsoft Windows operating systems of the Windows 2000 and Windows XP era, aims to prevent programs from replacing critical Windows system files.^[1][2][3] Protecting core system files mitigates problems such as DLL hell with programs and the operating system. Windows 2000, Windows XP and Windows Server 2003 include WFP under the name of Windows File Protection; Windows Me includes it as System File Protection (SFP).

With Windows File Protection active, replacing or deleting a system file that has no file lock to prevent it getting overwritten causes Windows immediately and silently to restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files. The Windows NT family uses the cached folder %SystemRoot%\System32\Dllcache. Windows Me caches its entire set of compressed cabinet setup files and stores them in the %windir%\Options\Install folder.

WFP covers all files which the operating system installs (such as DLL, EXE, SYS, OCX etc.), protecting them from deletion or from replacement by older versions. The digital signatures of these files are checked using code signing and the signature catalog files stored in the %SystemRoot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder. Only certain operating system components such as the Package Installer (Update.exe) or Windows Installer (Msiexec.exe) can replace these files. Changes made using any other methods in order to replace these files are reverted and the files are silently restored from the cache. If Windows File Protection cannot automatically find the file in the cached folder, it searches the network path or prompts the user for the Windows installation disc to restore the appropriate version of the file.

WFP integrates with the System File Checker (sfc.exe) utility.

Windows Vista and later Windows systems do not include Windows File Protection, but they include Windows Resource Protection which protects files using ACLs. Windows Resource Protection aims to protect core registry keys and values and prevent potentially damaging system configuration changes, besides operating system files.

The non-use of ACLs in Windows File Protection was a design choice: Not only did it allow operation on non-NTFS systems, but it prevented those same «bad» installers from failing completely from a file access error.

• Overview of Windows File Protection
• Registry settings for Windows File Protection
• Whitepaper on Windows File Protection
• Overview of System File Protection (Windows Me)
• Hacking Windows File Protection
• Effective Files Protection Tool

Материал из РУВИКИ — свободной энциклопедии

Защита файлов Windows (англ. Windows File Protection, WFP) — технология, позволяющая запретить программам изменять или удалять наиболее важные системные файлы операционных систем семейства Windows. Защита критически важных системных файлов позволяет избежать ряда серьёзных проблем и сбоев в работе операционной системы и прикладного программного обеспечения, например, DLL hell.

Названия в различных версиях Windows:

• Защита файлов Windows — Windows 2000, Windows XP, Windows Server 2003.
• System File Protection — Windows ME.
• Защита ресурсов Windows — Windows Vista. Строго говоря, является другой технологией, но принцип работы схожий: на основе ACL проверяется, может ли тот или иной пользователь осуществлять операции с файлами (не только системными). Ещё одна цель — защита ключевых значений реестра.

Когда Windows File Protection активна, перезапись или удаление незаблокированного системного файла приводит к немедленному восстановлению его оригинальной версии, которая хранится в специальной системной папке. В операционных системах семейства Windows NT это %WINDIR%\system32\Dllcache, в Windows ME — %SYSTEMROOT%\Options\Install.

Все файлы, устанавливаемые операционной системой, защищены от изменения или удаления. Цифровая подпись этих файлов хранится в каталоге %SYSTEMROOT%\system32\catRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}. Изменение вышеназванных системных файлов разрешено только немногочисленным специальным компонентам, например, Установщик Windows или Установщик пакетов (англ. Package Installer). В противном случае файл возвращается в исходное состояние без каких-либо запросов или сообщений. Лишь тогда, когда Windows File Protection не удаётся найти требуемый файл самостоятельно, производится поиск в локальной сети, Интернете или выдаётся запрос пользователю с просьбой вставить установочный диск в дисковод.

• Защита ресурсов Windows
• System File Checker
• ACL
• Идентификатор безопасности

• Описание механизма защиты файлов Windows (рус.)
• Настройки реестра для защиты файлов Windows (рус.)
• Описание механизма защиты файлов системы (Windows Me) (рус.)

Картинка с сайта: cellularnews.com

Understanding Windows File Protection (WFP)

Greetings, tech enthusiasts and computer users alike! Today, we’re delving into the world of Windows File Protection (WFP) and uncovering the mysteries behind this essential feature found in Microsoft Windows operating systems.

Have you ever wondered what happens when a critical system file on your Windows computer gets corrupted or maliciously altered? That’s where Windows File Protection steps in to save the day! Let’s dive into the nitty-gritty details and discover how this incredible feature works.

How does Windows File Protection work?

In a nutshell, Windows File Protection is like a guardian angel watching over your precious system files and ensuring their well-being. If any unauthorized modifications or alterations are made to these critical files, WFP has got your back.

Here’s a glimpse into how Windows File Protection works its magic:

1. Monitoring: WFP constantly monitors the integrity of critical system files by checking their digital signatures against a catalog of known good files. This catalog acts as a reference, ensuring that the files haven’t been tampered with.
2. Restoration: If Windows File Protection detects any modifications to these critical files, it immediately swings into action. It restores the original, unmodified version of the file from a cache that is stored on the system.
3. Protection: This process ensures the stability and security of the Windows operating system. By guarding against unauthorized modifications, Windows File Protection helps maintain system reliability and prevents potential security vulnerabilities.

Why is Windows File Protection important?

Windows File Protection plays a vital role in the overall performance and security of your Windows computer. Here are a couple of key reasons why this feature is so important:

1. System Stability: By constantly monitoring and restoring critical system files, Windows File Protection ensures the stability of your operating system. It prevents incompatible, modified, or corrupted files from causing system crashes or errors.
2. Security: Unauthorized modifications to system files can potentially introduce security vulnerabilities. Windows File Protection safeguards against such alterations, reducing the risk of malware attacks and unauthorized access to your system.

With Windows File Protection silently safeguarding your system files, you can rest easy knowing that your Windows operating system is being protected from potential disasters.

Conclusion

We hope this article has shed some light on the importance and functionality of Windows File Protection. By constantly monitoring critical system files, WFP ensures system stability and safeguards against potential security risks. So, next time you boot up your Windows computer, thank Windows File Protection for silently doing its job in the background!

Thank you for reading, and stay tuned for more exciting tech insights coming your way.