How Windows File Protection Works

What is Windows file protection?

The windows file protection prompt that pops up when using the computer may be caused by an infected Trojan, or it may be caused by the installation of driver files without logos and pirated operating system versions.

The reasons why windows file protection occurs are:

; 1. After the virus is infected in the computer, it will add itself to other programs or dynamic library files (a type of DLL), thereby realizing the function of running synchronously with the infected program, thereby destroying and destroying the infected computer. propagates itself. Such as downloading and running advertising programs, stealing privacy, remote control, etc.

2. The test version is used to install the hardware driver file, and the driver file has not passed the certification of the emblem.

3. The operating system is a streamlined version or a modified version, and some system files are modified or deleted by the ghots system author, which will also cause this windows file protection prompt to appear. As shown below:

Handle windows file protection issues.

1. Check and kill Trojan viruses. For example, after installing Tencent Computer Manager, enter the main interface to check and kill Trojan viruses. Then perform a system repair.

2. Then check whether the beta driver is installed, open Driver Life, click the "Native Driver" tab, Driver Life will prompt you for the driver that needs to be repaired and upgraded, and perform the upgrade to the driver file with the emblem logo. , ensuring drive stability.

3. If the operating system you are using is a streamlined or modified version, it is recommended that you reinstall the system at this time, because the streamlined or modified version of the system seriously affects system stability.

The method to try to turn off the prompt windows file protection is as follows:

Start-Run-gpedit.MSC, open the Group Policy Editing Tool, open the tabs - Local Computer Policy - Computer Configuration - Administrative Templates - System, find the "Windows File Protection" group, in the right window Double-click the "Set up Windows File Protection Scanning" item in the grid, select "Disabled" and restart the computer.

WINDOWS FILE PROTECTION

I don’t know under what circumstances you encountered this problem, so I will explain it to you according to my understanding

Solution to "File Protection"

This may be caused by you deleting some files before. Just make some settings in the group policy

Yes: Click "Start → Run", enter "gpedit.msc", and then expand "Computer Configuration →

Administrative Templates → System → Windows File Protection", then double-click "Set up file protection scanning" and set it

Set to "Disabled".

I follow these steps to turn off file protection

1. Click Start-->Run, type regedt32 and press Enter;

2. Find [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows

NT/CurrentVersion/Winlogon];

3. Right-click in the right pane and select New-->DWORD Value and name it SFCDisable;

4. Enter the key value ffffff9d under Hexadecimal to close WFP;

5. Restart the system to make the changes take effect

But when I got to the third step, I found that there was no new option in the right pane, and I couldn't proceed!

describe:

This setting can control whether the system should enable the file protection function (SFC). It can monitor the Windows system

System files whenever the system starts. We can modify the registry to freely control the scanning parameters of the file.

operate:

Open your "Registry Editor". Then find

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]This

Subkey. Create a "double-byte value" in the right window and name it "SFCScan" and then modify it

Values ​​are 0 = disable, 1 = scan at startup, 2 = scan once.

Exit the "Registry Editor" or restart the computer, and you will see the effects of the changes.

Windows XP and 2000 include a software called WFP (Windows File Protection, Windows File Protection

protection) technology. Set the key value of the "SFCDisable" key to "ffffff9d" to disable WFP, and set

is "0" to enable it. Some other available key values ​​are as follows:

1 - Disabled, but you will be asked if you want to re-enable it at system startup

2 - It will only be disabled on the next reboot and you will not be asked whether to re-enable it

4 - Enable and do not show pop-ups

ffffff9d - Completely disabled

Restore protected Windows system files: Enter "Sfc /scannow" in the run dialog box and click OK

Use sfc /quiet to block wfc and it will be OK

Scan tool SFC

This tool automatically scans all protected system files and replaces incorrect versions with correct versions.

When the operating system is partially damaged, it can be used to restore the system.

The SFC command line and its parameters are as follows:

SFC [/scannow] [/scanonce] [/scanboot] [/cancel] [/enable]

[/purgecache] [/cachesize=x] [/quiet]

/SCANNOW: Immediately scan all protected system files.

/SCANONCE: The next time you turn on the computer, all protected system files will be scanned only once.

/SCANBOOT: Scan all protected system files every time you start.

/CANCEL: Cancels the scan of all pending settings protection system files.

/QUIET: Replace all incorrect file versions without prompting the user.

/ENABLE: Enable Windows file protection to facilitate general operations.

/PURGECACHE: Delete the file cache and scan all protected file systems immediately.

/CACHESIZE=x: Set the file cache size.

What is Data Execution Protection in WINDOWS

Microsoft Windows XP Service Pack 2 (SP2) helps prevent computers from inserting malicious code in areas of computer memory reserved for non-executable code by implementing a series of hardware and software enforcement technologies called Data Execution Prevention (DEP).

Hardware Implementation DEP is a feature of some processors that prevents code execution in areas of memory that have been marked as datastores. This feature is also known as non-execution and execution protection. Windows XP SP2 also includes a software implementation of DEP, which is designed to reduce exploitation of the exception handling mechanisms in Windows.

Unlike antivirus programs, hardware and software that implement DEP technology are not designed to prevent harmful programs from being installed on your computer. Instead, it monitors your installed programs to help determine whether they are using system memory safely. To monitor your program, the hardware implementation of DEP tracks areas of memory that have been designated as "non-executable". If memory has been designated as "non-executable" but a program attempts to execute code from the memory, Windows will shut down the program to prevent malicious code. This action is performed regardless of whether the code is malicious or not.

Note: Software-based DEP is part of Windows XP SP2 and is enabled by default, regardless of the processor's hardware implementation of the DEP feature. By default, software implementation DEP applies to core operating system components and services.

The purpose of the DEP default configuration is to protect your computer with minimal impact on application compatibility. However, some programs may not run correctly, depending on your DEP configuration. You can use the tasks described in this document to configure DEP:

on your computer

Enable DEP for all programs on your computer

Add program to DEP exception list

Disable DEP for the entire computer

Important: When installing the operating system, use the Start menu that appears by default to obtain the step-by-step instructions in this document. If you modified the Start menu, the steps will be slightly different.

before the start

This document provides guidance on configuring DEP on Windows XP SP2.

Note: Hardware-enforced DEP is enabled by default on computers running Microsoft Windows XP 64-bit edition with a DEP-compliant processor. 64-bit applications will not run through "non-executable" areas of memory. Hardware-enabled DEP cannot be disabled.

Software-enabled DEP on Windows XP SP2 and 32-bit applications running on any processor can be configured to use "executable" or "non-executable" regions of memory.

Enable DEP for all programs on your computer

Hardware and Software The default configuration of DEP protects core Windows components and services with minimal impact on application compatibility, but you can choose to configure DEP to protect all applications and programs on your computer. If you configure DEP to protect all applications and programs on your computer, you gain additional protection, but may also cause other application compatibility issues. If you configure DEP to protect all applications and programs on your computer, and some 32-bit applications have compatibility issues, you can exempt those applications from software DEP protection. You cannot disable hardware DEP or exempt 64-bit applications running on 64-bit Windows XP systems shipped with DEP-compliant processors.

Requirements for performing this task

1. Credentials: You must be logged on to the computer using an account with local administrator rights.

The above is the detailed content of How Windows File Protection Works. For more information, please follow other related articles on the PHP Chinese website!