System File Checker (sfc ) is a little-known Windows command using CMD. Its job is to confirm whether the Windows system files are damaged or not.
To prevent malware from entering critical system components, Windows makes every effort to maintain the integrity of the file system. If you try to replace a “protected” file, you may receive an error message. That’s Windows File Protection, now known as Windows Resource Protection.
System File Protection: protect system files
The principle behind System file protection (sfp) is that Windows stores information about important files, which can include, date/time of the file, size, and Password hash. When files are updated “officially”, this information is also updated to reflect the new files.
Windows will regularly check all those files to make sure they are still safe, and that the data, size, and hashes all match what was before. If something goes wrong, Windows may display an error message.
Unsettled issues include:
- Malware is the main reason for System file protection to exist. Malware can get into the system itself by modifying Windows’ own files. System file protection detects errors and repairs damage.
- Other programs will often replace system components, sometimes breaking things.
- Other accidental failures.
So, what happens when a problem is found?
Repair damaged files
If you’ve ever searched for system files on Windows, it’s not uncommon to find something like this:
- The original file, used by Windows.
- Previous versions of files are saved by Windows Update, so you can uninstall these updates if needed.
- Copies of the File are cached, as a performance-enhancing measure to load files faster when needed.
- File backup.
When system file protection needs to restore a certain file, it usually tries to use the original file first.
Also, many systems will have a copy on the recovery partition, and when all else fails, the original Windows can be used to repair the system.
In any case, the repair process also checks to see if the copy it is restoring is correct. If it is incorrect, it will be ignored. Because these copies are on your hard disk, malware authors will try to replace or damage them all to prevent you from repairing the system.
SFC: Command to check System File
SFC is a command line tool that checks if all the files protected by the system are correct and tries to repair the unprotected ones. It’s a great tool when you suspect system files have been corrupted or if you just think there’s something wrong with your system.
SFC requires administrative rights. Right click on the button Start and choose Command Prompt (Admin), Windows PowerShell (Admin) or Windows Terminal (Admin).
After confirming any UAC prompts, type
sfc /scannow and press Enter.
SFC will scan your system immediately. It may take a few minutes to run.
If you have installation devices, such as DVD or USB, you can use it in case SFC needs it to replace corrupted System Files.
Although it is not considered necessary, you will need to restart the machine if SFC replaces any system files.
Microsoft has more detailed SFC documentation, with more options to check at startup, how to control the size of the system file protection cache, and more. There is also a Windows resource protection document, which covers the mechanism by which Windows use to try to keep your system files (and a few other things) safe.
In addition, you can also use the 4 best Windows debugging tools here.