White-Listing Files in SFC?


  1. Posts : 198
    Windows 7 Ultimate and Ubuntu 9.04
       #1

    White-Listing Files in SFC?


    OK,

    So my new hard drive finally came, I put it in and did a complete clean install of Windows 7.

    I just got done replacing Wordpad and Paint with the Windows Vista versions, simply because I hate that stupid Ribbon interface. Unlike last time, it still boots perfectly, and when I run either of those programs it runs the proper Vista versions.

    However, if I ever do sfc /scannow it obviously detects something fishy and puts back the original Windows 7 files.

    So I'm just curious: Is there some way to tell system file checker "Ignore these files, just scan all the rest"?
      My Computer


  2. Posts : 5,642
    Windows 10 Pro (x64)
       #2

    No, that would be silly if that was possible. Malware would have an easier time modifying system files if there was a white-list...
      My Computer


  3. Posts : 198
    Windows 7 Ultimate and Ubuntu 9.04
    Thread Starter
       #3

    Aww

    So can I do a system file check and not check those files manually?
      My Computer


  4. Posts : 5,642
    Windows 10 Pro (x64)
       #4

    You could install Vista, then those file would no longer be an issue. Or you could just learn to adapt to the Ribbon Interface.
      My Computer


  5. Posts : 198
    Windows 7 Ultimate and Ubuntu 9.04
    Thread Starter
       #5

    LOL, the whole point in upgrading to Windows 7 was to not have to put up with Vista...
      My Computer


  6. Posts : 9
    Windows 7 x64 Professional
       #6

    I'm having a similar issue. Although, instead of wanting to whitelist some files from sfc, I was wondering if it was possible to merely disable the service from automatically running.

    I have modded my explorer.exe file and I wouldn't mind just being able to manually run sfc when I need to troubleshoot my system-- I do not need Windows to do this for me!
      My Computer


  7. Posts : 6,618
    W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
       #7

    logicearth said:
    No, that would be silly if that was possible. Malware would have an easier time modifying system files if there was a white-list...
    There is nothing silly about an operator being able to control their own computer in the fashion that they wish. This is a question that I have had in the back of my mind for a while, but didn't decide to voice until now.

    I know that in XP there was a problem with SFC replacing updated files, even when they were from MS, because it referenced the installation CD. Since the CD is no longer necessary, I assume that this reference is recorded in the installation somewhere, but I know not where?

    Previously, it was possible to tell SFC to accept, reject or ignore any particular "problem" that it found, so that it was possible to have some control over the matter, assuming that one went to the trouble of checking them out. This no longer appears to be possible.

    Whether the file involved is changed via update or by user changes, there should be a way to prevent SFC from automatically reverting back to the original files. This is one reason that I don't use SFC now, unless I feel that there is no choice.
      My Computer


  8. Posts : 9
    Windows 7 x64 Professional
       #8

    @seekermeister

    One reason that I choose to still use sfc is because it helps me to update files sometimes. As you stated, sfc does reference some sort of library for the files that it checks against clearly because I've modded my explorer.exe version 16385 and sfc replaced the file with version 16450. Windows Update must have released a newer version/fix for explorer, however that file is definitely stored somewhere on the computer.

    I do not want sfc to replace my explorer.exe with the correct version automatically, but I do occasionally like to update the file so I would prefer to run it manually or when I troubleshoot.

    One interesting thing though is that if sfc is referencing some library for the uncorrupted version of the file, then wouldn't malware just as easily replace the reference file? The only way around this would be to use the CD as the reference. So, you're right, it definitely isn't silly because malware would be able to take advantage of the reference file regardless.
      My Computer


  9. Posts : 6,618
    W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
       #9

    Googling, it appears that it is referencing the sfc.dll and/or sfc_os.dll. Googling that, there is a lot of returns indicating that these could be replaced via malware/trojan. So it clearly indicates that SFC is far from foolproof.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:28.
Find Us