White-Listing Files in SFC?

[drfsupercenter]

OK,

So my new hard drive finally came, I put it in and did a complete clean install of Windows 7.

I just got done replacing Wordpad and Paint with the Windows Vista versions, simply because I hate that stupid Ribbon interface. Unlike last time, it still boots perfectly, and when I run either of those programs it runs the proper Vista versions.

However, if I ever do sfc /scannow it obviously detects something fishy and puts back the original Windows 7 files.

So I'm just curious: Is there some way to tell system file checker "Ignore these files, just scan all the rest"?

 

[logicearth]

No, that would be silly if that was possible. Malware would have an easier time modifying system files if there was a white-list...

 

[drfsupercenter]

Aww

So can I do a system file check and not check those files manually?

 

[logicearth]

You could install Vista, then those file would no longer be an issue. Or you could just learn to adapt to the Ribbon Interface.

 

[drfsupercenter]

LOL, the whole point in upgrading to Windows 7 was to not have to put up with Vista...

 

[redemblem101]

I'm having a similar issue. Although, instead of wanting to whitelist some files from sfc, I was wondering if it was possible to merely disable the service from automatically running.

I have modded my explorer.exe file and I wouldn't mind just being able to manually run sfc when I need to troubleshoot my system-- I do not need Windows to do this for me!

 

[seekermeister]

No, that would be silly if that was possible. Malware would have an easier time modifying system files if there was a white-list...

There is nothing silly about an operator being able to control their own computer in the fashion that they wish. This is a question that I have had in the back of my mind for a while, but didn't decide to voice until now.

I know that in XP there was a problem with SFC replacing updated files, even when they were from MS, because it referenced the installation CD. Since the CD is no longer necessary, I assume that this reference is recorded in the installation somewhere, but I know not where?

Previously, it was possible to tell SFC to accept, reject or ignore any particular "problem" that it found, so that it was possible to have some control over the matter, assuming that one went to the trouble of checking them out. This no longer appears to be possible.

Whether the file involved is changed via update or by user changes, there should be a way to prevent SFC from automatically reverting back to the original files. This is one reason that I don't use SFC now, unless I feel that there is no choice.

 

[redemblem101]

@seekermeister

One reason that I choose to still use sfc is because it helps me to update files sometimes. As you stated, sfc does reference some sort of library for the files that it checks against clearly because I've modded my explorer.exe version 16385 and sfc replaced the file with version 16450. Windows Update must have released a newer version/fix for explorer, however that file is definitely stored somewhere on the computer.

I do not want sfc to replace my explorer.exe with the correct version automatically, but I do occasionally like to update the file so I would prefer to run it manually or when I troubleshoot.

One interesting thing though is that if sfc is referencing some library for the uncorrupted version of the file, then wouldn't malware just as easily replace the reference file? The only way around this would be to use the CD as the reference. So, you're right, it definitely isn't silly because malware would be able to take advantage of the reference file regardless.

 

[seekermeister]

Googling, it appears that it is referencing the sfc.dll and/or sfc_os.dll. Googling that, there is a lot of returns indicating that these could be replaced via malware/trojan. So it clearly indicates that SFC is far from foolproof.