Tip

Windows File Protection Query v1.00 freeware

Windows File Protection prevents changes from being made to certain protected system files. In the event one of these files is changed, a backup copy of the file is restored from a special repository. The exact list of files that are protected, however, can be a bit mysterious.

The freeware program WFPQuery.exe (available from

    Requires Free Membership to View

http://www.optimumx.com/download/#WFPQuery) allows you to display a list of the entire roster of files protected by Windows File Protection, or search for a specific file or list of files that matches a given wildcard.

Wildcards need to use a full path to be effective. For instance, if you pass the command

wfpquery "c:windowssystem32*.dll"

you would see a report that contained all files that matched that wildcard, and an indication of whether or not they were protected by WFP. The program does not traverse directories, however, so you cannot pass a pathname and have the program check everything that matches that wildcard under that folder.

Aside from simply providing a manifest of all protected files, the program can be used to determine if files known to be harmful—viruses or spyware—have been tagged as protected. Some such programs force themselves to be tagged as protected system files to avoid being removed automatically. To delete such a protected file, the user needs to boot into Safe Mode and delete the file from both the system directory and the Windows File Protection repository (the %SYSTEMROOT%System32DllCache directory.) The backup file in the cache should be removed first.


Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!


This was first published in September 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.