Windows File Protection

In versions of Windows prior to Windows 2000, installing software in addition to the operating system might overwrite shared system files such as dynamic-link libraries (.dll files) and executable files (.exe files). When system files are overwritten, system performance becomes unpredictable, programs behave erratically, and the operating system fails.

In Windows 2000 and Windows XP, Windows File Protection prevents the replacement of protected system files such as .sys, .dll, .ocx, .ttf, .fon, and .exe files. Windows File Protection runs in the background and protects all files installed by the Windows Setup program.

Windows File Protection detects attempts by other programs to replace or move a protected system file. Windows File Protection checks the file's digital signature to determine if the new file is the correct Microsoft version. If the file is not the correct version, Windows File Protection either replaces the file from the backup stored in the Dllcache folder or from the Windows CD. If Windows File Protection cannot locate the appropriate file, it prompts you for the location. Windows File Protection also writes an event to the event log, noting the file replacement attempt.

By default, Windows File Protection is always enabled and allows Windows digitally signed files to replace existing files. Currently, signed files are distributed through:

  • Windows Service Packs

  • Hotfix distributions

  • Operating system upgrades

  • Windows Update

  • Windows Device Manager/Class Installer

Driver Signing for Windows

Using File Signature Verification

Driver Signing for Windows