Thread: SFC /scannow Defender coruption?
View Single Post
  #5  
Old August 1st 19, 04:58 PM posted to alt.comp.os.windows-10
Terry Pinnell[_3_]
external usenet poster
  
Posts: 732
Default SFC /scannow Defender coruption?
Paul wrote:

Terry Pinnell wrote:
A run today of sfc /scannow reported errors, with this message:.

"Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log."

CBS.log was largely unreadable but after research I found that this command

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log "%userprofile%\Desktop\sfcdetails.txt"

delivered a readable file.

There were thousands of apparently successful lines (I've left a few in at the top)
but here are its last 46 entries. They all seem to implicate Defender

Can anyone help me to interpret this and proceed to fix please?

skip

Terry, East Grinstead, UK

Well, what does common sense tell you ?

We've been here before.

Namely, SFC tripping over "non-executable" files.

You're having trouble with a .cdxml file. SFC isn't
supposed to be looking at those. It is supposed to look
at EXE or DLL or something along those lines. It's basically
making sure that the hardlinked materials from WinSXS to
System32 are robust and healthy. And that executables,
their signing or checksums are reasonable.

DISM restorehealth fixes up WinSXS as far as I know.
That's the servicing directory.

Windows File Protection keeps a primary copy of System32
content, and if that content is modified by malware, it
puts a backup copy of important stuff in its place. This
is supposed to prevent certain kinds of (easy) exploits.

SFC scans System32 to try to find stuff that is broken.

On some previous occasion, SFC was tripping over some
.htm or .html files, so it's not like this hasn't happened
before. And Microsoft insists on adding directories to
System32, that probably belong somewhere else, but the
"permissions" on System32 seemed like a good idea at
the time.

I cannot remember what the resolution of this problem is.
Removing what are possibly control files from a system
directory, is not a good idea, so I don't see that as
a viable option in this case.

As long as the named files are not *executable* files,
you can likely ignore stuff related to "Could not reproject"
.xml, .htm, and so on. Things containing binary executable code,
are more important, as their modification implies trouble
is brewing.

Paul

I found and successfully implemented the following fix:

1. From Admin command prompt:
DISM /Online /Cleanup-Image /RestoreHealth

2. Restart PC

3. From Admin command prompt:
sfc /scannow (Errors will be found and fixed.)

Terry, East Grinstead, UK
Ads