Schedule SFC scan NOW!
Schedule SFC scan NOW!
With the recent (May 2014) occurrence of a significant Windows Internet Explorer bug, we are reminded of the potential for Windows OS intrusion and damage. No matter how proactive we become, cyber criminals will continue to pursue efforts to intrude, destroy, or disrupt system performance. Vigilance is important. Both scheduled and random reviews of the operating system must be elements of our vigilance.
In Windows 7 and Windows 8, Microsoft schedules Disk Defragmenter to launch at 1 AM every Wednesday morning. A sound practice that proactively addresses file access efficiency and therefore system performance.
My recommendation: create a weekly Task Scheduler task that runs the System File Checker (SFC) with the /scannow switch.
LexisNexis offers a detailed step by step process for creating scheduled command line Task Scheduler entries.
My goal in this blog is to emphasize the value and importance of scheduling the SFC /scannow operation, and preparing yourself for its use in response to suspected (or actual) damage to your Windows 7 or Windows 8 operating systems.
Microsoft introduced the Windows Image File (.wim) as a deployment, boot and OS management, and security component with Windows Vista. The Windows Automated Installation Kit (WAIK – Win 7) and Windows Assessment and Deployment Kit (ADK – Win 8) continue to evolve support and options available using the Image file.
Associated enhancements to SFC create one of the most powerful, proactive and reactive security tools embedded within both the Pre-Execution/Recovery and Operating System environments.
Running SFC with the scannow switch compares the files installed on the operating system with the files deployed with or added to the .wim file, incorporating the digital signature element of the .wim file that assures file integrity. And the /scannow switch automatically goes one step further, replacing any damaged/corrupted files on the system with clean files from the .wim set.
Did you get that? Without having to perform a full system analysis or restore, you can at least effect the recovery of critical system files in about 15 minutes so that you can boot to the OS for additional diagnostic or recovery efforts. I would recommend isolating any potentially corrupted system during recovery and diagnostic efforts. SFC is available and embedded in most of recovery environments for just this purpose.
We emphasize the use of the System File Checker in our Windows 7 and Windows 8 classes and I am continually amazed at how few students are aware of this tool. Several have offered subsequent feedback that SFC enabled them to recover systems or retrieve user data from a failing system when the only option prior to an understanding of SFC would have required re-imaging the system – and the associated full loss of data.
Give it a try on your system now. It won’t hurt, and might even repair a marginal issue of which you are unaware.
Launch a command prompt, running as administrator. (Don’t forget to launch the command line tool as an administrator, since SFC requires administrative rights to affect the repair.) Then type SFC /scannow at the command prompt. Depending on .wim file size and disk I/O rates, the scan and repair could take between 5 and 20 minutes.
Or take a look at the full range of SFC switches by typing SFC /?
You can also use the System File checker from the Windows 7 or Windows 8 recovery environments (using the command line interface). SFC is present, although not well documented as an available system tool. You may also use SFC from the Recovery/Repair environment found on the installation DVD, or from within a Pre-Execution boot disk created using the CopyPE tool found within the WAIK/ADK toolset. You might also want to check out other Windows PE environment command line Windows PE Tools and Settings.
If you use SFC from one of the aforementioned pre-boot environments, you will want to use the /Offbootdir and /Offwindir switches in order to repair the operating system files that would be ‘offline’ relative to boot image loaded in RAM. An example of the syntax follows:
SFC /SCANNOW /OFFBOOTDIR=C: /OFFWINDIR=C:WINDOWS
Juke Chou, Microsoft (MCC, MSFT CSG) also references the use of SFC to repair offline Windows installations, including the use of ImageX to extract and mount the install.wim file from the install DVD if you believe that the install.wim file on your system disk may also be corrupted. In his post, he references an article that points to a Windows Vista BSoD stop code suggesting installed system corruption. A component of the resolution identifies the use of the .wim image file on the install DVD and the use of imageX to extract/replace the .wim file before repair using the System File Checker (and an automated xml file).
Other than this article, I had to search extensively to find references to use of the System File Checker.
SFC is listed as a minor component of the Microsoft Diagnostic and Recovery Toolset (DaRT). Information about DaRT suggests other possibilities for incorporating SFC along with other tools into a recovery and repair process. DaRT is free, so you might want to acquire a copy of additional tools not found by default in the Windows Recovery Environment.
Help to share the potential of the System File Checker, a powerful system diagnostic and recovery tool. Please?
You May Also Like
ADK, automated repair, cybercrime, DaRT, Diagnostic and Recovery Tools, digital signature, file damage, integrity, intrusion, PE, Pre-execution, proactive security, Recovery, repair tool, scannow, SFC, System File Checker, system recovery, Task Scheduler, WAIK, WIM, Windows 7, Windows 8, Windows Assessment and Deployment Toolkit, Windows Automated Installation Kit, windows image file, Windows Vista
See our class schedule for complete Course Schedule Training. Classes are held in Phoenix, AZ and can be attended online from anywhere in the world with RemoteLive™. Instructor: Rick Trader Video Transcription: One of the things that we might have to do in our corporate network is to take a class of IP addresses and then subnet that into … Continue reading Subnetting a TCP/IP Network using the Magic Box Method
One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015