Vista and Windows Files Protection

[marc ochsenmeier]

Hi,

it looks like as if Vista does not implement the Windows File Protection
(WFP) anymore.
I know that the User Account Control (UAC) feature and other File System
enhancement protect the Windows Vista files components. Now it looks like
Vista has got rid of WFP!

I have been searching for sfcfiles.dll and the dllcache directory...but they
are not there anymore!

Could anyone confirm this situation?

Thanks for your help.

Marc Ochsenmeier
www.propagating.net

 

[Alexander Suhovey]

it looks like as if Vista does not implement the Windows File Protection
(WFP) anymore.
I know that the User Account Control (UAC) feature and other File System
enhancement protect the Windows Vista files components. Now it looks like
Vista has got rid of WFP!

Hi Mirc,

Vista uses Windows Resource Protection. In addition to system files, it
protects critical registry keys. In addition, NTFS permissions on system
files and folders have been changed so only TrustedInstaller system account
has write access to system files. This account is also owner of system files
by default. See cmd.exe permissions below as an example (R=read only, F=Full
access).

c:\> cacls c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
NT SERVICE\TrustedInstaller:F
BUILTIN\Administrators:R
NT AUTHORITY\SYSTEM:R
BUILTIN\Users:R

c:\>

However, what I have read but have not confirmed yet is that WRP protects
less files than WFP (in terms of how WFP was protecting them). Read more
here:
http://weblog.infoworld.com/securityadviser/archives/2006/12/does_vistas_win.html

 

[Jane C]

Both sfc.exe and sfc_os.dll (Windows File Protection) are still in
Windows\System32 folder.