iondjp

Can SFC program be compromised

Recommended Posts

I just ran sfc /scannow and happy to see all was okay.

It got me wondering, how reliable is SFC? Is it possible it too could be compromised to provide misleading results?

Share this post


Link to post
Share on other sites

The short answer to that is: no. It can be broken by malware (as in: won't run) or blocked (a replacement is attempted but after a reboot the original bad file is back), but that is about it.

That being said, malware doesn't need to manipulate it, if it can just circumvent it. If a system is infected and a replaced system file has sufficient permissions to fool Windows into thinking it is legitimate (this typically is rootkit-level), you can run SFC all you want and Windows will report everything is fine, while in fact you can have one or more infected system files. So running SFC is not a malware scan nor should it be used as such.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.