Windows 7 is becoming more and more popular, and most of my friends have Win 7 installed on their computers. I believe many of my friends know that Microsoft operating system files are often the focus of Trojans, viruses and other programs. Sometimes users will not break system files inadvertently. System instability is mostly caused by damage to system files. The stability of this system file has been improved in Windows 7. This article mainly introduces some protection measures for system file stability, and is also valid for these driver files.
First, use the file signature to verify that the system file is modified
In the Windows 7 operating system, all system files (including Microsoft-approved driver files) will be signed with Microsoft. The signature information includes information such as the system file name, storage path, file creation date, and version number. If the system administrator deploys the Windows 7 system, collect relevant information. Then, when the operating system is unstable, the system administrator suspects that the system file is damaged, you can compare the signature of the system file with the original signature, and you can determine whether the system file is not known by the administrator. Was changed. Therefore, relevant measures can be taken to repair the system files to restore the stability of the operating system.
In the Microsoft operating system, there is no need to manually collect this information. A graphical file signing tool is provided in the system to help system administrators do the job. In command line mode, entering the sigverif command will sign the dialog.
This file signing tool is a graphical management-based tool provided by the Microsoft operating system. When an application or hardware component is installed, if the system administrator suspects that the original, protected, digitally signed system file or startup program has been illegally modified or replaced, then the tool can be used to check for The existence of this situation. Although this tool already exists in previous versions of the operating system, it has been ignored by everyone. This tool has been improved a lot in Windows 7, especially in terms of performance. After the author's test, in the Windows 7 operating system, this tool runs several times faster than the previous version of the operating system. In addition, this tool has also been improved in functionality. For example, in the previous operating system, only the system files were detected, and the drivers were not detected. For now, this tool will detect both system files and driver files to ensure that all files have Microsoft digital signatures. When the tool detects a file version that is not signed or inaccurate, it will inform the administrator of the relevant information file name, modification time, version number, and so on. This information is also kept in the system-related logs for subsequent queries by the system administrator.
However, after using the author, I feel that there is still an inconvenient place, that is, I can't import this information directly into a text file or directly copy it. If the tool now has a problem with a file, such as tcpip.sys this file has a problem. Now system administrators may need to find out the specific purpose of this file on the Internet, and whether anyone has encountered this problem before. But what makes me discouraged is that I can't directly copy the file name. Now when I want to ask others about the purpose of this file, I have to manually input it, not by copying and pasting. The author suggests that Microsoft's design experts can be more humane in this regard. Finally, you can export this information directly to a text file in this window or you can copy and paste directly. Instead of opening a log file to do these behaviors.
Another thing to note is that this tool does not fix the problematic files yourself. So running this tool does not require administrator privileges. In other words, ordinary users can also run this program to check if the system files have been maliciously changed.
Second, use sfc command to automatically repair the problematic system files
If you find the problematic system files through the above tool, how to deal with it? In addition to repairing system files through the system installation disk or manually repairing the files In addition, another useful tool is provided in the operating system, namely the sfc command. The function of this command is similar to the function of the file signature authentication tool, which verifies the legality of the system files and the signature of the driver. However, there are still big differences between the two tools.
One is the difference in appearance. Sfc is a tool under the command line, that is, there is no graphical management wizard. The file signature verification tool is a graphical management tool. So in terms of convenience, the file signing tool may be easier to use. However, for system management experts, there may be no essential difference between a graphical interface and a text interface. Another major difference may be the difference in functionality. The Sfc command not only checks the legality of system files and driver signatures, but also automatically fixes detected files. The way to fix it is to automatically replace any detected incorrect files with Microsoft files. Since there is no prompt to the system administrator during the replacement process, there is a certain risk when using this tool. To this end, the author's suggestion is that the system administrator should first use the file signing tool to check which problematic system files or driver files exist. If you confirm that these files are replaced by Microsoft versions of the file without problems, use the sfc command line tool to automatically fix the problematic file.
If you are in the operating system, the system administrator has deployed some unsigned system files. If the system administrator thinks these files are required, then it is best not to use this tool. If you can use this tool, copy the files that are legal but not signed, and then use this tool to fix other problematic system files or drivers. Wait until the repair is complete before restoring these legal unsigned files or driver files. In addition, because this tool is relatively risky to run, for this reason, the Windows7 operating system has strict restrictions, and it must be an administrator to run this program. Note the default administrator account for this admin trait system. That is, if the system administrator has created a new account, then add this account to the administrators group. At this point the account has the identity of an administrator, but it still cannot run this sfc tool. Because he is not the system's default administrator account. Microsoft's restrictions in this regard are mainly to prevent this tool from being abused, thus affecting other users' applications.
You can also use this tool in conjunction with Group Policy. This tool can be run automatically when the operating system is started, as configured in Group Policy. In general, if the Windows 7 operating system is only used as a client, then this is a good choice to maintain its stability. But if it is used as a server, then I don't recommend it. Because the server is sensitive to enterprise information applications (the server is down for all related applications, the client will be affected), so use this tool only if the system file is damaged or the driver has problems. And before using this tool, it is best to use the signature verification tool to query for files that may be problematic. If necessary, you need to back up the data in the server first. To prevent the operating system from starting due to a file recovery failure. For this reason, the author thinks that sfc is a good tool to maintain system file stability, but system administrators still need to use it cautiously.