2 methods are often detected - to ensure the stability of Windows 7 file system

  

The system files in the Microsoft operating system are not only the necessary files for the operating system installation, but also some drivers. Microsoft operating systems support hardware much more strongly than open source operating systems such as Linux.

As we all know, Microsoft operating system files are often the object of concern for programs such as Trojans and viruses. Sometimes users will not break system files inadvertently. System instability is mostly caused by damage to system files. The stability of this system file has been improved in Windows 7.

Before talking about this topic, the system administrator needs to understand that the system files in the Microsoft operating system are not only the necessary files for the operating system installation, but also some drivers. Microsoft operating systems support hardware more strongly than open source operating systems such as Linux. In the Windows 7 operating system, an attack can detect most of the hardware and automatically find and install the appropriate drivers during the installation process. This is mainly because Microsoft will test the current mainstream hardware devices before a new version of the operating system comes out. If the test passes, the driver for this hardware will be added to the operating system. Therefore, after installing the Windows 7 system, you can identify most of the hardware without manually installing the driver. These drivers form the system files in the Microsoft operating system. The following protections for system file stability are equally valid for these driver files.

First, use the file signature to verify that the system file has been modified.

In the Windows 7 operating system, all system files (including Microsoft-approved driver files) will be signed by Microsoft. The signature information includes information such as the system file name, storage path, file creation date, and version number. If the system administrator deploys the Windows 7 system, collect relevant information. Then, when the operating system is unstable, the system administrator suspects that the system file is damaged, you can compare the signature of the system file with the original signature, and you can determine whether the system file is unknown to the administrator. Was changed. Therefore, relevant measures can be taken to repair the system files to restore the stability of the operating system.

In the Microsoft operating system, there is no need to manually collect this information. A graphical file signing tool is provided in the system to help system administrators do the job. In command line mode, entering the sigverif command will sign the dialog.


This file signing tool is a graphical management-based tool provided by the Microsoft operating system. When an application or hardware component is installed, if the system administrator suspects that the original, protected, digitally signed system file or startup program has been illegally modified or replaced, then the tool can be used to check for The existence of this situation. Although this tool already exists in previous versions of the operating system, it has been ignored by everyone. This tool has been improved a lot in Windows 7, especially in terms of performance. After the author's test, in the Windows 7 operating system, this tool runs several times faster than the previous version of the operating system. In addition, this tool has also been improved in functionality. For example, in the previous operating system, only the system files were detected, and the drivers were not detected. For now, this tool will detect system files and driver files at the same time to ensure that all files have Microsoft digital signatures. When the tool detects a file version that is not signed or inaccurate, it will inform the administrator of the relevant information file name, modification time, version number, and so on. This information is also kept in the system-related logs for subsequent queries by the system administrator.

However, after I use it, I feel that there is still an inconvenient place, that is, I cannot import this information directly into a text file or directly copy it. If the tool now has a problem with a file, such as tcpip.sys this file has a problem. Now system administrators may need to find out the specific purpose of this file on the Internet, and whether anyone has encountered this problem before. But what makes me discouraged is that I can't directly copy the file name. Now when I want to ask others about the purpose of this file, I have to manually input it, not by copying and pasting. The author suggests that Microsoft's design experts can be more humane in this regard. Finally, you can export this information directly to a text file in this window or you can copy and paste directly. Instead of opening a log file to do these behaviors.

Another thing to note is that this tool does not fix the problematic files yourself. So running this tool does not require administrator privileges. In other words, ordinary users can also run this program to check if the system files have been maliciously changed.

Second, use the sfc command to automatically repair the problematic system files.

What should I do if I find the problematic system file through the above tool? In addition to repairing system files through the system installation disk or manually repairing files, another useful tool, the sfc command, is provided in the operating system. The function of this command is similar to the function of the file signature authentication tool, which verifies the legality of the system files and the signature of the driver. However, there are still big differences between the two tools.

One is the difference in appearance. Sfc is a tool under the command line, that is, there is no graphical management wizard. The file signature verification tool is a graphical management tool. So in terms of convenience, the file signature tool may be easier to use. However, for system management experts, there may be no essential difference between a graphical interface and a text interface. Another major difference may be the difference in functionality. The Sfc command not only checks the legality of system files and driver signatures, but also automatically fixes detected files. The way to fix it is to automatically replace any detected incorrect files with the Microsoft version of the extra file. Since there is no prompt to the system administrator during the replacement process, there is a certain risk when using this tool. To this end, the author's suggestion is that the system administrator should first use the file signing tool to check which problematic system files or driver files exist. If it is confirmed that these files are replaced by the Microsoft version of the file without problems, use the sfc command line tool to automatically fix the problematic file.

If in the operating system, the system administrator has deployed some unsigned system files. If the system administrator thinks these files are required, then it is best not to use this tool. If you can use this tool, copy those files that are legal but not signed, and then use this tool to fix other problematic system files or drivers. Wait until the repair is complete before restoring these legal unsigned files or driver files. In addition, because this tool is relatively risky to run, for this reason, the Windows7 operating system has strict restrictions, and it must be an administrator to run this program. Note the default administrator account for this admin trait system. That is, if the system administrator has created a new account, then add this account to the Administrators group. At this point the account has the identity of an administrator, but it still cannot run this sfc tool. Because he is not the system's default administrator account. Microsoft's restrictions in this regard are mainly to prevent this tool from being abused, thus affecting other users' applications.

You can also use this tool in conjunction with Group Policy. This tool can be run automatically when the operating system is started, as configured in Group Policy. In general, if the Windows 7 operating system is only used as a client, then this is a good choice to maintain its stability. But if it is used as a server, then I don't recommend it. Because the server is sensitive to enterprise information applications (the server is affected by all server failures), it is only used if the system file is corrupt or there is a problem with the driver. And before using this tool, it's a good idea to use the signature verification tool to query for files that may be problematic. If necessary, you need to back up the data in the server first. To prevent the operating system from starting due to a file recovery failure. For this reason, the author thinks that sfc is a good tool to maintain system file stability, but system administrators still need to use it cautiously.

Copyright © Windows knowledge All Rights Reserved