SFP (System File Protection) is a nifty feature of Windows Millennium Edition that protects files essential to the mental health and wellbeing of your operating system.. which by the way can't be turned off but that's for your own good :-) The main purpose of SFP is try and prevent some of the stock standard errors that have plagued perhaps us all at some point... most notorious woudl be the .dll and .exe errors and we can all do without an excess of those! One of the main causes of system instability is due to programs that use a vital system file been installed or uninstalled... installation can overwrite the system file with an older version or one that doesn't have a valid certificate and uninstalling can a remove a system file that other programs rely on, return it to a previous version or botch the whole thing leaving it in tatters (corrupt). Brain Fluff: SFP replaces System File Checker (SFC) in Windows 98 and Windows 2000 also has a similar feature called Windows File Protection (WFP)

What it does...
Basically SFP makes sure that the 'critical' bits and bobs (shared system files) on your computer are not replaced by older versions of the same file (very handy!) and it also ensures that only files approved by Microsoft can get in the door. If a program you're trying to install bowls in and replaces a protected system file, SFP will kick in to check it out... here's how...

you install a program... just so happens this one has a system file that it installs at the same time.. SFP comes bounding along carrying a rather large copy of Sfpdb.sfp (Sytem File Protection Database) and unrolls it to check to see if the system file that's being installed is named in the database. If SFP finds the file on the list it'll swipe the version currently installed and store it away, it then waits in the wings for the 'new' one to be installed... once it's in place it'll go along and give it a good once over noting down all the relevant information (version, date, certificate, hash etc) it then runs along to (a catalog that contains all the... lets say 'personal' information about the system files.. versions, dates and stamp of approval etc) and it'll check the information about the new file that's being installed against the information in the file. Around this point you'll notice a paper trail is well underway in the sfplog.txt log but we'll get to that later. If the file it's aok it'll let the installation go ahead, with the 'new' replacing the 'old'. If SFP turns it's nose up at the file it'll wait for the install to finish then go screaming along grab the one out of storage and switch it back to the way it was before... evidence of this can be seen in the sfplog.txt log file.

if you're having problems after an install/uninstall you might want to check out your sfplog file. Its a text document when is easy to access and read as everthing is laid out neatly and clearly The easiest way to access it is by hitting Winkey+F to bring up the Search window or...
Hit Start
Hit Find
type in sfplog.txt
Hit Search Now
once the file has been located double click it and it'll open in Wordpad. If you've had your computer a while or are prone to installing/uninstalling software at will then you'll find the file quite hefty. Now if you've been getting error messages stating which file is giving you grief or you've got a particular file in mind then with the document open hit ctrl+f to bring up the find window, type in the file you wish to check out references to and hit Find Next. Work your way through the log keeping in mind that it's organized by date, with the most recent being at the bottom. If you've got no idea what the file could be then start looking at and around the time the problem first appeared.

Here's a couple of examples...

Restoring a file that shouldn't have been deleted...
NORMAL:[04/14/2001 23:50:32:170] File C:\WINDOWS\FONTS\ARIAL.TTF has been deleted
NORMAL:[04/14/2001 23:50:43:430] SFP restored file C:\WINDOWS\FONTS\ARIAL.TTF to version

Incorrect version...
NORMAL:[05/11/2000 21:56:12:750] Invalid file C:\WINDOWS\twain.dll, version copied. Correct version is
NORMAL:[05/11/2000 21:56:12:970] SFP restored file C:\WINDOWS\twain.dll to version

These are the ones you need to watch for...
NORMAL:[09/07/2000 00:37:20:900] File C:\WINDOWS\SYSTEM\inseng.dll is in use. SFP made an entry into wininit.ini to restore the file
NORMAL:[09/07/2000 00:37:21:010] Invalid file C:\WINDOWS\SYSTEM\inseng.dll, version 5.50.4134.600 copied. New file has correct version but invalid hash
CRITICAL:[09/07/2000 00:37:21:010] SFP cannot restore file C:\WINDOWS\SYSTEM\inseng.dll back

In cases like this you may need to look at extracting the file again to replace it... as it's a protected system file you'll need to do this differently to most. A quick step by step on replacing a Protected file is available [HERE]

Quick Summary of the files..

sfpdb.sfp and filelist.xml is a database of ALL the files that are protected and there's around 8-900 of these wee puppies! An identical file to this is filelist.xml and yep, you can check them both out.
sfpdb.sfp is in c:\windows\system\sfp\
filelist.xml is in c:\windows\system\restore\ is the catalog that contains all the... lets call it 'personal' information about the system files.. versions, dates and stamp of approval

sfplog.txt this the log/record of all the action going on including the date time, versions, what the problem was and if it was successfully replaced and if not why not.. look for things like incorrect version , certicate invalid, correct version but invalid hash etc etc The one you have to watch out for are when it states that it was 'unable to restore' this means that somethings gone wrong and you may have to think about manually replacing the file.. which can be a bit of a drama as you have to sneak behind sfp to do it so that it doesn't automatically kick back in and replace it once your back is turned.

Want to see if a System File is protected?
you can check out either Sfpdb.sfp or Filelist.xml
Hit Winkey+F to bring up the Search window or...
Hit Start
Hit Find
type in either of the files above
Hit Search Now
once the file has been located double click on it to open

Sfpdb.sfp opens in Wordpad but you'll be presented with an "Open with.." box first, from there select WordPad. Do NOT select "Always open with this program"
All the files will be listed
Hit Ctrl+F
enter the file you can to check and hit ok

Filelist.xml will open in explorer
Expand the brances and hit Ctrl+F
enter the file you can to check and hit ok

Popup Notification
If you want to know when SFP is going to kick you can enable a Popup this means pulling up your Registry so...
hit Start
hit Run
on open type regedit
navigate your way to


find the "ShowPopups" key and change the value from 0 to 1
save, exit and your done... after a rootboot of course

Replacing a SFP file...
If you want a Step By Step on Manually Replacing a Protected file you can find it [HERE]
Hits: 2933
Comments (0)add comment

Write comment


More to explore

  • Ode to Horace
    Sometimes life can be overly complicated so when presented with the opportunity to sit down and have a really good laugh one should do so, and do so with gusto... and with  Read More...
  • simplicity
    I strongly believe that if people spent more time admiring and appreciating the simplicity and beauty of purple cabbage they would enjoy life and all it's little quirks a great deal more. Read More...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

Random Thought

"It's not very pleasant in my corner of the world at three o'clock in the morning. But for people who like cold, wet, ugly bits it is something rather special." ~ Eeyore