Windows file protection protects all the .sys, .dll, .exe, and
ocx files, as well as some TrueType fonts, that were shipped with Windows.
Microsoft ships minesweeper (%systemRoot%\System32\Winmine.exe) with Windows and using it to
verify that WFP is running is it's best use:
1. Open Windows Explorer and navigate to %systemRoot%\System32.
2. Right-click the Winmine.exe file and press Rename.
3. Type Winmine.sav and press Enter.
4. Go get a cup of coffee, a coke, or a smoke.
5. Press ALT+V+R to refresh the Windows Explorer display and scroll down to Winmine.sav.
If Winmine.exe is their, WFP is working.
NOTE: If you check your System Event log, you should have:
Source: Windows File Protection Event ID: 64002 Description: File replacement was attempted on the protected system file %SystemRoot%\system32\winmine.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.0.2135.1.
0 comments
Hide comments