Answer the question
In order to leave comments, you need to log in
L
L
LMaster2013-05-23 00:45:03
LMaster, 2013-05-23 00:45:03
How to authenticate Windows file systems?
Is there any way to verify that a file is from Microsoft and has not been modified? Maybe there is some database of hashes of all files of all editions of the OS (first of all, files from the% systemroot% directory are of interest)?
I understand that with every update some of the files are modified, but I don't think it's too difficult for a company like Microsoft to add information about fixed files to the database.
6 answer(s)
@asko_o
@joneleth
@ZUZ
A
asko_o, 2013-05-23 @asko_o
Checking the integrity of system files with the sfc.exe command on the command line with prefixes
J
joneleth, 2013-05-23 @joneleth
sigverif
But what is the task? If you catch viruses, then you just need to reinstall.
Z
ZUZ, 2013-05-23 @ZUZ
When combofix is running , there is a check for modified files, and if they are found, it tries to restore from a backup copy, it rolls in 50-70% and the file is restored. If it was not possible to restore, then you can simply manually restore / copy from the working machine.
Similar questions
S
O
A
E
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question