How to disable Windows File Protection


Recommended Posts

  Digital Pimp said:
This one

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Add/modify the "SFCDisable" DWORD [REG_DWORD] Binary entry to read FFFFFF9D

By defaut, the binary reads "0000 01 00 00 00". I changed the value from 0 to 1, but I don't know about the binary value entry since it's screwy.

  • 1 month later...

First import the reg file, rename "sfc_os.dll" in C:\Windows\ServicePackFiles\ , then rename "sfc_os.dll" in C:\Windows\System32\ & copy patched dll in your System32 directory. :D (File Version: 5.1.2600.2180)

SFCDisable.zipFetching info...

  denzilla said:
Can't you just do it from safe mode, like if you're just swapping the uxtheme.dll? I dunno, just asking.

Yes you can, but this way is faster, you don't need to restart. :p

  evil-zen said:
thanks!!

You're welkome! :)

Edited by Herby

Have seen a few different ways of disabling WFP (ie swapping .dll and changing reg values).

Has anyone bothered to put a compressed sfc_os.dl_ into their i386 directory on the cd so it installs disabled?

Also, has anyone tried to add this to their winnt.sif unattended answer file? If so, is copying the modified dll necessary?

[systemFileProtection]

SFCQuota=0

SFCScan=0

SFCDisable=ffffff9d

By the way, this was found for Windows 2003 Server, not sure if it works with XP SP2.

  paratrupr said:
Also, has anyone tried to add this to their winnt.sif unattended answer file? If so, is copying the modified dll necessary?

[systemFileProtection]

SFCQuota=0

SFCScan=0

SFCDisable=ffffff9d

It is still necessary to copy the modified dll, without it WFP stays enabled.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • It has the same switch to allow whitelisting or not as the regular AdBlock extension.
    • These 20 crypto phishing applications are scamming Play Store users by Hamid Ganji Google Play Store is the main venue for Android users to download applications. While Google has strict rules and policies for verifying apps, some malicious apps somehow slip through anyway. Meanwhile, when it comes to crypto wallet apps, both Google app auditors and Play Store users need to be even more cautious. Cyble Research and Intelligence Labs has identified at least 20 crypto phishing applications on the Google Play Store that impersonate legitimate and popular crypto wallet apps and try to steal users' crypto credentials. By impersonation, these malicious apps trick users into downloading them and then start to capture the user's actual login data. "What makes this campaign particularly dangerous is the use of seemingly legitimate applications, hosted under previously benign or compromised developer accounts, combined with a large-scale phishing infrastructure linked to over 50 domains. This extends the campaign's reach and lowers the likelihood of immediate detection by traditional defenses." Cyble writes. Some of these malicious apps have the same name but come with a different package name. After removing duplicate names, here's the list of 9 newly discovered crypto phishing applications on the Play Store: Pancake Swap Suite Wallet Hyperliquid Raydium BullX Crypto OpenOcean Exchange Meteora Exchange SushiSwap Harvest Finance Blog According to Cyble, these apps prompt users to enter their 12-word mnemonic phrase to access the fake crypto wallet. Also, scammers use accounts that were previously used to distribute legitimate apps to minimize the risk of getting caught by Google. These accounts are more likely to be compromised and then taken over by scammers. If you've downloaded any of these fake crypto wallet apps from the Play Store, make sure to delete them as soon as possible. In 2024, revenue from crypto scams was estimated to be around $9.9 billion. This billion-dollar crypto scam business is expected to grow massively in 2025 thanks to AI.
    • Again...just because Microsoft never managed to be as successful as Google in that business that doesn't mean they are not exactly what Google is. An online advertising company. Edge's built in ad block in case you don't know whitelists their own advertising platform. According to Microsoft... Google ads and tracking bad, Microsoft ads and tracking good:)
  • Recent Achievements

    • Week One Done
      LunaFerret earned a badge
      Week One Done
    • Week One Done
      Ricky Chan earned a badge
      Week One Done
    • Week One Done
      maimutza earned a badge
      Week One Done
    • Week One Done
      abortretryfail earned a badge
      Week One Done
    • First Post
      Mr bot earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      483
    2. 2
      +FloatingFatMan
      264
    3. 3
      snowy owl
      239
    4. 4
      ATLien_0
      229
    5. 5
      Edouard
      179
  • Tell a friend

    Love Neowin? Tell a friend!