How to disable Windows File Protection

By Digital Pimp
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

MulletRobZ

Posted
Posted
  Digital Pimp said:
This one

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Add/modify the "SFCDisable" DWORD [REG_DWORD] Binary entry to read FFFFFF9D

By defaut, the binary reads "0000 01 00 00 00". I changed the value from 0 to 1, but I don't know about the binary value entry since it's screwy.

  • 1 month later...
Veteran

Herby

Posted
Posted

First import the reg file, rename "sfc_os.dll" in C:\Windows\ServicePackFiles\ , then rename "sfc_os.dll" in C:\Windows\System32\ & copy patched dll in your System32 directory. :D (File Version: 5.1.2600.2180)

SFCDisable.zipFetching info...

Veteran

Herby

Posted
Posted (edited)
  denzilla said:
Can't you just do it from safe mode, like if you're just swapping the uxtheme.dll? I dunno, just asking.

Yes you can, but this way is faster, you don't need to restart. :p

  evil-zen said:
thanks!!

You're welkome! :)

Edited by Herby
Rising Star

paratrupr

Posted
Posted

Have seen a few different ways of disabling WFP (ie swapping .dll and changing reg values).

Has anyone bothered to put a compressed sfc_os.dl_ into their i386 directory on the cd so it installs disabled?

Also, has anyone tried to add this to their winnt.sif unattended answer file? If so, is copying the modified dll necessary?

[systemFileProtection]

SFCQuota=0

SFCScan=0

SFCDisable=ffffff9d

By the way, this was found for Windows 2003 Server, not sure if it works with XP SP2.

Veteran

Herby

Posted
Posted
  paratrupr said:
Also, has anyone tried to add this to their winnt.sif unattended answer file? If so, is copying the modified dll necessary?

[systemFileProtection]

SFCQuota=0

SFCScan=0

SFCDisable=ffffff9d

It is still necessary to copy the modified dll, without it WFP stays enabled.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft: Edge performs better than Google Chrome on Windows in ad blocking and more

      By monterxz · Posted

      It has the same switch to allow whitelisting or not as the regular AdBlock extension.
    • These 20 crypto phishing applications are scamming Play Store users

      By Hamid Ganji · Posted

      These 20 crypto phishing applications are scamming Play Store users by Hamid Ganji Google Play Store is the main venue for Android users to download applications. While Google has strict rules and policies for verifying apps, some malicious apps somehow slip through anyway. Meanwhile, when it comes to crypto wallet apps, both Google app auditors and Play Store users need to be even more cautious. Cyble Research and Intelligence Labs has identified at least 20 crypto phishing applications on the Google Play Store that impersonate legitimate and popular crypto wallet apps and try to steal users' crypto credentials. By impersonation, these malicious apps trick users into downloading them and then start to capture the user's actual login data. "What makes this campaign particularly dangerous is the use of seemingly legitimate applications, hosted under previously benign or compromised developer accounts, combined with a large-scale phishing infrastructure linked to over 50 domains. This extends the campaign's reach and lowers the likelihood of immediate detection by traditional defenses." Cyble writes. Some of these malicious apps have the same name but come with a different package name. After removing duplicate names, here's the list of 9 newly discovered crypto phishing applications on the Play Store: Pancake Swap Suite Wallet Hyperliquid Raydium BullX Crypto OpenOcean Exchange Meteora Exchange SushiSwap Harvest Finance Blog According to Cyble, these apps prompt users to enter their 12-word mnemonic phrase to access the fake crypto wallet. Also, scammers use accounts that were previously used to distribute legitimate apps to minimize the risk of getting caught by Google. These accounts are more likely to be compromised and then taken over by scammers. If you've downloaded any of these fake crypto wallet apps from the Play Store, make sure to delete them as soon as possible. In 2024, revenue from crypto scams was estimated to be around $9.9 billion. This billion-dollar crypto scam business is expected to grow massively in 2025 thanks to AI.
    • The Expanse: Osiris Reborn is a new narrative-driven sci-fi RPG inspired by Mass Effect

      By Som · Posted

      oooh
    • Politically funny images of the World

      By Nick H. · Posted

    • Microsoft: Edge performs better than Google Chrome on Windows in ad blocking and more

      By olympus1 · Posted

      Again...just because Microsoft never managed to be as successful as Google in that business that doesn't mean they are not exactly what Google is. An online advertising company. Edge's built in ad block in case you don't know whitelists their own advertising platform. According to Microsoft... Google ads and tracking bad, Microsoft ads and tracking good:)

  • Recent Achievements

    • Week One Done
      LunaFerret earned a badge
      Week One Done
    • Week One Done
      Ricky Chan earned a badge
      Week One Done
    • Week One Done
      maimutza earned a badge
      Week One Done
    • Week One Done
      abortretryfail earned a badge
      Week One Done
    • First Post
      Mr bot earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      483
    2. 2
      +FloatingFatMan
      264
    3. 3
      snowy owl
      239
    4. 4
      ATLien_0
      229
    5. 5
      Edouard
      179
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!