The SFC /SCANNOW Command May Overwrite Hotfix Files

Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
If you run the Windows File Checker utility (SFC) with the /SCANNOW switch (sfc /scannow) after you install Windows 2000 hotfixes or security updates, updated or patched files that were installed may later be overwritten by previous versions of those files.
CAUSE
This behavior may occur if you are running a version of Windows 2000 earlier than Windows 2000 Service Pack 4 (SP4).

On computers with versions of Windows 2000 earlier than Windows 2000 SP4, Windows File Checker can only retrieve files from the original Windows installation media or from installed service packs. When you install a pre-Windows 2000 SP4 hotfix, the hotfix does not register itself in a way that SFC recognizes. Therefore, SFC does not detect that it must retrieve the files from the pre-SP4 hotfix instead of from the original installation media or from a service pack when you run the sfc /scannow command.
RESOLUTION
To resolve this issue, install Windows 2000 SP4. Post-SP4 hotfixes and security patches are registered in such a way that SFC detects them. This problem does not occur on computers that run Windows 2000 SP4 or later.For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
WORKAROUND
To work around this issue, reinstall all hotfixes and security updates after you run the sfc /scannow command.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was corrected in Windows 2000 SP4.
MORE INFORMATION
If you install a hotfix, and then run the sfc /scannow command, a mixed binary file state is introduced. The sfc/scannow command refreshes the Dllcache with the latest registered versions of the protected operating system files on the computer. Because pre-SP4 hotfixes do not register in a way that SFC recognizes, the command may restore older versions of the fixed binaries to the Dllcache. Although SFC does not modify the binary file on the computer (unless that file is corrupted), if the binary file on the computer is later corrupted or damaged, Windows restores it from the version that is stored in the Dllcache.
sfc scannow wfp hotfix security bulletin
Properties

Article ID: 814510 - Last Review: 12/08/2015 02:02:00 - Revision: 4.3

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • kbnosurvey kbarchive kbprb KB814510
Feedback