System File Check, Defender and Windows 10 1903

Discussion in 'other software & services' started by stapp, Jul 10, 2019.

  1. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    I am unsure if this also happened before the latest round of updates which brought the build up to 18362.239 as my investigations have all been done today on the latest build.

    I have 4 machines at my house today.
    2 have 3rd party anti-virus on them
    2 have Defender as resident anti-virus on them.
    The 2 which have Defender as av both get 'cannot repair corrupt files' when running a system file check.
    Defender is mentioned in their CBS logs.

    All machines have 1903 build 18362.239 on them.

    Could anyone who has 1903 and runs Defender check if a SFC completes without an error?
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Is WD functioning properly?
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
    My scan while using Windows Defender.

    Microsoft Windows [Version 10.0.18362.239]
    (c) 2019 Microsoft Corporation. All rights reserved.

    C:\WINDOWS\system32>sfc /scannow

    Beginning system scan. This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.

    Windows Resource Protection found corrupt files but was unable to fix some of them.
    For online repairs, details are included in the CBS log file located at
    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
    repairs, details are included in the log file provided by the /OFFLOGFILE flag.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    Thanks ron
    That is exactly the result I see on the machines running Defender and latest 1903,.
    Could it be anything to do with the new Defender engine update? (I'm just guessing here as I have no idea when this started)

    Yes @itman Defender seems to be working normally.
     
  5. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Which corrupt files is WRP complaining about?. I had SFC complaining about msdts.log which was missing in WinSxS on W7 W8 and W10. Copied the missing file fron the respective rtm install wims and all was good. Not sure why the file was missing though. Maybe from one of the cleanup tools like dism++
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    A few weeks back, I activated WD periodic scanning on 1809. Since I had not done so previously, Win Update downloaded the most recent component files. Those all scanned w/o issue in a subsequent SFC scan.

    What I did find quite odd is none of running components of WD, notably the engine, showed as verified in Process Explorer? Never saw that one before.
     
  7. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    This is only on Win 10 and Defender is mentioned in the CBS logs, plus it only happens on machines running Defender as AV on 1903.
     
  8. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    It happened on one of my pc's. I ran the following separately:
    DISM /Online /Cleanup-Image /CheckHealth
    DISM /Online /Cleanup-Image /ScanHealth
    DISM /Online /Cleanup-Image /RestoreHealth

    rebooted and ran sfc /scannow and it was fixed
     
  9. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    Interesting. I am having the exact same issue of corrupt files in sfc on all four Windows 10 laptops today and actually came on here to see if it was just me.

    Two PCs are running 1903 and 2 are running 1809. All four run Windows Defender and all four received all the Patch Tuesday updates today (in every case they installed successfully on the first try). The issue was not present when I did SFC scans a week ago - none of them had any integrity violations on those occasions. I'm not sure if the Patch Tuesday updates today are the culprit, or it could be the Update to the WD Antimalware platform 2 days ago (KB4052623) - all I know are those things are the only changes update-wise in the last week (apart from normal WD definition updates).

    WD is behaving normally a far as I can tell.

    I've run sfc /scannow three times and a Dism /Online /Cleanup-Image /RestoreHealth. A further SFC after completing these steps shows the problem persists:

    Windows Resource Protection found corrupt files but was unable to fix some of them.
    For online repairs, details are included in the CBS log file located at
    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
    repairs, details are included in the log file provided by the /OFFLOGFILE flag.
     
  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
  11. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    You're welcome @stapp. Just to clarify though (since you mentioned it's only 1903 above) - it's also 1809 for me too. All four have the same problem (2 with 1903, and 2 with 1809).

    I'm going to try what JohnBurns did since he reported success. *crosses fingers*
     
  12. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    If it does turn out as we suspect to be something to do with updates and Defender, I cannot see thousands of users doing DISMs. to put it right (If that works)
    They shouldn't have to.
     
  13. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    I agree! Although to be fair, most people probably don't run sfc scans as a matter of course. I only ran it today looking for clues as to why one machine hasn't been offered 1903 yet - I was surprised to see corrupted files (that were not there a week ago) so I ran it on the other three and they all showed the same SFC result.

    Good news - the repeat sfc after JohnBurns' method was clean. It said it found corrupt files, but this time it successfully repaired them! Going to tackle the other 3 computers tomorrow as it's now (OMG!) 2.45am.
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Time for an "AskWoody" posting.
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
    I had some odd behavior a couple of days ago, slow downs, lockups, and so on. Unusual for Win10.
    I suspect an update probably caused the problem.
     
  16. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    All fixed on all four after DISMs and repeat SFC scan. Thanks @JohnBurns. :) It looks like the culprit was in fact the Update to the WD Antimalware Platform a few days ago, as confirmed by someone on tenforums who had the issue AFTER getting said WD update, but BEFORE the Patch Tuesday ones.
     
  17. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    I haven't noticed this, although what I have noticed in the last few days (? since the WD platform update) is that on all my machines the Microsoft Store is taking flipping ages to check for updates when manually checking for them. Everything else has been snappy as usual.
     
  18. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    Happy you got them fixed.
     
  19. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Very informative thread thanks...
     
  20. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
  21. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Checking some PCs at work. 1903 with WD has this issue. With 3rd party AV it does not. Looking into if it is worth the time spent running DISM on all affected machines or seeing what/if Microsoft intends to do about it.
     
  22. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    You have to run the 3 'Disms' one after the other, followed by an ordinary SFC in order for it to work. No need to restart machine or anything
    DISM /Online /Cleanup-Image /CheckHealth
    DISM /Online /Cleanup-Image /ScanHealth
    DISM /Online /Cleanup-Image /RestoreHealth
    I've done the machines that were affected here as who knows when it'll get fixed. Also it would mean that any other SFC fixable issue may not be able to be fixed because of this.
     
  23. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Good point.
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Here's a screen shot showing the non-verified status of WD services I mentioned previously:

    WD_Notverified.png
     
  25. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Weird time stamps on some of those. I get similar results. Not sure what Autoruns is reading that from. If you go directly to the files the digital signature seems ok.

    --Also interesting. After running these DISM commands and running sfc again it still gives errors. If I run it yet again without doing anything else, it comes back with no errors the second time.

    ----Also, if anyone wondered, I just ran this on a Windows 10 20H1 VM and it came back with no errors at all.
     
    Last edited: Jul 11, 2019
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.