ServicePack versus WFP

Hello,
I’am interested in how ServicePack disables WFP while is being installed.
I know, this is not the right FS question, but I suppose, it is quite
nearby.

Thanks Ondra Sevecek.

It doesn’t. So long as the file is properly signed, Windows File Protection
(WFP) will not only allow replacement, but copy the NEW version into the DLL
cache.

You can easily see this by copying a randomly signed file on top of one of
the signed .sys files (or ntoskrnl.exe, even) and you will note that it does
not restore the original.

So long as it is signed, it is OK.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Ondrej ?evecek [mailto:xxxxx@centrum.cz]
Sent: Wednesday, July 17, 2002 2:28 AM
To: File Systems Developers
Subject: [ntfsd] ServicePack versus WFP

Hello,
I’am interested in how ServicePack disables WFP while is being installed.
I know, this is not the right FS question, but I suppose, it is quite
nearby.

Thanks Ondra Sevecek.


You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to %%email.unsub%%

I don’t believe it does. I think the service pack installs the signature catalog for the new files first, which causes WFP to recognize them as valid and therefore not attempt to replace them.

-----Original Message-----
From: Ondřej Ševeček [mailto:xxxxx@centrum.cz]
Sent: Tue 7/16/2002 11:27 PM
To: File Systems Developers
Cc:
Subject: [ntfsd] ServicePack versus WFP

Hello,
I’am interested in how ServicePack disables WFP while is being installed.
I know, this is not the right FS question, but I suppose, it is quite
nearby.

Thanks Ondra Sevecek.


You are currently subscribed to ntfsd as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com