You are troubleshooting a Windows Server 2022 file server that was flagged by endpoint protection for possible tampering with core operating-system binaries. You want to use only built-in Windows tools to verify the integrity of every protected system file and automatically restore any that have been modified, without installing additional software. Which single command accomplishes this goal?
Execute DISM /Online /Cleanup-Image /ScanHealth to scan the Windows image.
Use icacls C:\Windows\System32 /verify to check and repair file ACLs.
Run chkdsk /f C: to repair file-system errors on the system volume.
Run sfc /scannow from an elevated Command Prompt or PowerShell session.
System File Checker (sfc) is a Windows utility that works with Windows Resource Protection (WRP) to validate the integrity of protected system files. Using the /scannow switch scans all protected system files immediately. If it discovers incorrect, modified, or damaged files, it replaces them with the correct version from a cached copy in the component store (%WinDir%\WinSxS), thereby restoring file integrity.
Chkdsk /f repairs logical file-system structures on a volume but does not compare individual system binaries to known good copies.
DISM /Online /Cleanup-Image /ScanHealth checks the component store for corruption and reports its status; it does not fix or replace active system files by itself.
Icacls /verify audits access-control lists for canonical form and consistency; it does not check the contents or integrity of the files themselves.
Therefore, running sfc /scannow from an elevated prompt is the appropriate action to confirm and remediate protected file integrity problems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does sfc /scannow work?
Open an interactive chat with Bash
What is the difference between sfc /scannow and DISM /ScanHealth?