Microsoft KB Archive/260195

= Description of the Sfplog.txt File =

Article ID: 260195

Article Last Modified on 1/27/2007

-

APPLIES TO


 * Microsoft Windows Millennium Edition

-



This article was previously published under Q260195



SUMMARY
System File Protection (SFP) is a feature of Windows Millennium Edition (Me) that is designed to protect critical system files. For more information about SFP, see the following article in the Microsoft Knowledge Base:

253571 Description of the System File Protection Feature

SFP logs information in the Windows\System\SFP\Sfplog.txt file. This log file records all events that are relevant to SFP, including the date and time that an event occurred.



MORE INFORMATION
Each entry in the Sfplog.txt file is preceded by either &quot;Normal&quot; or &quot;Critical,&quot; depending on the type of entry, and then the date and time.

Some examples of actions logged by SFP include:
 * SFP FirstRun

This is logged when Stmgr.exe starts the SFP process on the computer. This entry records the operating system version information.
 * File :\ \  has been deleted

This is logged when a protected file is deleted.
 * Invalid file :\ \, version   copied. Correct version is

This is logged when a protected file is replaced with the wrong version.
 * Invalid file :\ \, version   copied. New file has correct version, but invalid hash

This is logged when SFP detects that a protected file has been replaced, and the hash value calculated for the file does not match hash value recorded for the file in the catalog.
 * SFP restored file :\ \  to version

This is logged when SFP restores the correct version of a protected file.
 * SFP cannot restore file :\ \  back. Original file has invalid hash

This is logged when SFP is not able to restore the proper file version. This can be caused by a missing catalog or by a file operation that was not intercepted by the SFP monitoring process. In the second case, the original file is not available to be restored. One example of such a situation is when a protected file is replaced in Safe mode. If the file is changed again in &quot;normal&quot; mode, this entry is added to the log, and the file is not protected.
 * SFP could not install catalog :\ \  - certificate is not trusted

This is logged when an installation process attempts to add a catalog that does not have a valid signature.

Keywords: kbinfo KB260195

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.