Windows Resource Protection

Windows File Protection worked by registering file changes in Winlogon . If the protected system file was modified, it was restored from the % WinDir% \ System32 \ dllcache folder . Windows Resource Protection works by setting discrete access lists (DACLs) and ACLs for protected objects. Permission to read / write WRP-protected objects is allowed only for processes using the Windows Modules Installer service (TrustedInstaller.exe). Now even administrators do not have full access rights to system files.

Windows Resource Protection provides protection for numerous file types ^[1] : .DLL, .EXE, .OCX, .SYS, .ACM, .ADE, .ADP, .APP, .ASA, .ASP, .ASPX, .AX, .BAS, .BAT, .BIN, .CER, .CHM, .CLB, .CMD and others.

WRP also protects some important directories. A folder containing only WRP-protected files can be blocked in such a way that the creation of files or subdirectories in it is allowed only to a trusted process. Partial blocking is possible, which administrators can bypass. Key registry keys are also protected; all its plug and values ​​can not be changed. In addition, WRP copies to the % WinDir% \ WinSxS \ Backup directory only those files that are needed to reboot the system, and not everything, as Windows File Protection does, archiving the entire system directories to the Dllcache folder.

Thus, Windows Resource Protection uses more efficient and flexible data protection tools: let's say, to change a single protected object, you only need to register it in the ACL , while Windows File Protection would need to be disabled completely.

System File Checker is also integrated with WRP. Under Windows Vista, Sfc.exe can be used to check the paths of system folders, including the Windows folder and boot folder.

• Windows File Protection
• System file checker
• Access Control List
• Security id

• About Windows Resource Protection (Windows )
• Windows Resource Protection (WRP) and ActiveX Control Installation on Windows Vista (English)