Removing Win7 junk components vs. WFP sfc /scannow

[hoptoit]

Recently built and installed custom Win7 Ultimate using NTLite.  But old habits die hard and I couldn't resist removing several junk Win7 components and features during customization.  Haven't done much tweaking yet and decided to run a WFP protected files scan.  Not surprising, there are some corrupt files found that cannot be fixed by WFP due to being completely removed.

 

I'm not opposed to the idea of keeping WFP enabled for now, but there's no method I've ever heard of to modify which files will receive WFP protection.  It wouldn't be much hassle to restore removed components/features and likely allow WFP to function smoothly.

 

What do you say?

>>> Will it be problematic to leave WFP enabled but helpless to fix all problems it finds? <<<

>>> Better to forget about downsizing junk Win7 components altogether? <<<

 

> sfc /scannow reports: Windows Resource Protection found corrupt files but was unable to fix some of them.

> excerpt from cbs.log follows:

 

2016-01-05 16:02:41, Info                  CSI    00000388 [sR] Repairing 3 components
2016-01-05 16:02:41, Info                  CSI    00000389 [sR] Beginning Verify and Repair transaction
2016-01-05 16:02:41, Info                  CSI    00000396 [sR] Could not reproject corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:52{26}]"WindowsAnytimeUpgrade.adml"; source file in store is also corrupted
2016-01-05 16:02:41, Info                  CSI    00000397 [sR] Could not reproject corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:26{13}]"AutoPlay.adml"; source file in store is also corrupted
2016-01-05 16:02:41, Info                  CSI    00000398 [sR] Could not reproject corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:46{23}]"ShellWelcomeCenter.adml"; source file in store is also corrupted
2016-01-05 16:02:41, Info                  CSI    00000399 [sR] Cannot repair member file [l:52{26}]"WindowsAnytimeUpgrade.admx" of Microsoft-Windows-Shell-GroupPolicy, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-01-05 16:02:41, Info                  CSI    0000039a [sR] This component was referenced by [l:292{146}]"Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.Microsoft-Windows-GroupPolicy-ClientTools-AdmFiles-Update"
2016-01-05 16:02:41, Info                  CSI    0000039b [sR] Cannot repair member file [l:26{13}]"AutoPlay.admx" of Microsoft-Windows-Shell-GroupPolicy, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-01-05 16:02:41, Info                  CSI    0000039c [sR] This component was referenced by [l:292{146}]"Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.Microsoft-Windows-GroupPolicy-ClientTools-AdmFiles-Update"
2016-01-05 16:02:41, Info                  CSI    0000039d [sR] Cannot repair member file [l:46{23}]"ShellWelcomeCenter.admx" of Microsoft-Windows-Shell-GroupPolicy, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-01-05 16:02:41, Info                  CSI    0000039e [sR] This component was referenced by [l:292{146}]"Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.Microsoft-Windows-GroupPolicy-ClientTools-AdmFiles-Update"
2016-01-05 16:02:41, Info                  CSI    0000039f [sR] Could not reproject corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:52{26}]"WindowsAnytimeUpgrade.admx"; source file in store is also corrupted
2016-01-05 16:02:41, Info                  CSI    000003a0 [sR] Could not reproject corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:26{13}]"AutoPlay.admx"; source file in store is also corrupted
2016-01-05 16:02:41, Info                  CSI    000003a1 [sR] Could not reproject corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:46{23}]"ShellWelcomeCenter.admx"; source file in store is also corrupted

 

> if you can decipher above, removed components/features included Windows Anytime Upgrade, Autoplay, and Welcome Center which WFP sees in connection to the Group Policy client

[vinifera]

so don't rely on SFC scan

I downsized win7 to roughly 2 GB (installed)

but will create my own "repair" method, while WFP still works, and should be left to exist as it is tied to more things than just recovery (which is useless)

Edited January 6, 2016 by vinifera

[hoptoit]

so don't rely on SFC scan

I downsized win7 to roughly 2 GB (installed)

but will create my own "repair" method, while WFP still works, and should be left to exist as it is tied to more things than just recovery (which is useless)

 

Sounds promising.  I take it that apart from sfc /scannow complaining it can't fix everything, you've found no other bad effects from leaving WFP enabled after downsizing away components which had protected files?

 

Agreed, Win7 recovery is flimsy at best.  The only other useful function of WFP is that it should help to prevent malware modifying system files.  But I don't know how effective it is at that task either.

[vinifera]

- the only errors can be maybe found in event viewer of volume shadow copy errors

 

- it sucks at it

while UAC may help but at the end of the day, its user who says "yes run it"

and any modern malware is capable logging in as SYSTEM, and here is where WFP fails

 

well until microshit develops normal sandboxing NT will never be safe

[hoptoit]

- the only errors can be maybe found in event viewer of volume shadow copy errors

 

- it sucks at it

while UAC may help but at the end of the day, its user who says "yes run it"

and any modern malware is capable logging in as SYSTEM, and here is where WFP fails

 

well until micros*** develops normal sandboxing NT will never be safe

 

Thanks for that perspective.  I'll leave WFP on and not worry about it.  Figures it doesn't have much teeth except maybe to recover from boneheaded deletion.

 

Curious what your Win7 component removal list looks like to arrive at 2GB install size.  Did you make the build with NTLite or another method?

[vinifera]

Actually WFP is also backbone for firewall, so that is a plus.

System files are protected by Trusted Installer but even that one fails if PC is infected with any crypt trojan.

 

I use RT7lite + manual deletion outside the WIM and then returning things back into it

 

unfortunately unlike vlite, RT7 doesn't show what was removed

but list should be something like this:

 

 

system wide ~80% redundant data, (duplicate files, other language and SKU files except EN and HR and Professional)

.net Framework 3.5 (and 3) and its backup

Win Media Player and codecs
Media Center components, Tablet components

All language packs except EN and HR
System Restore, Volume Shadow Copy, Indexing, Backup file(s) recovery
invisible Recovery Partition (its that crappy .wim with ~250 MB)
Windows Photo viewer

CD/DVD recording
WinSAT movie clips
all themes except Aero/Basic and Classic (and its additional files)

Prefetch

Indexing

Defragmenter

Defender

Natural Language search (this s*** alone saves you ~500 MB)

---
Disabled Page File and Hybernation File
SxS folder has been "filtered" (down to 1.8 GB)

-

 

there could be more i can't remember anymore

overall not much is removed, just junk

 

bit funny how actual OS should have been "big", but they went lazy way, just dump all language files

all SKU (version) files, and when user needs some sort of recovery, just copy it back from shitty duplicates...

but why bother if you still have to install OS from DVD, why not then leave all that crap on DVD ?

Edited January 8, 2016 by vinifera