Verifying system files with File Signature Verification Utility

Windows OS critical system files are digitally signed. Digital signatures of the Windows OS critical system files help prove the authenticity of these files and ensure that it’s easy to track changes that might cause problems on a system. When you are having problems that can not easily be explained, such as a system becoming unstable after an application is installed, it’s a good idea to verify that critical system files haven’t been changed. You can do this by using the File Signature Verification utility.

You can start the File Signature Verification utility by following below steps:

1 Enter sigverif in the Start Menu search box or Run dialog box, and then press Enter key. This starts the File Signature Verification utility.

File Signature Verification.jpg

2 By default, the File Signature Verification utility displays a list of system files that aren’t digitally signed and writes verification results to %SystemRoot%\System32\Sigverif.txt file. Before you verify file signatures, you might want to specify logging options If so, tap or click Advanced button.

Advanced File Signature Verification Settings.jpg

Results are saved to a log file named Sigverif.txt. Any results you generate will overwrite any results that you previously generated. To help you track changes in files, you might want to append results rather than overwrite.

3 Tap or click Start button to run the File Signature Verification utility. In the results, notice the list of files displayed in the File Signature Verification utility report. These files don’t have digital signatures and could have been maliciously replaced by other programs of the same name Tap or click "Close" to return to the main window If you suspect a problem, review event logs and other error reports to check if any of these files show up in the error reports.

File Signature Verification_2.jpg

4 If you want to review the verification log, tap or click Advanced button, and then tap or click View Log button. Check the log to find out if there are files that have been altered since they were installed. Files are listed by status, such as Signed and Not Signed. Note the modification date and version of the file. If a computer has been having problems since a certain date, and critical files were changed on this date, this could be the source of the problem. For example, perhaps a program was installed that overwrote a critical file with an older version.

5 if any one of the Windows OS critical system files have been altered run System File Checker (Sfc.exe) command to repair and replace altered system files.