Windows 10 CMD

Last week, we reported that Windows 10’s sfc /scannow command no longer works after the latest updates. The bug is hitting all supported versions of Windows 10 and the scannow command displays a generic error message, and the culprit appears to be the latest version of Windows Defender.

The sfc /scannow is a command to run System File Checker and repair Windows System files. Sfc /scannow (System File Checker) inspects important Windows files on the computer and replaces the corrupted file with a cached version.

After the latest updates, if you initiate a scan in any supported version of Windows 10 with the Windows System File Checker (sfc /scannow cmd command), the process would fail  with the following error:

Windows Resource Protection found corrupt files but was unable to fix some of them. For online repairs, details are included in the CBS log file located at windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline repairs, details are included in the log file provided by the /OFFLOGFILE flag.

Windows 10 SFC

Checking the CBS log file reveals that the problem is linked to Windows Defender PowerShell Module. The log file also states error message “Hashes for file member do not match.”

Today, Microsoft has acknowledged this problem in a new support document. In the support document, Microsoft stated that sfc /scannow feature is not broken and there is a bug that causes System File Checker (SFC) to incorrectly flag Windows Defender PowerShell module files as corrupt.

Windows 10 CBS log file

Microsoft says the bug affects almost all versions of Windows 10, including the May 2019 Update and Windows 10 version 1607.

“This is a known issue in Windows 10 version 1607 and later versions, and Windows Defender version 4.18.1906.3 and later versions,” the company stated in the support document.

Microsoft has posted the following technical explanation:

The files for the Windows Defender PowerShell module that are located in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender ship as part of the Windows image. These files are catalog-signed. However, the manageability component of Windows Defender has a new out-of-band update channel. This channel replaces the original files with updated versions that are signed by using a Microsoft certificate that the Windows operating system trusts. Because of this change, SFC flags the updated files as “Hashes for file member do not match.”

Microsoft says it is working on a fix and SFC will stop flagging the files incorrectly in a new future version of Windows.

Users are advised to ignore the SFC error messages as the files are incorrectly marked as corrupt.

About The Author

Mayank Parmar

Mayank Parmar is Windows Latest's owner, Editor-in-Chief and entrepreneur. Mayank has been in tech journalism for over seven years and has written on various topics, but he is mostly known for his well-researched work on Microsoft's Windows. His articles and research works have been referred to by CNN, Business Insiders, Forbes, Fortune, CBS Interactive, Microsoft and many others over the years.