Last week, we reported that Windows 10’s sfc /scannow command no longer works after the latest updates. The bug is hitting all supported versions of Windows 10 and the scannow command displays a generic error message, and the culprit appears to be the latest version of Windows Defender.
The sfc /scannow is a command to run System File Checker and repair Windows System files. Sfc /scannow (System File Checker) inspects important Windows files on the computer and replaces the corrupted file with a cached version.
After the latest updates, if you initiate a scan in any supported version of Windows 10 with the Windows System File Checker (sfc /scannow cmd command), the process would fail with the following error:
Windows Resource Protection found corrupt files but was unable to fix some of them. For online repairs, details are included in the CBS log file located at windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline repairs, details are included in the log file provided by the /OFFLOGFILE flag.
Checking the CBS log file reveals that the problem is linked to Windows Defender PowerShell Module. The log file also states error message “Hashes for file member do not match.”
Today, Microsoft has acknowledged this problem in a new support document. In the support document, Microsoft stated that sfc /scannow feature is not broken and there is a bug that causes System File Checker (SFC) to incorrectly flag Windows Defender PowerShell module files as corrupt.
Microsoft says the bug affects almost all versions of Windows 10, including the May 2019 Update and Windows 10 version 1607.
“This is a known issue in Windows 10 version 1607 and later versions, and Windows Defender version 4.18.1906.3 and later versions,” the company stated in the support document.
Microsoft has posted the following technical explanation:
The files for the Windows Defender PowerShell module that are located in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender ship as part of the Windows image. These files are catalog-signed. However, the manageability component of Windows Defender has a new out-of-band update channel. This channel replaces the original files with updated versions that are signed by using a Microsoft certificate that the Windows operating system trusts. Because of this change, SFC flags the updated files as “Hashes for file member do not match.”
Microsoft says it is working on a fix and SFC will stop flagging the files incorrectly in a new future version of Windows.
Users are advised to ignore the SFC error messages as the files are incorrectly marked as corrupt.