locked
WFP/SFC on POSReady 2009 RRS feed

  • Question

  • I was looped into a question concerning our registers running POSReady 2009.  It appears that WFP does not exist on this version of the OS.  I did some testing where I deleted some system files expecting them to be recovered and nothing happened.  I also copied bogus EXEs over system files and still no corrective action was taken.

    What is interesting is that certain components of SFC exist on the load of that OS, like sfc.dll, sfcfiles.dll (which is where I grabbed names of files to test), etc.  SFC.EXE does not exist, however.  And when I copy from a standard XP system to the POSREADY, the execution fails with an RPC error.

    In a POS environment, I would think this would be as or more important than a user workstation, especically with PCI requirements.

    Can this be confirmed, and is there a way to add WFP to the POSReady 2009 OS?

    Thursday, February 17, 2011 8:59 PM

Answers

  •  

    Windows File Protection (WFP) is not supported on any Windows XP based Windows Embedded platforms.  WFP is meant to prevent consumers from modifying the file system, but users of productions point of sale systems should not have access to the file system.  One benefit of excluding WFP from Embedded platforms is the reduction in footprint.  SFC.DLL and SFCFILES.DLL is used by Windows Update in servicing the platform.  It is recommended that the system be locked down and the point of sale application set as the shell rather than Windows Explorer to prevent users from having the ability to access the file system.

    Terry Warwick
    Microsoft

     


    Terry Warwick Microsoft
    Sunday, February 20, 2011 10:54 PM

All replies

  •  

    Windows File Protection (WFP) is not supported on any Windows XP based Windows Embedded platforms.  WFP is meant to prevent consumers from modifying the file system, but users of productions point of sale systems should not have access to the file system.  One benefit of excluding WFP from Embedded platforms is the reduction in footprint.  SFC.DLL and SFCFILES.DLL is used by Windows Update in servicing the platform.  It is recommended that the system be locked down and the point of sale application set as the shell rather than Windows Explorer to prevent users from having the ability to access the file system.

    Terry Warwick
    Microsoft

     


    Terry Warwick Microsoft
    Sunday, February 20, 2011 10:54 PM
  • Thank you for the reply Terry.

    Unfortunately, Users are not the only ones who can modify files in XP. 

    WFP according to a Microsoft KB article, linked below, protects from applications as well.  POSReady is still vulnerable to attack from malware, viruses, etc. and as such that mechanism is still needed.

    http://support.microsoft.com/kb/222193

     

     

    Tuesday, February 22, 2011 6:26 PM
  • I have done a little more research on the WFP support in POSReady 2009.  My prior statement of WFP not being supported on any Windows XP based Windows Embedded platform may have been premature.  Upon further investigation, WFP appears to be working on POSReady 2009 except when installed to and running on a USB drive.
    Terry Warwick Microsoft
    Friday, March 4, 2011 3:31 PM