Windows File Protection - Auditing

(imported topic written by MrFixit)

We’ve recently ran into a issue with a rollback of a unsigned driver that was caused by what would have been same as sfc /scannow being run.

What we would like to do is to create an analysis that would do something similar to what sfc /scannow does but not make any changes but report any descrepancies.

I don’t know enough about Windows File Protection to know if it is possible or not yet, but I thought I throw it out the group while I research.