(imported topic written by MrFixit)
We’ve recently ran into a issue with a rollback of a unsigned driver that was caused by what would have been same as sfc /scannow being run.
What we would like to do is to create an analysis that would do something similar to what sfc /scannow does but not make any changes but report any descrepancies.
I don’t know enough about Windows File Protection to know if it is possible or not yet, but I thought I throw it out the group while I research.
thanks,
-Gary