New
#11
How dose it know? Hash checks from the working files of course. Mind you,you need a freshly installed OS with no updates, this gives you you your base file information and all the files backpacked into an archive that can be live booted from to trouble shoot things with.
Then when you update the new files are scanned into the data base and archived but do not overwrite the original files in the archive(as a kind of incremental thing).
When you scan the computer may have to reboot to scan and or fix damaged files.
Its not that complicated , you can backup some system files and replace bad ones buts mostly done manually, if a file is not up to date it gets updated normally via the OS then archived accordingly.
The main thing is getting around windows file locks to restore or read a file, the rest is simple scripting and database management, sync/mirror the data and make a data base for hash info to further vet a file. Its a bit less manual than mercium,ect