Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
View products that this article applies to.
The System File Checker (SFC) tool flags files that are located in the %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender folder as corrupted or damaged. When this issue occurs, you see error entries that resemble the following:
Hashes for file member do not match.
This is a known issue in Windows 10, version 1607 and later versions, and Windows Defender version 4.18.1906.3 and later versions up to version 4.8.1908.
The files for the Windows Defender PowerShell module that are located in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender ship as part of the Windows image. These files are catalog-signed. However, the manageability component of Windows Defender has a new out-of-band (OOB) update channel. This channel replaces the original files with updated versions that are signed by using a Microsoft certificate that the Windows operating system trusts. Because of this change, SFC flags the updated files as "Hashes for file member do not match."
Future releases of Windows will use the updated files in the Windows image. After this change is implemented, SFC will no longer flag the files.
This issue is fixed in the version 4.8.1908 update of Windows Defender. After this update is applied, PowerShell files that are part of the Windows image are not changed, and the SFC tool no longer flags these files. Internet-connected computers that subscribe to the Windows Update channel automatically download and install this update.
To repair the Windows image files on computers that have been affected by this issue, use the DISM tool. To do this, open a Command Prompt window on the affected computer, and run the following commands:
dism /online /cleanup-image /restorehealth sfc /scannow
If these commands fail and generate an error message that resembles "File not found," make sure that the Install.wim file is accessible, and then run the following commands:
DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:c:\install.wim:1 /LimitAccess sfc /scannow
For more information about repair commands, see Repair a Windows image.
Keywords: windows defender, windows powershell, system file checker