Sfc /scannow is a command to scan system or regular files and repair corrupted files by replacing them with cached copies. This error indicates that the Windows Resource Protection mechanism found some corrupted files but could not fix some of them and suggested that users check the CBS log files for additional details. The CBS.log file indicates that the problem mainly stems from the hash mismatch causing the process to fail. This may happen when the hash value of the file does not match the file in the WinSxS folder.
Today Microsoft acknowledged this issue in the support documentation. In the support documentation, Microsoft stated that the sfc /scannow function was not corrupted, but this bug caused the System File Checker (SFC) to incorrectly mark the Windows Defender PowerShell module file as corrupt.
Microsoft wrote in the support document:
This known issue exists in Windows 10 verion 1607 and above, Windows Defender version 4.18.1906.3 and higher.
Microsoft subsequently released a technical note:
The module files for Windows Defender PowerShell are located in the %windir%System32WindowsPowerShellv1.0ModulesDefender path and are provided as part of the Windows image. These files are directory signed. However, Windows Defender's manageability component has a new out-of-band update channel. These channels replace the previous files with updated version files signed by the Microsoft operating system trusted by the Windows operating system. Due to this change, the SFC marks the updated file as "the hash value of the file member does not match"
Microsoft said it is in the process of repairing, and SFC will incorrectly mark files in a new, future version of Windows.