When installing Avast Antivirus , you may receive an error message "The Base Filtering Engine (BFE) is not running ", and Avast Setup wizard is unable to complete the installation until the Windows BFE service is restored and running.
The BFE service controls the operation of the Windows Filtering Platform . This service is essential for the operation of many firewall products, including the Firewall embedded in Avast Antivirus.
This issue may be a result of active malware which has disabled, terminated, or removed the Windows BFE service to prevent detection. It may also result from changes made to your system files or registry from a PC tune up software.
To resolve this problem, you need to restore and start the BFE service.
Ensure that the Windows Base Filtering Engine service is running by following these steps:
Before you begin, make sure you are logged in to Windows as a user with administrator permissions.
When you have successfully installed Avast on your PC, it is recommended to use these additional steps:
Reader Question:
“Hi Wally, My computer started acting strange a few days ago. I used antivirus and anti-malware but the virus just doesn’t go away. I read online that the the virus can break the base filtering engine and the antivirus can do nothing. What do you suggest I do now?
” - Miguel A., United Kingdom
Before addressing any computer issue, I always recommend scanning and repairing any underlying problems affecting your PC health and performance:
Setting up weekly (or daily) automatic scans will help prevent system problems and keep your PC running fast and trouble-free.
Wally’s Answer: The Base Filtering Engine or BFE for short is part of services that are used to get access to W i ndows security for development purposes. If this can be exploited, it can unfortunately make it much easier for the virus to go on undetected. But don’t worry, we’ll show you how to fix this easily.
Base Filtering Engine (BFE) is part of services in Windows Filtering Platform (WFP). Windows Filtering Platform (WFP) helps develop firewall and other software. A missing Base Filtering Engine can often be a cause of, or lead to, a malware attack.
When Viruses and Trojan infect your computer, they try to disable Base Filtering Engine (BFE). Doing this allows the virus to spread more easily by limiting the ability of firewalls and other applications to find and stop the virus. If the Base Filtering Engine (BFE) is compromised, an antivirus program can’t help you solve the problem anymore.
The Base Filtering Engine (BFE) files reside in the Windows dictionary, and the entries of this service are in the Windows Registry.
An application was compromised. Certain services and processes are vulnerable to attack and they can infect the system. e.g. outdated version of Adobe Flash.
Here we will see how to implement these solutions:
Using system restore is the fastest and easiest way to fix this problem. Windows creates system restore points when something significant happens such as a major Windows update. The user can create a system restore point themselves. to read more about using system restore.
Here we will look at how to modify the registry to restore the registry side of the Base Filtering Engine (BFE). Before you do this, scan your computer with WinThruster to make sure that there are no errors in the registry that could make things complicated.
Repairing The Service .dll File To Restore The BFE
You should be able to find SharedAccess under local services and start the service from there. But if you can’t seem to be able to do that then it means that the bfe.dll file (Windows\System32\bfe.dll ) might have gone corrupt.
After you have done all of the above, things should be working fine. You can verify that the bef service is in the Local Services database by doing the following:
I Hope You Liked This Blog Article! If You Need Additional Support on This Issue Then Please Don’t Hesitate To Contact Me On Facebook .
I always recommend to my readers to regularly use a trusted registry cleaner and optimizer such as WinThruster or CCleaner. Many problems that you encounter can be attributed to a corrupt and bloated registry.
Happy Computing!
Quick Solution (How fast can you do it?)
Easy Solution (How easy is it?)
Beginner-Friendly (Recommended for beginners?)
Summary: Every Windows Wally blog post is evaluated on these three criteria. The average of all three elements determines an "Overall Rating" for each blog post.
The Base Filtering Engine (BFE) service is an important network component that’s targeted by many malware. If the BFE service doesn’t start, many services such as Windows Firewall, Routing and Remote Access and other services fail to start.
Should the BFE service be missing from the Services MMC, or if the Action Center warns you that the Windows Firewall isn’t enabled, then it’s highly likely that your system is under attack. Have it checked thoroughly using a reputed anti-malware tool or you may seek professional help to eliminate malware. Trying to repair these services when a malware is on-board your system, isn’t going to help in most cases.
This post assumes that you’ve done a malware cleanup, and looking for information on how to fix the services such as BFE, Windows Firewall and others.
First (and probably the only) thing most of us do to reinstate the Base Filtering Engine Service is to import the service registry keys from a similar computer, which is actually a correct step. But this only enlists the service in the Services MMC, but the required service Permissions aren’t assigned automatically. Due to missing special permissions for the BFE service, the following errors occur when you try to turn on the BFE or Windows Firewall.
Action Center can’t turn on Windows Firewall
Turning it on via Windows Firewall control panel, may show up error Windows Firewall can’t change some of your settings. Error code 0x80070433 or Error 0x8007042c.
Services MMC: Windows could not start the Windows Firewall service on Local Computer. Error 1075: The dependency service does not exist or has been marked for deletion.
Services MMC: Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied.
This is recorded in the System event log as well:
Log Name: System
Source: Service Control Manager
Date: 1/9/2016 8:21:25 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: W10-PC
Description:
The BFE service terminated with the following error:
Access is denied.
First, create a System Restore point, and then restore the BFE service registry entries by downloading the appropriate .zip for your version of Windows:
Unzip and run the enclosed REG file. This registers the BFE service back.
If you aren’t able to open the BFE service registry key, or unable to change the Permissions as suggested in this article, then you may need to take ownership of the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
and (only if necessary), in this key:
For more information of changing ownership of a registry key, see article . Once done, it should be fairly easy to apply the correct permissions for the Base Filtering Service registry key.
Then, to fix the BFE service permissions, start Regedit.exe and go to the following registry path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
Right-click Policy, and click Permissions
It has some default permissions, inherited from the parent key. By default, SYSTEM and Administrators group have Full Control permissions. But this isn’t enough to start BFE.
Click the Add button.
In the Enter the object names to select: box, type NT SERVICE\BFE , and click OK.
BFE is added to the list of Group or user names. We need to give it some special permissions. Click Advanced
Select BFE, and click the Edit button.
In the Permission Entry dialog, enable or Allow the following Permissions for BFE:
After adding the above (six) Permissions, click OK.
You’ll be back at the Advanced Security Settings dialog now. Select BFE , and click the Replace all child object permissions with inheritable permissions from this object , and click OK.
you’ll be back at the standard permissions dialog. Simply click OK and close the dialog.
Restart Windows , and then launch Services MMC. To do so, click Start, type services.msc and hit {ENTER}. Double-click Base Filtering Engine , and check the status. If the permissions are correct and no malware is on-board, the Base Filtering Engine service should show the status as Started .
If all else fails, resetting the BFE service Security Descriptors might do the trick for you. Open a elevated/administrator Command Prompt. To do so, type cmd.exe in Start. From the search results, right-click Command Prompt, and choose Run as Administrator. In the console window, type in the following command:
SC SDSET D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
Make sure that there are no spaces in the Security Descriptor string. It should be like:
SC
Note: The BFE service default Security Descriptor is same for Windows 7, Windows 8 and Windows 10. Applying the above Security Descriptor for any other Windows Operating System isn’t suggested.
(For some background information on service Security Descriptors , read the posts by Richard Spitz and Microsoft Enterprise Networking Team TechNet Blogs).
And you should see the message SetServiceObjectSecurity SUCCESS . Restart Windows once again. Instead, if you get the error SetServiceObjectSecurity FAILED 5: Access is denied , then Permissions are wrong somewhere, in which case, re-run all the steps above to verify the Permission entries. It should work eventually!
Ramesh Srinivasan founded сайт back in 2005. He is passionate about Microsoft technologies and has a vast experience in the ITeS industry - delivering support for Microsoft"s consumer products. He has been a Microsoft MVP who contributes to various Windows support forums.
Post navigation> > How to Repair Base Filtering Engine Service Startup Problems?
Base Filtering Engine Service (BFE ) is a service that controls the operation of the Windows Filtering Platform. Windows Filtering Platform (WFP ) is a network traffic processing platform that allows software to “hook” into Windows networking stack and perform such functions as firewall, traffic shaping, filtering, accounting, etc.
This service is essential for operation of many firewall products: Windows built-in firewall, Norton Internet Security, Trend Micro Internet Security, and many others.
DU Meter also depends on BFE for network traffic accounting, and will display “service data is stale” error if BFE is not working properly.
There are viruses/trojans in active circulation that disable and remove the BFE service as a first step in the infection process.
In January 2012, I followed some link from Google, and immediately my Microsoft Security Essentials antivirus popped up and warned that real-time protection caught and disabled several viruses and trojans (Trojan:Win64/Sirefef.B, DDoS:Win32/Fareit.gen!A, Rogue:Win32/FakeRean, PWS :Win32/Karagany.A).
However, this was too late . The damange is already done. My BFE service and Windows firewall service were disabled and deleted from the registry.
Apparently, the malware that does this is exploiting a Flash vulnerability, therefore if you have Adobe Flash in your browser and it is not updated to the latest version, you could be infected by just visiting a wrong web page. I have User Account Control (UAC ) enabled on my Windows 7 computer, but it didn’t prevent the infection.
Since BFE is needed for proper firewall operation, it is important to restore it as soon as possible . The following steps are the easiest way to solve this problem:
Служб очень много. Оснастка services.msc названа мною самой удобной, поскольку она хотя бы выводит подробное описание службы (в отличие от msconfig), что позволяет понять, нужна вам эта служба или нет.
Как вы уже успели заметить, служб очень много. Приводить описание каждой службы я не стану, поскольку вы и так сможете его прочитать в программе services.msc. Лучше вместо этого рассмотрим таблицу, которая будет вашим "путеводителем" по службам Windows 7. В ней всего два столбца - название службы и рекомендуемый тип запуска. Но перед тем как включать или отключать какую-то службу, внимательно прочитайте ее описание - возможно, вас не устроит приведенный тип запуска (например, я рекомендую отключить службу Факс, но вы можете ее использовать для отправки факсов).
Служба | Рекомендуемый тип запуска |
BranchCache | Вручную |
DHCP клиент (DHCP Client) | Автоматически |
DNS клиент (DNS Client) | Автоматически |
KtmRm для координатора распределенных транзакций (KtmRm for Distributed Transaction Coordinator) | Отключена |
Microsoft .Net Framework NGEN v. <Версия> | Вручную |
Parental Control (родительский контроль) | Отключена |
Plug-and-Play | Автоматически |
Quality Windows Audio Video Experiense | Вручную |
Superfetch | Автоматически |
Windows Audio | Автоматически |
Windows Card Space | Отключена |
Windows Driver Foundation - User-Mode Driver Framework | Автоматически |
Windows Search | Отключена |
WMI Adapter Perfomance | Вручную |
Автонастройка WWAN | Вручную |
Автономные файлы (Offline Files) | Отключена |
Агент защиты сетевого доступа (Network Access Protection Agent) | Отключена |
Агент политики IPSEC (IPSec Policy Agent) | Отключена |
Адаптивная регулировка яркости | Отключена |
Архивация Windows (Windows Backup) | Вручную |
Брандмауэр Windows (Windows Firewall) | Автоматически |
Браузер компьютеров (Computer Browser) | Отключена |
Веб-клиент (WebClient) | Отключена |
Виртуальный диск (Virtual Disk) | Вручную |
Вспомогательная служба IP (IPHelper) | Отключена |
Вторичный вход в систему (SecondaryLogon) | Отключена |
Группировка сетевых участников (PeerNetworkingGrouping) | Вручную |
Дефрагментация диска | Вручную |
Диспетчер автоматических подключений (Remote Access Auto Connection Manager) | Вручную |
Диспетчер печати (Print Spooler) | Автоматически |
Вручную | |
Автоматически | |
Отключена | |
Автоматически | |
Доступ к HID-устройствам (Human Interface Devices Access) | Вручную |
Журнал событий Windows (Windows Event Log) | Автоматически |
Журналы и оповещения производительности (Performance Logs & Alerts) | Вручную |
Защита программного обеспечения | |
Защитник Windows (Windows Defender) | Автоматически (отложенный запуск) |
Защищенное хранилище (Protected Storage) | Вручную |
Изоляция ключей CNG (CNG Key Isolation) | Вручную |
Инструментарий управления Windows (Windows Management Instrumentation) | Автоматически |
Информация о совместимости приложений (Application Experience) | Вручную |
Клиент групповой политики (Group Policy Client) | Автоматически |
Клиент отслеживания изменившихся связей (Distributed Links Tracking Client) | Отключена |
Координатор распределенных транзакций (Distributed Transaction Coordinator) | Отключена |
Кэш шрифтов Windows Presentation Foundation (Windows Presentation Foundation Font Cache) | Вручную |
Ловушка SNMP (SNMP Trap) | Отключена |
Локатор удаленного вызова процедур (RPC, Remote Procedure Call Locator) | Отключена |
Маршрутизация и удаленный доступ (Routing and Remote Access) | Отключена |
Модули ключей IPsec для обмена ключами в Интернете и протокола IP с проверкой подлинности (IKE and AuthIP IPsec Keying Modules) | Отключена |
Модуль запуска процессов DCOM-сервера (DCOM Server Process Launcher) | Автоматически |
Модуль поддержки NetBIOS через TCP/IP (TCP/IP NetBios Helper) | Отключена |
Настройка сервера удаленных рабочих столов | Вручную |
Немедленные подключения Windows - регистратор настройки (Windows Connect Now - Config Registrar) | Вручную |
Обнаружение SSDP (SSDP Discovery) | Отключена |
Обнаружение интерактивных служб (Interactive Services Detection) | Вручную |
Общий доступ к подключению Интернета (Internet Connection Sharing) | Отключена |
Диспетчер подключения удаленного доступа (Remote Access Connection Manager) | Вручную |
Диспетчер сеансов диспетчера окон рабочего стола (Desktop Window Manager Session Manager) | Автоматически |
Диспетчер удостоверения сетевых участников (Peer Networking Identity Manager) | Отключена |
Диспетчер учетных записей безопасности (Security Accounts Manager - SAM) | Автоматически |
Определение оборудования оболочки (Shell Hardware Detection) | Автоматически |
Основные службы доверенного платформенного модуля (TPM Base Services) | Вручную |
Перенаправитель портов пользовательского режима служб удаленных рабочих столов (Remote Desktop UserMode Port Redirection) | Вручную |
Перечислитель IP шин PnP-X (PnP-X Bus Enumerator) | Вручную |
Питание | Вручную |
Планировщик заданий (Task Scheduler) | Автоматически |
Планировщик классов мультимедиа (Multimedia Class Scheduler) | Автоматически |
Поддержка элемента панели управления "Отчеты о проблемах и их решениях" (Problem Reports and Solutions Control Panel Support) | Вручную |
Политика удаления смарт-карт (Smart Card Removal Policy) | Отключена |
Поставщик домашней группы | Вручную |
Проводная автонастройка (Wired AutoConfig) | Вручную |
Программный поставщик теневого копирования (Microsoft) (Microsoft Software Shadow Copy Provider) | Вручную |
Прослушиватель домашней группы | Вручную |
ПротоколPNRP (Peer Name Resolution Protocol) | Вручную |
Публикация ресурсов обнаружения функции (Function Discovery Resource Publication) | Отключена |
Рабочая станция (Workstation) | Автоматически |
Распространение сертификата (Certificate Propagation) | Отключена |
Расширяемый протокол проверки подлинности ЕАР (Extensible Authentication Protocol) | Вручную |
Сборщик событий Windows (Windows Event Collection) | Отключена |
Сведения о приложении (Application Information) | Вручную |
Сервер (Server) | Автоматически |
Сервер упорядочивания потоков (Thread Ordering Server) | Вручную |
Сетевой вход в систему (Netlogon) | Отключено |
Сетевые подключения (Network Connections) | Вручную |
Система событий СОМ+ (СОМ+ Event System) | Автоматически |
Системное приложение СОМ+ (СОМ+ System Application) | Вручную |
Служба SSTP (SSTP Service) | Вручную |
Служба автоматического обнаружения веб-прокси WinHTTP (WinHTTP Web Proxy Auto-Discovery Service) | Отключено |
Служба автонастройки WLAN (WLAN AutoConfig) | Вручную |
Служба базовой фильтрации (Base Filtering Engine) | Автоматически |
Служба ввода планшетного ПК (Tablet PC Input Service) | Отключено |
Служба времени Windows (Windows Time) | Отключена |
Служба загрузки изображений Windows (Windows Image Acquisition, WIA) | Автоматически |
Служба инициатора Майкрософт iSCSI (Microsofti SCSI Initiator Service) | Вручную |
Служба интерфейса сохранения сети (Network Store Interface Service) | Вручную |
Служба кеша шрифтов Windows | Вручную |
Служба медиа приставки Windows Media Center (Windows Media Center Extender Service) | Отключена |
Служба модуля архивации на уровне блоков (Block Level Backup Engine Service) | Вручную |
Служба общего доступа к портам Net.TCP (Net.Tcp Port Sharing Service) | Отключена |
Служба общих сетевых ресурсов проигрывателя Windows Media (Windows Media Player Network Sharing Service) | Вручную |
Служба перечислителя переносных устройств (Portable Device Enumerator Service) | Отключена |
Служба планировщика Windows Media Center (Windows Media Center Scheduler Service) | Вручную |
Служба поддержки Bluetooth (Bluetooth Support Service) | Вручную |
Служба политики диагностики (Diagnostic Policy Service) | Вручную |
Служба помощника по совместимости программ (Program Compatibility Assistant Service) | Отключена |
Служба профилей пользователей (User Profile Service) | Автоматически |
Служба публикаций имен компьютеров PNRP (PNRP Machine Name Publication Service) | Вручную |
Служба регистрации ошибок Windows (Windows Error Reporting Service) | Отключена |
Служба ресивера Windows Media Center (Windows Media Center Receiver Service) | Отключена |
Служба сведений о подключенных сетях (Network Location Awareness) | Автоматически |
Служба списка сетей (Network List Service) | Вручную |
Служба уведомления SPP | Вручную |
Служба уведомления о системных событиях (System Event Notification Service) | Автоматически |
Служба удаленного управления Windows (Windows Remote Management (WS-Management)) | Отключена |
Служба шифрования BitLocker | Вручную |
Служба шлюза уровня приложения (Application Layer Gateway Service) | Вручную |
Службы криптографии (Cryptographic Service) | Автоматически |
Службы удаленных рабочих столов (Remote Desktop Services) | Вручную |
Смарт-карта (Smart Card) | Вручную |
Сопоставитель конечных точек RPC | Автоматически |
Средство построения конечных точек Windows Audio | Автоматически |
Телефония (Telephony) | Вручную |
Темы (Themes) | Автоматически |
Теневое копирование тома (Volume Shadow Copy) | Вручную |
Тополог канального уровня (Link-Layer Topology Discovery Manager) | Вручную |
Удаленный вызов процедур (Remote Procedure Call - RPC) | Автоматически |
Удаленный реестр (Remote Registry) | Отключена |
Удостоверение приложения | Вручную |
Узел системы диагностики (Diagnostic System Host) | Вручную |
Узел службы диагностики (Diagnostic Service Host) | Вручную |
Узел универсальных PNP-устройств (UPnP Device Host) | Отключена |
Управление приложениями (Application Management) | Вручную |
Управление сертификатом и ключом работоспособности (Health Key and Certificate Management) | Отключена |
Установщик ActiveX (ActiveX Installer) | Вручную |
Установщик Windows (Wndows Installer) | Вручную |
Установщик модулей Wndows (Windows Modules Installer) | Вручную |
Факс (Fax) | Отключена |
Фоновая интеллектуальная служба передачи (Background Intelligence Transfer Service - BITS) | Отключена |
Хост поставщика функции обнаружения (Function Discovery Provider Host) | Отключена |
Цветовая система Windows (Windows Color System - WCS) | Вручную |
Центр обеспечения безопасности (Security Center) | Отключена |
Центр обновления Windows (Windows Update) | Вручную |
Система шифрования данных на уровне файлов (Encrypting File System - EFS) | Автоматически |
Теперь разберемся, как правильно отключать службы. Составьте список служб, которые вам не нужны. После этого приступайте к отключению служб. Но не отключайте все службы сразу. Отключите 2-3 службы и перезагрузите компьютер. Если компьютер нормально загружается и работает после отключения служб, тогда отключайте следующие 2-3 службы и т.д. Иногда бывает так, что пользователь отключает все не нужные, на его взгляд, службы, но потом оказывается, что какая-то служба была таки нужна, и без нее система уже работает не так, как нужно. Но как понять, какую службу нужно включить? Например, вы бы догадались, что раскладки клавиатуры не будут переключаться, если отключить Планировщик заданий? Благо, в Windows 7 пользователь не может отключить критически важные для системы службы, в число которых входит Планировщик заданий. Способ отключения таких служб есть, но не через оснастку services.msc.