# Base Filtering Engine (BFE) Error 5. Access is denied



## Kurenka (Oct 27, 2015)

I've recently had issues with Avast Firewall failing to turn on/turning itself off so upon a recommended fix I ran the unstall and attempted to reinstall.

However the installation is being blocked with the following message:

"The Base Filtering Engine (BFE) service is not running.
Please ensure the service is enabled before installing Avast".

So I did a little research and found instructions for starting it via the services.msc Run prompt.
I was unable to start BFE via this method with the message "Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied".
It then recommended I open a Administrator/elevated command prompt and enter takeown /U %username% /F %USERPROFILE% /R /SKIPSL.
However I then get the message "ERROR. Invalid syntax. /U can be specified only when /S is specified". inputting "/S system" at the start simply results in a ERROR: The network path is not found." message..

So I then, upon recommendation of the same site with the above instructions ran a System File Check. However when this was complete I got the all clear message "Windows did not find any integrity violations".

My very limited understanding of this says that there is an issue with my BFE, however if I run a scan, it says nothing is wrong with it and I'm honestly fast approaching the pull my hair out/throw the laptop at the wall stage..Help, please?


----------



## Stancestans (Apr 26, 2009)

Hi :wavey: :welcome: to TSF!

Let's see the _entries_ and _permissions_ for _BFE_ in the _Registry_. Open *RegEdit*, navigate to HKEY\LOCAL_MACHINE\System\CurrentControlSet\Services\BFE then take a screenshot of the _Registry Editor_ window showing the entries and values for _BFE_. Next, right-click _BFE_, select "_Permissions..._" click on _Advanced_ then take a screenshot of the _Advanced Security Settings for BFE_ window that opens. Post the two screenshots in your next reply.


----------



## Kurenka (Oct 27, 2015)

Hi, Thanks for the fast reply. I hope these are the right screenshots required!


----------



## authenticprof (Oct 28, 2015)

First Check if the BFE services are showing in the Services list and is started. to check.

1. Click on Start
2. in the Search box type "services.msc" (without quotes) and hit enter key

When the Services window opens up check for "Base Filtering Engine".

If it is showing, check if it is started. If not then start it and the error should go.

If it is not showing up in the list then go to http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

Double-click on the downloaded file. 
It will take few seconds only.
Once complete, it will show ... "Done! Please check if BFE service is running now"


----------



## Stancestans (Apr 26, 2009)

From the screenshots, BFE's registry entries seem ok, except for the _*DependOnService*_ entry which lists only one dependency instead of two. BFE has two dependencies namely: _RpcSs_ (Remote Procedure Call) and _WfpLwfs_ (Microsoft Windows Filtering Platform) which is a kernel-mode driver of *boot* startup type. WfpLwfs does exist as a service in Windows 10, although I haven't confirmed this yet since I currently don't have access to a Windows 10 system, but you can quickly scroll down the list of services in RegEdit and confirm if indeed WfpLwfs exists. I am comparing your registry entries with a Windows 8.1 system, so I could be wrong about that second dependency, perhaps someone could check and confirm on Windows 10 if BFE indeed has the two dependencies or not.

As for permissions, there's also a difference between my reference system and yours. On yours, the BFE entry is owned by the _administrators_ group, but on my reference system the entry is owned by _SYSTEM_. Again, I could be wrong about this too until someone confirms it on a Windows 10 system. The rest of the permissions are okay, but Windows sometimes behaves unexpectedly even when configuration seems to be identical to that of a working system (brings to mind the issue of Store and apps suddenly not working).

If BFE indeed has WfpLwfs as a dependency on Windows 10 as it does on 8.1, I'd advice restoring BFE's registry entry to its default values (a reg export of the key from a Windows 10 system) or manually editing that key to add the missing dependency. I'd also recommend changing the owner of BFE to SYSTEM, then try to start the service again.

In the meantime, I'm setting up a quick Windows 10 system for reference to confirm assumptions made above. If your BFE entries are indeed altered from what they ought to be, I'll gladly share an export of the correct/default entries. I wouldn't recommend running the utility linked by *authenticprof* because it doesn't seem to have adequate documentation to at least explain whether it's compatible with Windows 10 assuming BFE's entries in Windows 10 are not identical to those in previous versions of Windows.


----------



## Stancestans (Apr 26, 2009)

Update:

My reference system is up and running and I can confirm that the _*DependOnService*_ entry for _BFE_ indeed lists only one service, _RpcSs_, so does BFE's properties (under *Dependencies* tab) in *Services.msc*.

_WfpLwfs (Microsoft Windows Filtering Platform)_ is not listed as a dependency for _BFE_ neither is it listed as a service under _HKLM\System~\Services_. Do not, therefore, edit the _BFE_ entry.

As for permissions, _SYSTEM_ is the owner of the _BFE_ key and *NOT* the _administrators_ group as your screenshot shows. You should definitely change it back to _SYSTEM_ then try starting the service in *Services.msc*.


----------

