Base Filtering Engine (BFE) Service Defaults in Windows 10

The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

Default Settings

Startup type:Automatic
Display name:Base Filtering Engine
Service name:BFE
Service type:share
Error control:normal
Group:NetworkProvider
Object:NT AUTHORITY\LocalService
Path:%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
File:%SystemRoot%\System32\bfe.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
Privileges:
  • SeAuditPrivilege

Default Behavior

Base Filtering Engine is a Win32 service. In Windows 10 it is starting automatically when the operating system starts. Then the Base Filtering Engine service is running as NT AUTHORITY\LocalService in a shared process of svchost.exe along with other services. If Base Filtering Engine fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the BFE service has failed to start due to the error.

Dependencies

Base Filtering Engine cannot be started under any conditions, if the Remote Procedure Call (RPC) service is disabled.

While Base Filtering Engine is stopped, disabled or working incorrectly, the following services do not start:

Restore Default Startup Configuration for Base Filtering Engine

1. Select your Windows 10 edition and release, and then click Download.

2. Save the Win10_BFE_Service_Startup.cmd file to a local storage device.

3. Run the saved file as an administrator.

4. Restart the computer.

The BFE service is using the bfe.dll file that is located in the %WinDir%\System32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 10 installation media.