Microsoft WFP Message Capture (wfpcapture) Service Defaults in Windows 10

Microsoft WFP Message Capture.

Default Settings

Startup type:Manual
Display name:Microsoft WFP Message Capture
Service name:wfpcapture
Service type:kernel
Error control:normal
Group:NDIS
Path:%SystemRoot%\System32\drivers\wfpcapture.sys
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wfpcapture

Default Behavior

Microsoft WFP Message Capture is a kernel device driver. In Windows 10 it is starting only if the user, an application or another service starts it. If Microsoft WFP Message Capture fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the wfpcapture service has failed to start due to the error.

Restore Default Startup Configuration for Microsoft WFP Message Capture

1. Run the Command Prompt as an administrator.

2. Copy the command below, paste it into the command window and press ENTER:

sc config wfpcapture start= demand

3. Close the command window and restart the computer.

The wfpcapture service is using the wfpcapture.sys file that is located in the %WinDir%\System32\drivers folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 10 installation media.