Base Filtering Engine (BFE) Service Defaults in Windows 7

The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

Default Settings

Startup type:Automatic
Display name:Base Filtering Engine
Service name:BFE
Service type:share
Error control:normal
Object:NT AUTHORITY\LocalService
Path:%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
  • SeAuditPrivilege

Default Behavior

Base Filtering Engine is a Win32 service. In Windows 7 it is starting automatically on the operating system startup. Then the Base Filtering Engine service is running as NT AUTHORITY\LocalService in a shared process of svchost.exe. Other system components, such as drivers and services, may run in the same process. If Base Filtering Engine fails to start, Windows 7 attempts to write the failure details into Event Log. Then Windows 7 startup should proceed and the user should be notified that the BFE service is not running because of the error.


Base Filtering Engine is unable to start, if the Remote Procedure Call (RPC) service is stopped or disabled.

If Base Filtering Engine is stopped, the following services cannot start:

Restore Default Startup Configuration for Base Filtering Engine

1. Select your Windows 7 edition and service pack, and then click Download.

2. Save the Win7_BFE_Service_Startup.cmd file to a local storage device.

3. Run the saved file as an administrator.

4. Restart the computer.

The BFE service is using the bfe.dll file that is located in the %WinDir%\System32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 7 installation media.