Can't start Windows Firewall; Windows Firewall service missing fix

121 posts in this topic

Posted · Report post

The above issue is often caused by computer's infection.
If Windows firewall problem started at the time your computer got infected save yourself a lot of time by running the following tool first.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In most cases you'll see following errors:

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


If that's the case the fix is listed below. If you have a different error message, sign up at our forum and we'll try to help you out.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek...system-restore/


Download Vista.zip or Seven.zip (depending on your Windows version) file from here: http://www.smartestc...y-network-keys/
Unzip the file.
You'll find several files inside.
Right click on bfe.reg file, click "Merge".
Allow registry merge.
Right click on mpssvc.reg file, click "Merge".
Allow registry merge.

Restart computer.

Click Start and in "Start search" type in:
regedit
Press Enter.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Alow" in "Full control" row.
Click OK.

In a set of files you downloaded in previous step find start_services.bat.
Right click on it, click "Run As Administrator" to run the fix.

Check on firewall issue.

IMPORTANT!
In case you have any "legacy_xxx" key missing you have to perform the following BEFORE importing any "legacy" key.
NOTE. There are different instruction for Windows XP and Windows Vista/7

Windows XP.

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
When done with registry key(s) import.....
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Windows Vista/7.

Download PsExec.exe to your desktop (IMPORTANT!)
Go Start and in "Start search" type in:
cmd
Hold CTRL and SHIFT keys, press Enter.
Command prompt window will open.
Copy and paste following command:

"%userprofile%\desktop\psexec" -i -d -s c:\windows\regedit.exe

Press Enter.
Registry Editor will open.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
When done with registry key(s) import.....
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.


===================
NOTE. I'd like to thank narenxp from http://www.bleepingc...ter.com/forums/ for some very valuable advice


======================================================================================================
======================================================================================================

If your problem has nothing to do with any infection then you can investigate further....

Go Start>Run type in:
services.msc (Vista and Windows 7 users type this in "Start search")
Click OK (Vista and Windows 7 users press Enter)

In services window scroll down to Window Firewall service.
Make sure "Startup type" is set to "Automatic".

If Windows Firewall service is missing it can be caused by missing/corrupted registry key(s).
Check following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - this is Windows Firewall service key, which depends on following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc - Windows Firewall Authorization Driver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE - Base Filtering Engine


Also check in Device Manager if the above driver (Windows Firewall Authorization Driver) is present and correctly set.
Go to Device Manager, click on "View" tab and select show hidden devices.
Expand "No plug and play drivers", select Windows firewall authorization driver.
Right click on it and click "Properties".
Click on "Driver" tab.
Set "Startup" to "Demand" and click on "Start" button"

References:
MichaelPlatts - 5 parts article
Part 1 - http://blogs.technet...troduction.aspx
Part 2 - http://blogs.technet...ermissions.aspx
Part 3 - http://blogs.technet...ermissions.aspx
Part 4 - http://blogs.technet...ege-access.aspx
Part 5 - http://blogs.technet...pendencies.aspx

Share this post


Link to post
Share on other sites

Posted · Report post

Just wanted to say thanks. I was attempting to install F-Secure on my daughter's laptop and the installation was failing. Customer service at F-Secure was not much help. I decided to check the Windows firewall and found that the service was missing. I tried Microsoft help but that didn't get me far. A google search led me to this thread and it worked very well. I was able to restore the Windows Firewall and successfully install F-Secure.

Thanks again.

John

Share this post


Link to post
Share on other sites

Posted · Report post

You're very welcome :smiley_says_hello:

Share this post


Link to post
Share on other sites

Posted · Report post

Thanks for the previous dialog here. I searched "far and wide" to find this finally relevant solution to my problem. I was going along fine until I got to merging the missing bfe and MpsSvc registry items. Like the original poster, both are missing from my registry after getting rid of Vista Security 2012 virus. When I right click on the file, and click merge, a notepad opens up with the registry info, but that's all. I get no option box to allow merging. I'm not confident enough to edit my registry without some further direction so, at this point I'm stuck. Can you give any insight into why I do not get an option on allowing a merge or more detailed steps to cut and paste the two missing registry entries? Thanks!

I'm using Vista.

Share this post


Link to post
Share on other sites

Posted · Report post

You may have file association settings messed up.

What happens when you double click on .reg file?

Is it Vista computer?

Share this post


Link to post
Share on other sites

Posted · Report post

It is a Dell laptop with Vista operating system.

When I double click on the file, the same thing happens, Notepad opens with the registry data for the file.

Share this post


Link to post
Share on other sites

Posted · Report post

went to the link downloaded rg from matrix board extracted and trird merge but still same resut notepad file opens, but no allow merge popup box.

Share this post


Link to post
Share on other sites

Posted · Report post

Go Start and in "Start search" type:

regedit

Press Enter.

Registry editor will open.

Navigate to:

HKEY_CLASSES_ROOT\.REG

If the key is present (if it's not, skip this step), right click on .REG, click "Export".

Save the file to known location like your desktop.

Now go File>Import (top menu).

Navigate to unzippped file you just downloaded (regfix_vista.reg).

Select that file, click "Open" button.

Confirm the prompt.

Restart computer and see if the issue is solved.

Share this post


Link to post
Share on other sites

Posted · Report post

Not sure what happened with last post but it was supposed to say:

I went to the link and downloaded reg from the matrix. I extracted it and tried to merge, but with the same result, notepad opens but no allow merge pop up box option.

Share this post


Link to post
Share on other sites

Posted · Report post

Your other post is still there :)

Read my previous reply.

Share this post


Link to post
Share on other sites

Posted · Report post

That procedure allowed me to edit the registry it seems, but still no Firewall service I ran the FSS again and here is the report log belowl. Do you think I need to do the same thing for the bfe and MpsSvc keys?

Farbar Service Scanner

Ran by Ruby (administrator) on 17-01-2012 at 14:23:22

Windows Vista Home Basic Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2011-11-08 20:31] - [2011-09-20 16:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

Posted · Report post

You still have 4 registry keys missing:

mpssvc.reg

bfe.reg

legacy_bfe

legacy_mpssvc.reg

Share this post


Link to post
Share on other sites

Posted · Report post

Procedure to merge the regfix and the bfe key seemed to complete. Have restarted but still no firewall. Tried to merge the other missing keys above, but could not. legacy_mpssve gives "..Error accessing the registry." same for legacy_sdrsvc. Legacy_bfe does not appear in the list of registry key fixes. Here is my latest log:

Farbar Service Scanner

Ran by Ruby (administrator) on 17-01-2012 at 16:00:32

Windows Vista Home Basic Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2011-11-08 20:31] - [2011-09-20 16:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

Posted · Report post

legacy_mpssvc.reg is still missing.

Share this post


Link to post
Share on other sites

Posted · Report post

that's right, when I try to merge it I get this error message from the Registry editor: Cannot import ...legacy_mpssvc.reg. Error accessing the registry.

Any ideas?

Share this post


Link to post
Share on other sites

Posted · Report post

...and the error says?

Share this post


Link to post
Share on other sites

Posted · Report post

the error says: "Cannot import ... legacy_mpssvc.reg. Error accessing the registry.

Any ideas?

Share this post


Link to post
Share on other sites

Posted · Report post

this is the third time I've included what the error messge is and I'm wondering if somehow that part of my message is not showing up on your end?? :-)

Share this post


Link to post
Share on other sites

Posted · Report post

Did you?

Click Start and in "Start search" type in:

regedit

Press Enter.

Registry editor will open.

Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on BFE key, click "Permissions"

Click on Add button, type Everyone and click OK.

Now click once on Everyone

Below, in "Permissions" pane checkmark "Alow" in "Full control" row.

Share this post


Link to post
Share on other sites

Posted · Report post

Oh, I know what's going on.

Please go back to my original post, which I just edited and read "IMPORTANT!" section.

Share this post


Link to post
Share on other sites

Posted · Report post

did that and restarted, still get same error message.

By the way, many thanks for your ongoing help with this.

Share this post


Link to post
Share on other sites

Posted · Report post

Did you read my previous reply?

Share this post


Link to post
Share on other sites

Posted · Report post

sorry i did not will do and let you know. Thanks

Share this post


Link to post
Share on other sites

Posted · Report post

When I try this, I get an error message: UNABLE TO SAVE PERMISSION CHANGES ON ROOT. ACCESS IS DENIED. I was able to merge the legacy dfe key and I was able to add full permission for everyone as well. I ran regedit as administrator as well, still unable to save permissoin.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now