Registry steps to overcome Base Filtering Engine (BFE) issue and successfully install Endpoint Protection client


Article ID: 155929


Updated On:


Endpoint Protection


You are unable to install the Symantec Endpoint Protection (SEP) client on Windows 7 and above due to an error stating the Base Filtering Engine service is stopped or missing.

Base Filtering Engine (BFE) service is not running. Please ensure it is enabled before installing Symantec Endpoint Protection.


This will happen if the Windows Base Filtering Engine service is stopped or missing.

The Base Filtering Engine (BFE) is a Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Intrusion Prevention in Symantec Endpoint Protection requires the Base Filtering Engine to be running. If the Base Filtering Engine is stopped, Intrusion Prevention cannot make detections.


  1. Download the BFE service registry hive (Export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE from another working Windows system of same the same build)
  2. Launch (import) the registry key on the Windows system that is unable to install SEP
  3. Restart the PC
  4. Open the Run window, type regedit and click OK
  5. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
  6. Right click on the BFE key and choose Permissions
  7. Click on Add and type Everyone and click OK
  8. Click on Everyone from the list
  9. Select Full Control and click OK
  10. Open the Run window once more, type services.msc and click OK
  11. Start the Base Filtering Engine and Windows Firewall services
  12. Install the SEP client

See also Here


Elroy.JPG get_app