How to verify the Endpoint Agent file system Mini-Filter Driver is working


Article ID: 160233


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover


Verifying that the Endpoint Agent file System Mini-Filter Driver is working properly.  Mini-Filter is used for USB detection.


Relevant version:  7.0 and above

To verify that the Endpoint agent file system mini-filter driver is working properly: 

  1. Verify that the vfsmfd.sys file is present in the <windir>\system32\drivers directory.
  2. From the command line, run the command, fltmc. 
  3. If the agent service is running, you should see two instances of the driver vfsmfd. 
  4. If you do not see this, stop the Endpoint agent service. 
  5. Try to manually load the driver by running fltmc load vfsmfd. If there is an error, the driver might not have been properly installed or cannot run on the system. 
  6. To manually unload the driver, run the command, fltmc unload vfsmfd. 
  7. If the agent service is not running, you should not see any entry for vfsmfd.