How to verify the Endpoint Agent file system Mini-Filter Driver is working

book

Article ID: 160233

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

Verifying that the Endpoint Agent file System Mini-Filter Driver is working properly.  Mini-Filter is used for USB detection.

Resolution

Relevant version:  7.0 and above

To verify that the Endpoint agent file system mini-filter driver is working properly: 

  1. Verify that the vfsmfd.sys file is present in the <windir>\system32\drivers directory.
  2. From the command line, run the command, fltmc. 
  3. If the agent service is running, you should see two instances of the driver vfsmfd. 
  4. If you do not see this, stop the Endpoint agent service. 
  5. Try to manually load the driver by running fltmc load vfsmfd. If there is an error, the driver might not have been properly installed or cannot run on the system. 
  6. To manually unload the driver, run the command, fltmc unload vfsmfd. 
  7. If the agent service is not running, you should not see any entry for vfsmfd.