How to verify the Endpoint Agent file system Mini-Filter Driver is working
Article ID: 160233
Data Loss Prevention Endpoint Prevent
Data Loss Prevention Endpoint Discover
Verifying that the Endpoint Agent file System Mini-Filter Driver is working properly. Mini-Filter is used for USB detection.
Relevant version: 7.0 and above
To verify that the Endpoint agent file system mini-filter driver is working properly:
- Verify that the vfsmfd.sys file is present in the <windir>\system32\drivers directory.
- From the command line, run the command, fltmc.
- If the agent service is running, you should see two instances of the driver vfsmfd.
- If you do not see this, stop the Endpoint agent service.
- Try to manually load the driver by running fltmc load vfsmfd. If there is an error, the driver might not have been properly installed or cannot run on the system.
- To manually unload the driver, run the command, fltmc unload vfsmfd.
- If the agent service is not running, you should not see any entry for vfsmfd.