EDPA and WDP services fail to start after installing DLP Endpoint Agent


Article ID: 169618


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


The EDPA service starts and then stops after installation of Data Loss Prevention (DLP) Endpoint Agent. The WDP service may also start and stop.

Manual attempts to start the services results in an access denied error.

| Network.NetworkConnector | Message : Failed to Query BFE service status.

| Network.NetworkConnector | Message : Failed to start BFE service, network connector will not start.


The "Base Filtering Engine" (BFE) Service must be running to communicate with the DLP Network Drivers, and for the DLP Agent to function. Without it, neither EDPA nor WDP services can start.

"Base Filtering Engine" (BFE) is a service that controls the operation of the Windows Filtering Platform (WFP). WFP is a network traffic processing platform. WFP allows software to “hook” into the Windows networking stack and perform such functions as firewall, traffic shaping, filtering, and accounting.

For a new install of the DLP Endpoint Agent, the Install.log may not indicate any problems because BFE status is not checked during the installation.

After a successful installation, both the EDPA and WDP services default to the “Automatic” start mode and are running. Without BFE, both services default to the “Manual” start mode. The “Manual” start mode prevents the DLP network drivers from working. In addition, manual attempts to start the services fail with a permissions violation.

For more information on this service, in relation to the WFP, see this Microsoft Dev Center article: https://msdn.microsoft.com/en-us/library/windows/desktop/aa363967(v=vs.85).aspx


  1. In the Windows Control Panel, go to System and Security > Administrative Tools > Computer Management.
  2. Go to Services and Applications > Services.
  3. Double-click the "Base Filtering Engine" service.
  4. On the General tab, change Startup type to "Automatic."
  5. Click Start.