Data Loss Prevention (DLP)
After installation of DLP Agent, the EDPA service starts and then stops.
The WDP service may also start and stop.
The EDPA and WDP services fail to start.
Manual attempts to start the services results in an access denied error.
| Network.NetworkConnector | Message : Failed to Query BFE service status.
| Network.NetworkConnector | Message : Failed to start BFE service, network connector will not start.
"Base Filtering Engine" (BFE) is a service that controls the operation of the Windows Filtering Platform (WFP). WFP is a network traffic processing platform. WFP allows software to “hook” into the Windows networking stack and perform such functions as firewall, traffic shaping, filtering, and accounting.
The BFE service must be running to communicate with the DLP Network Drivers.
For more information on this service, in relation to the WFP, see this Microsoft Dev Center article:
Data Loss Prevention Endpoint Agent 14.5 and 14.6.
The "Base Filtering Engine" (BFE) Service must be running for the DLP agent to function. Without it, neither EDPA nor WDP services can start.
For a new install of the Endpoint Agent, the Install.log may not indicate any problems because BFE status is not checked during the installation.
After a successful installation, both the EDPA and WDP services default to the “Automatic” start mode and are running. Without BFE, both services default to the “Manual” start mode. The “Manual” start mode prevents the DLP network drivers from working. In addition, manual attempts to start the services fail with a permissions violation.
Set the Startup type for the "Base Filtering Engine" service to "Automatic" and start it.
Go to Control Pane > System and Security > Administrative Tools > Computer Management > Services. Double click the service. On the general tab change the startup type to automatic.