Hi :wavey: :welcome: to TSF!

Let's see the entries and permissions for BFE in the Registry. Open RegEdit, navigate to HKEY\LOCAL_MACHINE\System\CurrentControlSet\Services\BFE then take a screenshot of the Registry Editor window showing the entries and values for BFE. Next, right-click BFE, select "Permissions..." click on Advanced then take a screenshot of the Advanced Security Settings for BFE window that opens. Post the two screenshots in your next reply.

 

Hi, Thanks for the fast reply. I hope these are the right screenshots required!

 

First Check if the BFE services are showing in the Services list and is started. to check.

1. Click on Start
2. in the Search box type "services.msc" (without quotes) and hit enter key

When the Services window opens up check for "Base Filtering Engine".

If it is showing, check if it is started. If not then start it and the error should go.

If it is not showing up in the list then go to http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

Double-click on the downloaded file.
It will take few seconds only.
Once complete, it will show ... "Done! Please check if BFE service is running now"

 

From the screenshots, BFE's registry entries seem ok, except for the DependOnService entry which lists only one dependency instead of two. BFE has two dependencies namely: RpcSs (Remote Procedure Call) and WfpLwfs (Microsoft Windows Filtering Platform) which is a kernel-mode driver of boot startup type. WfpLwfs does exist as a service in Windows 10, although I haven't confirmed this yet since I currently don't have access to a Windows 10 system, but you can quickly scroll down the list of services in RegEdit and confirm if indeed WfpLwfs exists. I am comparing your registry entries with a Windows 8.1 system, so I could be wrong about that second dependency, perhaps someone could check and confirm on Windows 10 if BFE indeed has the two dependencies or not.

As for permissions, there's also a difference between my reference system and yours. On yours, the BFE entry is owned by the administrators group, but on my reference system the entry is owned by SYSTEM. Again, I could be wrong about this too until someone confirms it on a Windows 10 system. The rest of the permissions are okay, but Windows sometimes behaves unexpectedly even when configuration seems to be identical to that of a working system (brings to mind the issue of Store and apps suddenly not working).

If BFE indeed has WfpLwfs as a dependency on Windows 10 as it does on 8.1, I'd advice restoring BFE's registry entry to its default values (a reg export of the key from a Windows 10 system) or manually editing that key to add the missing dependency. I'd also recommend changing the owner of BFE to SYSTEM, then try to start the service again.

In the meantime, I'm setting up a quick Windows 10 system for reference to confirm assumptions made above. If your BFE entries are indeed altered from what they ought to be, I'll gladly share an export of the correct/default entries. I wouldn't recommend running the utility linked by authenticprof because it doesn't seem to have adequate documentation to at least explain whether it's compatible with Windows 10 assuming BFE's entries in Windows 10 are not identical to those in previous versions of Windows.

 

Update:

My reference system is up and running and I can confirm that the DependOnService entry for BFE indeed lists only one service, RpcSs, so does BFE's properties (under Dependencies tab) in Services.msc.

WfpLwfs (Microsoft Windows Filtering Platform) is not listed as a dependency for BFE neither is it listed as a service under HKLM\System~\Services. Do not, therefore, edit the BFE entry.

As for permissions, SYSTEM is the owner of the BFE key and NOT the administrators group as your screenshot shows. You should definitely change it back to SYSTEM then try starting the service in Services.msc.