Registry steps to overcome Base Filtering Engine (BFE) issue and successfully install Endpoint Protection 12.1 RU1 and above client
Last Updated June 15, 2017
You are unable to install the Symantec Endpoint Protection (SEP) client on Windows 7 and above due to an error stating the Base Filtering Engine service is stopped or missing.
Base Filtering Engine (BFE) service is not running. Please ensure it is enabled before installing Symantec Endpoint Protection.
This will happen if the Windows Base Filtering Engine service is stopped or missing.
The Base Filtering Engine (BFE) is a Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Intrusion Prevention in Symantec Endpoint Protection requires the Base Filtering Engine to be running. If the Base Filtering Engine is stopped, Intrusion Prevention cannot make detections.
Download the BFE service registry hive (Export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE from another working Windows system of same the same build)
Launch (import) the registry key on the Windows system that is unable to install SEP
Restart the PC
Open the Run window, type regedit and click OK
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on the BFE key and choose Permissions
Click on Add and type Everyone and click OK
Click on Everyone from the list
Select Full Control and click OK
Open the Run window once more, type services.msc and click OK
Start the Base Filtering Engine and Windows Firewall services