Hi everybody, a question. I have seen many cases where Windows Firewall and Base Filtering Engine were disappeared as service in Windows 7. I've a procedure to reactivate those services (copying the correct registry keys from a working machine and giving correct permission) and this solve the problems with Windows Firewall. I've always tried to perform a scan in safe mode with malwarebytes or superantispyware, forefront is installed on the machine, but I've never found any virus. I am wondering why the services disappear? How can I perform other troubleshooting to understand the cause? thanks

Hi, Please enable audit on the registry hive and check which user delete the keys. Also, just give full control to System account on these keys. This will prevent the other users from deleting them.Juke Chou TechNet Community Support

Hello Jsabina, Disappearing Firewall & BFE services are a tell-tale sign of serious malware infections, typically a rogue malware, which may or may not also include a rootkit or bootkit as well. You cannot rely on just 1 or 2 tools. It usually takes a battery of tools to remove all traces. You can't only just run tools in Safe mode. You should also scan in Normal mode with MalwareBytes MBAM using Full scan option. Any infected systems should be disconneted from network and internet. If the systems have financial or sensitive information, follow up to report compromise of data. If these are business systems, they should be wipe the HDD and re-image system from recent (clean) backups. To re-iterate, it is not enough to simply restore the "missing" services.Maurice Naggar ~ MS-MVP (Oct 2002 - Sept 2010) DTS-L