Solved

Base Filtering Engine and Windows Firewall Services Missing on Server 2008 R2

Posted on 2015-02-04
5
491 Views
Last Modified: 2015-02-06
We are working on a Windows Server 2008 R2 machine, and found that the Windows Firewall and BFE services are missing in services.msc. We've tried the following to get them back:

- Ran sfc /scannow
- Checked the registry permissions as directed here. When we try to give permissions to the NT Service\BFE account, it says the account cannot be found.
- I found a tool called Tweaking.com Windows Repair that was recommended to fix this issue, but it appears to be for WIndows workstations rather than servers, so I don't know if that will fix this.
0
Comment
Question by:PIMSupport
  • 3
  • 2
5 Comments
 
LVL 44

Expert Comment

by:Darr247
Comment Utility
Usually it's serious malware infections that do the kind of damage described... is this machine allowed to be used for general surfing access? With Internet Explorer?

Because if it is, I would recommend wiping it and restoring the backup image... that would be faster than trying to fix it. You're not even sure what all has been damaged; the lack of the base filtering engine stopping other services from starting is just the symptom you noticed first.

If you don't have a backup image, I suggest referring to this EE article to start.
i.e. run RogueKiller, and when it finishes its initial scan, minimize it without telling it to fix anything (during its initial scan it will kill any processes it thinks are virus-like, and which may prevent other cleaners from starting), then run a full scan with MalwareBytes AntiMalware (follow the 'how to use' directions on that page).
0
 
LVL 42

Accepted Solution

by:
Davis McCarn earned 500 total points
Comment Utility
From Tweaking.com:
"For Windows XP, 2003, Vista, 2008, 7, 8, 8.1, 2012 (32 & 64 Bit)"
http://www.tweaking.com/content/page/windows_repair_all_in_one.html

But; as Darr247 suggested, those services were almost undoubtedly deleted by malware and I use 3 tools to detect and remove:
http://www.bleepingcomputer.com/download/roguekiller/ (I let it scan and clean what it finds)
http://www.bleepingcomputer.com/download/tdsskiller/ (finds Trojans embedded in driver files)
http://www.bleepingcomputer.com/download/adwcleaner/  ( I haven't had to run this on a server yet; but, it has never yet hurt matters!)

Run all 3 of the tools and then an antivirus scan before running the repair tool.  You want it to be clean, first!
0
 
LVL 44

Expert Comment

by:Darr247
Comment Utility
But within 2 weeks, you will very-likely find other stuff that was damaged, too... and those other damages typically provide vectors for re-infection without having to return to the site of the original infection.

If you don't have a backup image of a clean install, you should start working on a clean install on a secondary machine so you can make a backup image for the next time this or something similar happens.
0
 
LVL 42

Expert Comment

by:Davis McCarn
Comment Utility
Darr247,
I have been servicing PC's for 38 years now and have seen in excess of 150,000 problems. The process I outlined cleans 95+% of the PC's I see on a regular basis and Tweaking.com's repair tool has rescued hundreds from otherwise irreparably damaged Windoze installations by restoring the defaults existant prior to the malware's infestation.
I, in fact, don't consider a "reinstall" to be fixing the PC and have only had to do 3 in the last three years.

P.S. You forgot to mention that the "clean install on a secondary machine" must be a hardware match for the target PC.
0
 
LVL 44

Expert Comment

by:Darr247
Comment Utility
Yes, well any "production" server should have a 'hardware match' backup, AND a backup image.  Not to mention production servers should have severely limited user access to prevent precisely the type of problem with which this thread deals.  If it's not a production server, then I suggest they should have bought Home Server 2011, instead.
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now