Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 0.75%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.03%
6.3.9600.16384 (winblue_rtm.130821-1623) 1.26%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.03%
6.3.9600.16384 (winblue_rtm.130821-1623) 2.29%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.55%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.03%
6.2.9200.16384 (win8_rtm.120725-1247) 1.16%
6.2.9200.16384 (win8_rtm.120725-1247) 1.74%
6.2.9200.16384 (win8_rtm.120725-1247) 8.74%
6.2.9200.16384 (win8_rtm.120725-1247) 2.15%
6.2.9200.16384 (win8_rtm.120725-1247) 0.31%
6.2.9200.16384 (win8_rtm.120725-1247) 1.30%
6.2.9200.16384 (win8_rtm.120725-1247) 0.38%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.03%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.10%
6.1.7601.22149 (win7sp1_ldr.121031-1536) 0.03%
6.1.7601.22149 (win7sp1_ldr.121031-1536) 0.03%
6.1.7601.21645 (win7sp1_ldr.110119-1504) 0.03%
6.1.7601.21645 (win7sp1_ldr.110119-1504) 0.03%
6.1.7600.16385 (win7_rtm.090713-1255) 6.90%
6.1.7600.16385 (win7_rtm.090713-1255) 41.73%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW, ConvertSecurityDescriptorToStringSecurityDescriptorW, IsTextUnicode, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenThreadToken, GetSecurityDescriptorLength, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, CloseServiceHandle, GetLengthSid, AuditComputeEffectivePolicyBySid, AuditQuerySystemPolicy, AuditFree, OpenTraceW, ProcessTrace, CloseTrace, StartTraceW, EnableTraceEx, ControlTraceW, RegQueryValueExW, RegDeleteValueW, RegSetValueExW, RegEnumValueW, CopySid, LookupAccountSidW, PerfStartProvider, PerfSetULongCounterValue, PerfSetCounterSetInfo, PerfCreateInstance, PerfStopProvider, GetSecurityDescriptorControl, SetSecurityDescriptorControl, SetPrivateObjectSecurityEx, GetPrivateObjectSecurity, PrivilegeCheck, MapGenericMask, DestroyPrivateObjectSecurity, CreatePrivateObjectSecurityEx, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegisterServiceCtrlHandlerExW, SetServiceStatus, UnregisterTraceGuids, RegisterTraceGuidsA, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegQueryInfoKeyW, RegOpenKeyTransactedW, RegCreateKeyTransactedW, EqualSid
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-0.dll
UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetLastError
api-ms-win-core-errorhandling-l1-1-1.dll
UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, GetLastError
api-ms-win-core-file-l1-1-1.dll
CreateFileW, FileTimeToSystemTime
api-ms-win-core-file-l1-2-0.dll
CreateFileW
api-ms-win-core-file-l1-2-1.dll
CreateFileW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapReAlloc, HeapDestroy, HeapSize, HeapCreate, HeapFree, HeapAlloc, GetProcessHeap
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, GetProcessHeap, HeapFree, HeapSize, HeapReAlloc, HeapDestroy, HeapCreate
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange64, InterlockedExchangeAdd, InterlockedIncrement, InterlockedDecrement, InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedIncrement, InterlockedCompareExchange64, InterlockedExchange, InterlockedExchangeAdd, InterlockedDecrement, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedIncrement, InterlockedExchange, InterlockedCompareExchange64, InterlockedExchangeAdd, InterlockedCompareExchange, InterlockedDecrement
api-ms-win-core-kernel32-legacy-l1-1-0.dll
CreateFileMappingA, QueryFullProcessImageNameW
api-ms-win-core-libraryloader-l1-1-0.dll
DisableThreadLibraryCalls, FreeLibrary, LoadLibraryExA, LoadStringW, GetModuleHandleExW, GetProcAddress
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, DisableThreadLibraryCalls, GetModuleHandleExW, GetProcAddress
api-ms-win-core-libraryloader-l1-2-0.dll
LoadStringW, GetModuleHandleExW, DisableThreadLibraryCalls, GetProcAddress
api-ms-win-core-localization-l1-1-1.dll
LoadStringByReference
api-ms-win-core-memory-l1-1-1.dll
UnmapViewOfFile, MapViewOfFile, CreateFileMappingW
api-ms-win-core-memory-l1-1-2.dll
MapViewOfFile, CreateFileMappingW, UnmapViewOfFile
api-ms-win-core-processenvironment-l1-1-0.dll
ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-1-1.dll
ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-1.dll
TlsSetValue, TlsAlloc, GetProcessId, OpenProcess, GetCurrentProcessId, TlsFree, TlsGetValue, CreateThread, TerminateProcess, GetCurrentThreadId, GetCurrentThread, OpenThreadToken, GetCurrentProcess, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
TlsAlloc, TlsFree, GetProcessId, CreateThread, GetCurrentProcessId, TlsSetValue, TlsGetValue, OpenThreadToken, GetCurrentThreadId, GetCurrentThread, TerminateProcess, OpenProcess, GetCurrentProcess
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW, RegQueryValueExW, RegSetValueExW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
SHLoadIndirectString
api-ms-win-core-string-l1-1-0.dll
CompareStringW, MultiByteToWideChar, WideCharToMultiByte
api-ms-win-core-synch-l1-1-1.dll
Sleep, DeleteCriticalSection, WaitForSingleObject, CreateSemaphoreExW, CreateEventW, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, SetEvent, EnterCriticalSection, InitializeSRWLock, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseSemaphore
api-ms-win-core-synch-l1-2-0.dll
ReleaseSemaphore, DeleteCriticalSection, CreateSemaphoreExW, CreateEventW, ReleaseSRWLockShared, SetEvent, EnterCriticalSection, AcquireSRWLockShared, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, ReleaseSRWLockExclusive, Sleep, AcquireSRWLockExclusive, InitializeSRWLock, WaitForSingleObject
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTime, GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetSystemTime, GetTickCount64, GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-1.dll
GetSystemTime, GetTickCount, GetSystemTimeAsFileTime, GetTickCount64
api-ms-win-core-threadpool-l1-1-1.dll
SetThreadpoolTimer, RegisterWaitForSingleObjectEx, WaitForThreadpoolTimerCallbacks, UnregisterWaitEx, CreateThreadpoolTimer, CloseThreadpoolTimer, DeleteTimerQueueTimer, CreateTimerQueueTimer, DeleteTimerQueueEx, CreateTimerQueue
api-ms-win-core-threadpool-l1-2-0.dll
SetThreadpoolTimer, WaitForThreadpoolTimerCallbacks, CloseThreadpoolTimer, CreateThreadpoolTimer
api-ms-win-core-threadpool-legacy-l1-1-0.dll
DeleteTimerQueueEx, CreateTimerQueue, UnregisterWaitEx, DeleteTimerQueueTimer, CreateTimerQueueTimer
api-ms-win-core-threadpool-private-l1-1-0.dll
RegisterWaitForSingleObjectEx
api-ms-win-core-timezone-l1-1-0.dll
FileTimeToSystemTime
api-ms-win-core-util-l1-1-0.dll
EncodePointer, DecodePointer
api-ms-win-eventing-consumer-l1-1-0.dll
CloseTrace, OpenTraceW, ProcessTrace
api-ms-win-eventing-controller-l1-1-0.dll
StartTraceW, EnableTraceEx2, ControlTraceW
api-ms-win-eventing-provider-l1-1-0.dll
EventWriteTransfer
api-ms-win-legacy-kernel32-l1-1-0.dll
CreateFileMappingA, QueryFullProcessImageNameW
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalFree, LocalAlloc
api-ms-win-obsolete-shlwapi-l1-1-0.dll
SHLoadIndirectString, StrDupW, StrStrIW, StrChrW
api-ms-win-security-base-l1-1-0.dll
CreatePrivateObjectSecurityEx, DestroyPrivateObjectSecurity, PrivilegeCheck, GetSecurityDescriptorControl, SetSecurityDescriptorControl, SetPrivateObjectSecurityEx, GetLengthSid, CopySid, EqualSid, GetPrivateObjectSecurity, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, MapGenericMask, GetSecurityDescriptorLength, InitializeAcl, AddAccessAllowedAce, CreateWellKnownSid, AllocateAndInitializeSid, FreeSid
api-ms-win-security-base-l1-2-0.dll
EqualSid, GetLengthSid, CopySid, AllocateAndInitializeSid, FreeSid, InitializeAcl, PrivilegeCheck, AddAccessAllowedAce, MapGenericMask, SetPrivateObjectSecurityEx, SetSecurityDescriptorControl, GetSecurityDescriptorControl, GetPrivateObjectSecurity, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, CreatePrivateObjectSecurityEx, DestroyPrivateObjectSecurity, CreateWellKnownSid
authz.dll
AuthzFreeResourceManager, AuthzInitializeContextFromSid, AuthzInitializeResourceManager, AuthziFreeAuditEventType, AuthzFreeAuditEvent, AuthziLogAuditEvent, AuthziInitializeAuditEvent, AuthziInitializeAuditParamsFromArray, AuthziInitializeAuditEventType, AuthzGetInformationFromContext, AuthzFreeContext, AuthzAccessCheck
dnsapi.dll
DnsValidateName_W
kernel32.dll
CompareStringW, InterlockedIncrement, InterlockedDecrement, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, InterlockedCompareExchange64, GetTickCount, QueryPerformanceCounter, CreateTimerQueueTimer, DeleteTimerQueueTimer, DeleteTimerQueueEx, CreateTimerQueue, CreateSemaphoreW, InterlockedExchange, ReleaseSemaphore, WaitForSingleObject, CreateFileW, Sleep, GetCurrentThread, TlsAlloc, TlsGetValue, TlsSetValue, GetCurrentProcessId, ExpandEnvironmentStringsW, CreateThread, RegCreateKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryInfoKeyW, RegSetValueExW, RegDeleteValueW, RegQueryValueExW, RegEnumValueW, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, UnregisterWaitEx, RegisterWaitForSingleObject, InterlockedExchangeAdd, GetCurrentThreadId, HeapCreate, TlsFree, EncodePointer, LocalAlloc, LocalFree, GetCurrentProcess, GetProcessId, WideCharToMultiByte, MultiByteToWideChar, HeapFree, HeapAlloc, HeapReAlloc, HeapDestroy, CreateEventW, UnregisterWait, CloseHandle, DecodePointer, SetEvent, InterlockedCompareExchange, GetLastError, DelayLoadFailureHook, LoadLibraryA, FreeLibrary, GetProcAddress, DisableThreadLibraryCalls, GetModuleHandleExW
msvcrt.dll
DllMain
ntdll.dll
EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwTraceMessage, RtlNtStatusToDosError, EtwEventRegister, EtwEventUnregister, EtwEventActivityIdControl, EtwEventWrite, RtlInsertEntryHashTable, RtlGetNextEntryHashTable, RtlLookupEntryHashTable, RtlRemoveEntryHashTable, RtlEndEnumerationHashTable, RtlEnumerateEntryHashTable, RtlInitEnumerationHashTable, RtlDeleteHashTable, RtlCreateHashTable, RtlIpv4AddressToStringA, RtlIpv6AddressToStringA, RtlEthernetAddressToStringA, RtlGetSaclSecurityDescriptor, RtlValidRelativeSecurityDescriptor, RtlValidSid, NtQueryObject, RtlSetThreadPreferredUILanguages, RtlContractHashTable, RtlExpandHashTable, RtlAdjustPrivilege, RtlIpv4AddressToStringW, RtlIpv6AddressToStringW, RtlIntegerToUnicodeString, EtwEventEnabled, RtlLengthSecurityDescriptor, RtlEqualSid, TpSetTimer, TpWaitForTimer, TpIsTimerSet, RtlCreateServiceSid, RtlInitUnicodeString, TpReleaseTimer, TpAllocTimer, RtlAbsoluteToSelfRelativeSD, RtlSetOwnerSecurityDescriptor, RtlSelfRelativeToAbsoluteSD2, RtlGetOwnerSecurityDescriptor, RtlAllocateHeap, NtDeviceIoControlFile, WinSqmAddToStream, WinSqmSetDWORD, WinSqmIsOptedIn, RtlLengthSid, RtlNumberOfSetBits, RtlInitializeBitMap, RtlGetCurrentTransaction, RtlSetCurrentTransaction, DbgBreakPoint, RtlFreeUnicodeString, RtlConvertSidToUnicodeString, RtlFreeHeap, RtlApplicationVerifierStop, RtlSubAuthorityCountSid, NtCreateTransaction
rpcrt4.dll
RpcBindingVectorFree, MesHandleFree, NdrMesTypeDecode2, NdrMesTypeEncode2, RpcRaiseException, RpcServerUseProtseqW, RpcServerRegisterIfEx, RpcServerInqBindings, RpcEpRegisterW, RpcFreeAuthorizationContext, RpcGetAuthorizationContextForClient, RpcImpersonateClient, RpcRevertToSelf, RpcEpUnregister, UuidFromStringW, RpcServerUnregisterIfEx, UuidCreate, RpcServerInqCallAttributesW, NdrServerCall2, I_RpcExceptionFilter, MesEncodeDynBufferHandleCreate, MesDecodeBufferHandleCreate, NdrMesTypeFree2, RpcServerRegisterIf3, I_RpcBindingInqLocalClientPID
secur32.dll
LsaRegisterPolicyChangeNotification, LsaUnregisterPolicyChangeNotification
slc.dll
SLGetWindowsInformationDWORD
Export table
BfeGetDirectDispatchTable
BfeOnServiceStartTypeChange
BfeServiceMain
SvchostPushServiceGlobals

bfe.dll

Base Filtering Engine by Microsoft

Remove bfe.dll
Version:   6.2.9200.16384 (win8_rtm.120725-1247)
MD5:   dcdbab16d309f7f0ace28507cb35561d
SHA1:   630541735db79eb08ffe922fd98fd9bebebe55e0
SHA256:   c6ec3038ad377773ed03f76e762b99402c086555b525a9c0d0cec62496c94b7c
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is bfe.dll?

The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

About bfe.dll (from Microsoft)

Windows Filtering Platform (WFP) is a network traffic processing platform designed to replace the Windows XP and Windows Server 2003 network traffic filtering interfaces. WFP consists of a set of hook

DetailsDetails

File name:bfe.dll
Publisher:Microsoft Corporation
Product name:Base Filtering Engine
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\bfe.dll
Original name:BFE.DLL.MUI
File version:6.2.9200.16384 (win8_rtm.120725-1247)
Product version:6.2.9200.16384
Size:462.5 KB (473,600 bytes)
Digital DNA
PE subsystem:Windows Console
Entropy:6.188336
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks
  • The job 'BfeOnServiceStartTypeChange' in the path '\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange'
  • Entry path '\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange'
Hosted services
Runs as a shared service under the Windows svcHost
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'
  • Shared name is 'BFE'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 32.00%
Windows 8.1 16.50%
Windows 7 Ultimate 15.00%
Windows 8.1 Pro 9.00%
Windows 7 Professional 7.00%
Windows 8.1 Single Language 4.00%
Windows 8 3.00%
Windows 8 Single Language 3.00%
Windows 8 Pro 3.00%
Windows 8.1 Pro with Media Center 2.00%
Windows 8.1 N 1.00%
Windows 8 Enterprise N 1.00%
Windows Seven Black Edition 1.00%
Windows 7 Home Basic 1.00%
Windows 8.1 Enterprise Evaluation 1.00%
Windows Vista Home Premium 0.50%

Distribution by countryDistribution by country

United States installs about 49.75% of Base Filtering Engine.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 24.51%
Hewlett-Packard 18.58%
ASUS 15.81%
Acer 11.07%
Toshiba 9.49%
Lenovo 7.91%
Sony 5.53%
Samsung 1.98%
GIGABYTE 1.98%
Alienware 1.58%
Intel 1.58%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE