DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 816071 - Last Review: March 9, 2009 - Revision: 6.1

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

On This Page

SUMMARY

This article describes how to deactivate the kernel mode filter driver without removing the corresponding software. You may want to deactivate the filter driver when you are troubleshooting the following issues:
  • File copy or backup problems.
  • Program errors that occur when you are opening files from network drives or you are saving files to network drives. For additional information about these program errors, click the following article number to view the article in the Microsoft Knowledge Base:
    814112  (http://support.microsoft.com/kb/814112/ ) Files on network shares open slowly or read-only or you receive an error message
  • Event ID 2022 errors messages that occur in the System log, for example:

    Event ID: 2022
    Source: SRV
    Type: Error
    Description: The server was unable to find a free connection number times in the last number seconds.

MORE INFORMATION

When you are troubleshooting any one of these issues, frequently, you have to do more than just stop or disable the services that are associated with the software. Even if you disable the software component, the filter driver is still loaded when you restart the computer. You may be forced to remove a software component to find the cause of an issue. As an alternative to removing the software component, you can stop the relevant services and disable the corresponding filter drivers in the registry. For example, if you prevent antivirus software from scanning or filtering files on your computer, you must also disable the corresponding filter drivers.

To disable filter drivers, you must first identify third-party services and their corresponding filter drivers. After you do this, follow these steps.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Important An antivirus program is designed to help protect your computer from viruses. You must not download or open files from sources that you do not trust, visit Web sites that you do not trust, or open e-mail attachments when your antivirus program is disabled. For additional information about computer viruses, click the following article number to view the article in the Microsoft Knowledge Base:
129972  (http://support.microsoft.com/kb/129972/ ) Computer viruses: description, prevention, and recovery
  1. Stop all services that belong to the software package.
  2. Set the Startup type to "Disabled." To do this, follow these steps:
    1. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Services.
    2. In the Details pane, right-click the service that you want to configure, and then click Properties.
    3. On the General tab, click Disabled in the Startup type box.
  3. Set the Start registry key of the corresponding filter drivers to 0x4. A value of 0x4 will disable the filter driver.To do this, follow these steps.

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
    1. Start Registry Editor.
    2. Create a backup of the HKEY_LOCAL_MACHINE\System registry hive.
    3. Locate, and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    4. Click the entry for the filter driver that you want to disable.
    5. Double-click the Start registry setting, and then set it to a value of 0x4.

      Note This registry entry typically has a value of 0x3.
  4. Restart the computer.
Most antivirus software uses filter drivers that work together with a service to scan for viruses. These filter drivers are still loaded after the service is deactivated. These filter drivers scan files as they are opened and closed on a hard disk. For troubleshooting purposes, temporarily remove the antivirus software or contact the manufacturer of the software to determine whether a newer version is available.

For additional information about how to disable antivirus software, click the following article number to view the article in the Microsoft Knowledge Base:
240309  (http://support.microsoft.com/kb/240309/ ) How to fully disable antivirus software from filtering files

Example of filter drivers

This section describes some of the typical filter driver names by product:

Antivirus

  • Inoculan: INO_FLPY and INO_FLTR
  • Norton: SYMEVENT, NAVAP, NAVEN, and NAVEX
  • McAfee (NAI): NaiFiltr and NaiFsRec
  • Trend Micro: Tmfilter.sys and Vsapint.sys

Backup agent

  • Backup Agent for Open Files: Ofant.sys
  • Open Transaction Manager from Veritas BackupExec: Otman.sys (Otman4.sys or Otman5.sys)

    Note Use caution if you disable these filter drivers by using the method that is described in this article. If you do this, you may receive a "stop 0x7b" error message.

    The "stop 0x7b Inaccessible_Boot_Device" error message may occur if the following registry keys exist and contain references to the Otman5 driver when the Otman5.sys driver either does not exist on the hard disk or if the driver is set to disabled.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325 -11CE-BFC1-08002BE10318}\UpperFilters

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A -11D0-BEC7-08002BE2092F}\UpperFilters

    If you experience the "stop 0x7b" error message you should back up these registry keys and delete the Otman5 reference.

Driver registry settings

The following table lists valid settings and their description for the driver's Start and Type registry settings:
Collapse this tableExpand this table
Value Name Value Setting Description of Value Setting
Start 0 = SERVICE_BOOT_STARTNtldr or Osloader preloads the driver so that it is in memory when the computer starts.
These drivers are initialized just before the SERVICE_SYSTEM_START drivers.
Start 1 = SERVICE_SYSTEM_START The driver loads and initializes after SERVICE_BOOT_START drivers have initialized.
Start 2 = SERVICE_AUTO_START Service Control Manager (SCM) starts the driver or service.
Start 3 = SERVICE_DEMAND_STARTSCM must start the driver or service on demand.
Start 4 = SERVICE_DISABLEDThe driver or service does not load or initialize.
Type 1 = SERVICE_KERNEL_DRIVER Device driver.
Type 2 = SERVICE_FILE_SYSTEM_DRIVER Kernel-mode file system driver.
Type 8 = SERVICE_RECOGNIZER_DRIVER File system recognizer driver.

REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
314743  (http://support.microsoft.com/kb/314743/ ) How to enable verbose debug tracing in various drivers and subsystems
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP 64-Bit Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
Keywords: 
kbhowto KB816071
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support