Microsoft KB Archive/816071

From BetaArchive Wiki

Article ID: 816071

Article Last Modified on 10/30/2006


APPLIES TO

  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional for Itanium-based systems
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition


Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


SUMMARY

This article describes how to deactivate the kernel mode filter driver without removing the corresponding software. You may want to deactivate the filter driver when you are troubleshooting the following issues:

  • File copy or backup problems.
  • Program errors that occur when you are opening files from network drives or you are saving files to network drives. For additional information about these program errors, click the following article number to view the article in the Microsoft Knowledge Base:

    814112 Files on network shares open slowly or read-only or you receive an error message

  • Event ID 2022 errors messages that occur in the System log, for example:

    Event ID: 2022
    Source: SRV
    Type: Error
    Description: The server was unable to find a free connection number times in the last number seconds.


MORE INFORMATION

When you are troubleshooting any one of these issues, frequently, you have to do more than just stop or disable the services that are associated with the software. Even if you disable the software component, the filter driver is still loaded when you restart the computer. You may be forced to remove a software component to find the cause of an issue. As an alternative to removing the software component, you can stop the relevant services and disable the corresponding filter drivers in the registry. For example, if you prevent antivirus software from scanning or filtering files on your computer, you must also disable the corresponding filter drivers.

To disable filter drivers, you must first identify third-party services and their corresponding filter drivers. After you do this, follow these steps.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Important An antivirus program is designed to help protect your computer from viruses. You must not download or open files from sources that you do not trust, visit Web sites that you do not trust, or open e-mail attachments when your antivirus program is disabled. For additional information about computer viruses, click the following article number to view the article in the Microsoft Knowledge Base:

129972 Computer viruses: description, prevention, and recovery


  1. Stop all services that belong to the software package.
  2. Set the Startup type to "Disabled." To do this, follow these steps:
    1. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Services.
    2. In the Details pane, right-click the service that you want to configure, and then click Properties.
    3. On the General tab, click Disabled in the Startup type box.
  3. Set the Start registry key of the corresponding filter drivers to 0x4. A value of 0x4 will disable the filter driver.To do this, follow these steps.

    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
    1. Start Registry Editor.
    2. Create a backup of the HKEY_LOCAL_MACHINE\System registry hive.
    3. Locate, and then click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

    4. Click the entry for the filter driver that you want to disable.
    5. Double-click the Start registry setting, and then set it to a value of 0x4.

      Note This registry entry typically has a value of 0x3.
  4. Restart the computer.

Most antivirus software uses filter drivers that work together with a service to scan for viruses. These filter drivers are still loaded after the service is deactivated. These filter drivers scan files as they are opened and closed on a hard disk. For troubleshooting purposes, temporarily remove the antivirus software or contact the manufacturer of the software to determine whether a newer version is available.

For additional information about how to disable antivirus software, click the following article number to view the article in the Microsoft Knowledge Base:

240309 How to fully disable antivirus software from filtering files


Example of filter drivers

This section describes some of the typical filter driver names by product:

Antivirus

  • Inoculan: INO_FLPY and INO_FLTR
  • Norton: SYMEVENT, NAVAP, NAVEN, and NAVEX
  • McAfee (NAI): NaiFiltr and NaiFsRec
  • Trend Micro: Tmfilter.sys and Vsapint.sys

Backup agent

  • Backup Agent for Open Files: Ofant.sys
  • Open Transaction Manager from Veritas BackupExec: Otman.sys (Otman4.sys or Otman5.sys)

    Note Use caution if you disable these filter drivers by using the method that is described in this article. If you do this, you may receive a "stop 0x7b" error message.

    The "stop 0x7b Inaccessible_Boot_Device" error message may occur if the following registry keys exist and contain references to the Otman5 driver when the Otman5.sys driver either does not exist on the hard disk or if the driver is set to disabled.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325 -11CE-BFC1-08002BE10318}\UpperFilters

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A -11D0-BEC7-08002BE2092F}\UpperFilters


    If you experience the "stop 0x7b" error message you should back up these registry keys and delete the Otman5 reference.

Driver registry settings

The following table lists valid settings and their description for the driver's Start and Type registry settings:

Value Name Value Setting Description of Value Setting
Start 0 = SERVICE_BOOT_START Ntldr or Osloader preloads the driver so that it is in memory when the computer starts.

These drivers are initialized just before the SERVICE_SYSTEM_START drivers.

Start 1 = SERVICE_SYSTEM_START The driver loads and initializes after SERVICE_BOOT_START drivers have initialized.
Start 2 = SERVICE_AUTO_START Service Control Manager (SCM) starts the driver or service.
Start 3 = SERVICE_DEMAND_START SCM must start the driver or service on demand.
Start 4 = SERVICE_DISABLED The driver or service does not load or initialize.
Type 1 = SERVICE_KERNEL_DRIVER Device driver.
Type 2 = SERVICE_FILE_SYSTEM_DRIVER Kernel-mode file system driver.
Type 8 = SERVICE_RECOGNIZER_DRIVER File system recognizer driver.


REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

314743 How to enable verbose debug tracing in various drivers and subsystems


The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.


Additional query words: filter-driver antivirus anti-virus anti virus kernel-mode component File system Filters deinstall uninstall ID 3013 SMS Cheyenne Innoculan Trend Micro ServerProtect Dr. Solomon Mcaffee Netshield NetShield Mcafee Norton AutoProtect backup software Live Vault backup software WQuinn StorageCentral Backupexec ArcServe OpenFile Agent OFANT Open File Manager OFADriver Backup Agent for Open Files Driver Cheyenne Backup Agent for Open Files Open Transaction Manager from Veritas BackupExec: OTMAN.sys (OTMAN4.SYS or OTMAN5.SYS) Quota Advisor eSafe Compaq Insight Manager HP JetAdmin APMonitor Norton Speed Disk MPSReports MPS_Reports Mpsrpt_2000_setup.exe MPSRPT_XP_SETUPPerf.exe MPS_REPORTS

Keywords: kbhowto KB816071



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/816071&oldid=193411
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki