Article ID: 816071
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional for Itanium-based systems
- Microsoft Windows XP Professional
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SUMMARY
This article describes how to deactivate the kernel mode filter driver without removing the corresponding software. You may want to deactivate the filter driver when you are troubleshooting the following issues:
- File copy or backup problems.
- Program errors that occur when you are opening files from network drives or you are saving files to network drives. For additional information about these program errors, click the following article number to view the article in the Microsoft Knowledge Base:
814112 Files on network shares open slowly or read-only or you receive an error message
Event ID 2022 errors messages that occur in the System log, for example:
Event ID: 2022
Source: SRV
Type: Error
Description: The server was unable to find a free connectionnumber
times in the lastnumber
seconds.
MORE INFORMATION
When you are troubleshooting any one of these issues, frequently, you have to do more than just stop or disable the services that are associated with the software. Even if you disable the software component, the filter driver is still loaded when you restart the computer. You may be forced to remove a software component to find the cause of an issue. As an alternative to removing the software component, you can stop the relevant services and disable the corresponding filter drivers in the registry. For example, if you prevent antivirus software from scanning or filtering files on your computer, you must also disable the corresponding filter drivers.
To disable filter drivers, you must first identify third-party services and their corresponding filter drivers. After you do this, follow these steps.
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Important An antivirus program is designed to help protect your computer from viruses. You must not download or open files from sources that you do not trust, visit Web sites that you do not trust, or open e-mail attachments when your antivirus program is disabled. For additional information about computer viruses, click the following article number to view the article in the Microsoft Knowledge Base:
129972 Computer viruses: description, prevention, and recovery
- Stop all services that belong to the software package.
- Set the Startup type to "Disabled." To do this, follow these steps:
- Click Start, click Control Panel, double-click Administrative Tools, and then double-click Services.
- In the Details pane, right-click the service that you want to configure, and then click Properties.
- On the General tab, click Disabled in the Startup type box.
- Set the
Start
registry key of the corresponding filter drivers to 0x4. A value of 0x4 will disable the filter driver.To do this, follow these steps.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.- Start Registry Editor.
- Create a backup of the HKEY_LOCAL_MACHINE\System registry hive.
- Locate, and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- Click the entry for the filter driver that you want to disable.
- Double-click the
Start
registry setting, and then set it to a value of 0x4.
Note This registry entry typically has a value of 0x3.
- Restart the computer.
Most antivirus software uses filter drivers that work together with a service to scan for viruses. These filter drivers are still loaded after the service is deactivated. These filter drivers scan files as they are opened and closed on a hard disk. For troubleshooting purposes, temporarily remove the antivirus software or contact the manufacturer of the software to determine whether a newer version is available.
For additional information about how to disable antivirus software, click the following article number to view the article in the Microsoft Knowledge Base:
240309 How to fully disable antivirus software from filtering files
Example of filter drivers
This section describes some of the typical filter driver names by product:
Antivirus
- Inoculan: INO_FLPY and INO_FLTR
- Norton: SYMEVENT, NAVAP, NAVEN, and NAVEX
- McAfee (NAI): NaiFiltr and NaiFsRec
- Trend Micro: Tmfilter.sys and Vsapint.sys
Backup agent
- Backup Agent for Open Files: Ofant.sys
- Open Transaction Manager from Veritas BackupExec: Otman.sys (Otman4.sys or Otman5.sys)
Note Use caution if you disable these filter drivers by using the method that is described in this article. If you do this, you may receive a "stop 0x7b" error message.
The "stop 0x7b Inaccessible_Boot_Device" error message may occur if the following registry keys exist and contain references to the Otman5 driver when the Otman5.sys driver either does not exist on the hard disk or if the driver is set to disabled.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325 -11CE-BFC1-08002BE10318}\UpperFilters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A -11D0-BEC7-08002BE2092F}\UpperFilters
If you experience the "stop 0x7b" error message you should back up these registry keys and delete the Otman5 reference.
Driver registry settings
The following table lists valid settings and their description for the driver's Start
and Type
registry settings:
Value Name | Value Setting | Description of Value Setting |
Start | 0 = SERVICE_BOOT_START | Ntldr or Osloader preloads the driver so that it is in memory when the computer starts. These drivers are initialized just before the SERVICE_SYSTEM_START drivers. |
Start | 1 = SERVICE_SYSTEM_START | The driver loads and initializes after SERVICE_BOOT_START drivers have initialized. |
Start | 2 = SERVICE_AUTO_START | Service Control Manager (SCM) starts the driver or service. |
Start | 3 = SERVICE_DEMAND_START | SCM must start the driver or service on demand. |
Start | 4 = SERVICE_DISABLED | The driver or service does not load or initialize. |
Type | 1 = SERVICE_KERNEL_DRIVER | Device driver. |
Type | 2 = SERVICE_FILE_SYSTEM_DRIVER | Kernel-mode file system driver. |
Type | 8 = SERVICE_RECOGNIZER_DRIVER | File system recognizer driver. |
REFERENCES
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
314743 How to enable verbose debug tracing in various drivers and subsystems
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Additional query words: filter-driver antivirus anti-virus anti virus kernel-mode component File system Filters deinstall uninstall ID 3013 SMS Cheyenne Innoculan Trend Micro ServerProtect Dr. Solomon Mcaffee Netshield NetShield Mcafee Norton AutoProtect backup software Live Vault backup software WQuinn StorageCentral Backupexec ArcServe OpenFile Agent OFANT Open File Manager OFADriver Backup Agent for Open Files Driver Cheyenne Backup Agent for Open Files Open Transaction Manager from Veritas BackupExec: OTMAN.sys (OTMAN4.SYS or OTMAN5.SYS) Quota Advisor eSafe Compaq Insight Manager HP JetAdmin APMonitor Norton Speed Disk MPSReports MPS_Reports Mpsrpt_2000_setup.exe MPSRPT_XP_SETUPPerf.exe MPS_REPORTS
Keywords: kbhowto KB816071