Managing and Removing the EaseFilter Driver

The following self running code unregisters and then deletes EaseFilter from the System32 directory.

The following scripts help manage the filter driver using PowerShell:

  1. To check if EaseFilter is loaded on a machine you can use the following PowerShell script (as admin):

fltmc filters

The output will look like this:

PS C:WINDOWSsystem32> fltmc filters

Filter Name Num Instances Altitude Frame
—————————— ————- ———— —–
bindflt        1 409800 0
FsDepends 69 407000 0
WdFilter 69 328010 0
storqosflt 0 244000 0
wcifs 3 189900 0
EaseFilter 7 186200 0
CldFlt 63 180451 0
FileCrypt 0 141100 0
luafv 1 135000 0
npsvctrig 1 46000 0
Wof 67 40700 0
FileInfo 69 40500 0

The highlighted row shows that EaseFilter is loaded.

2. To unload and remove EaseFilter use the following PowerShell script (as admin):

fltmc unload EaseFilter

remove-item -Path $Env:WinDirSystem32driversEaseFlt.sys -Force

Powered by BetterDocs