Managing and Removing the EaseFilter Driver

The following self running code unregisters and then deletes EaseFilter from the System32 directory.

The following scripts help manage the filter driver using PowerShell:

  1. To check if EaseFilter is loaded on a machine you can use the following PowerShell script (as admin):
fltmc filters

The output will look like this:

PS C:WINDOWSsystem32> fltmc filters
Filter Name Num Instances Altitude Frame
------------------------------ ------------- ------------ -----
bindflt        1 409800 0
FsDepends 69 407000 0
WdFilter 69 328010 0
storqosflt 0 244000 0
wcifs 3 189900 0
EaseFilter 7 186200 0
CldFlt 63 180451 0
FileCrypt 0 141100 0
luafv 1 135000 0
npsvctrig 1 46000 0
Wof 67 40700 0
FileInfo 69 40500 0

The highlighted row shows that EaseFilter is loaded.

2. To unload and remove EaseFilter use the following PowerShell script (as admin):

fltmc unload EaseFilter
remove-item -Path $Env:WinDir\System32\drivers\EaseFlt.sys -Force

Note that the Actifile services will reinstall and load a missing Easeflt.sys filter driver. Hence the services should be stopped and set to manual prior to removing the filter. Use the services.msc tool or PowerShell to stop the services and set them to manual start.

Stop-Service "Actifile Updater"
Stop-Service "Actifile Agent"
Set-Service -Name "Actifile Updater" -StartupType Manual
Set-Service -Name "Actifile Agent" -StartupType Manual

Powered by BetterDocs