Restoring Windows Firewall after faulty ZoneAlarm uninstallation


Since sometime in 2015, Windows Firewall has been disabled on my 64-bit Windows 7 Home Premium computer. At that time, I did not know that Windows Firewall was enabled by default, and so tried installing first TinyWall and then ZoneAlarm on my computer. ZoneAlarm appealed to me because of its per-application basis, but I remember it blocking more than I could manually whitelist with my limited knowledge then. Thus I uninstalled ZoneAlarm from my computer so I could keep using Firefox. I suspect that this installation was improperly done, for Windows Firewall can no longer be enabled, even years later.

More precisely, trying to use recommended settings in the Control Panel gives the error:

Windows Firewall can’t change some of your settings.
Error code 0x8007042c

Qwant helpfully revealed that this is a problem with the Base Filtering Engine, visible in Services (services.msc), whicih is not started though it is set to begin automatically.

Starting this manually gives the following message, even running Services as an administrator:

Windows could not start the Base Filtering Engine service on Local Computer.
Error 5: Access is denied.

Using Run to open the executable (C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork) does nothing.

Another possible cause that I have researched is a faulty registry key; I discussed this here, when I asked about this problem (before I remembered about my past firewalls) a month ago to no success, but as SYSTEM and administrator accounts are allowed full control, this seems dubious.

I am certain that the problem is not due to malware, as neither Avast nor Malwarebytes detect any, and a bot that would depend upon networking would be detectable by other means such as the bandwidth used. (I have monthly data caps and monitor my daily Internet use through my router’s separate hardware, and see no discrepancies.) Asking about malware at this point is a red herring.

As additional resources available to me, I do have another computer with 64-bit Windows 7 Home Premium, that I have not used since 2012, and presumably which has its firewall enabled by default and not modified in any way. Copying its profile over (or some equivalent) could conceivably solve this, but I would not know what to copy or how to re-insert it. I also have a Windows 7 Home Premium re-installation disc, but would rather avoid the process of re-installing Windows and all of my programmes if at all possible.

I suspect that a faulty uninstallation of ZoneAlarm and/or TinyWall might be responsible for the current inability to activate Windows Firewall. As this was several years ago, I do not remember precisely which versions of the software I was using, and my backups and restore points from back then have since been overwritten. I have a hardware firewall in my router, but would like to implement a software firewall also, for additional security. How can I re-enable the Base Filtering Engine, and thus Windows Firewall? Thank you for your help.


Never install those type of softwares. Use only proper Anti-virus or Anti-malware softwares which comes with so-called “Internet security” or “Network security”.

Run this commands as ADMINISTRATOR and reply with the output: sc query BFE & sc start BFE


The following appears in the Command Prompt, run as an administrator:

C:\Windows\system32>sc query BFE & sc start BFE

        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 5  (0x5)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 34628
        FLAGS              : 



Did the service start after that command?


No, nothing visibly changes after that: starting the BFE from services.msc still gives Error 5, and running sc query BFE again shows that the service is still stopped, with identical output to the first part in my last post. What should I do?