none
How to get a list of network filters installed on a Windows 7 system RRS feed

 > 

  • General discussion

  • Discussion
    Sign in to vote
    0
    Sign in to vote

    I've run into several situations where users in my office have tried to install software, such as vpn software, and the installation has failed due to exceeding the maximum number of filters allowed, as defined by the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\MaxNumFilters. My understanding is that the default is 8 and the maximum is 14.

    I'd like to know if it is possible to get a count of the number of network filters currently installed on a system. For bonus points, I'd like to know if there is a way to determine what the filters are associated with: the installed software or dlls, something that could be useful in determining what could be uninstalled.

    I would hope this information would be useful to others.

    Thursday, March 1, 2012 2:12 PM
    |

All replies

  • Discussion
    Sign in to vote
    1
    Sign in to vote

    Hi your question was already answered for you on Microsoft Answers:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\MaxNumFilters

    that shows the maximum count. Further, if you look at:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\

    Each entry corresponds to a possible filter.

     

    Source: how can I find out how many network filter drivers I have using Windows 7 and uninstall if too many

    Thursday, March 1, 2012 8:25 PM
    |
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Thanks, Jaap.

    It doesn't definitively answer my question, but it helps.

    The list of items under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318} are only possible filters.

    According to http://msdn.microsoft.com/en-us/library/windows/hardware/ff553426%28v=vs.85%29.aspx the GUID 4d36e974-e325-11ce-bfc1-08002be10318 is described as "NetService". In my registry, some of the entries appear to be filters, and some do not.

    For example, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{03F0DBAD-C963-4EB4-8510-DD8D23454D85} is described as "File and Printer Sharing for Microsoft Networks". I think it would count a s a service, but not as a filter, and consequently not count against MaxNumFilters.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B5F4D659-7DAA-4565-8E41-BE220ED60542} on the other hand is described as "QoS Packet Scheduler" and has sub-keys (if that's the term) with the following names and values that indicate to me that it is an actual filter:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Ndi]
    "FilterClass"="scheduler"
    "FilterType"=dword:00000002
    "FilterRunType"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Ndi\Interfaces]
    "FilterMediaTypes"="ethernet, wan"

    Across all of the key entries that I see on my system, the only ones that seem consistently present and indicating a filter are Ndi\FilterClass and Ndi\Interfaces\FilterMediaTypes

    I have one entry on my system that has Ndi\FilterDeviceInfId, and neither of Ndi\FilterRunType and Ndi\FilterType.

    Now all I need is confirmation that only the entries that I think are filters count against MaxNumFilters.

    Friday, March 2, 2012 1:30 PM
    |
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    [Edited the format-list properties. Was outputting all properties instead of just Description and PSPath]

    I haven't figured out how to map back to a file on disk.

    The following PowerShell will output the current maximum filters configured, the count of filters installed, followed by the description and registry path.

    get-itemproperty hklm:\SYSTEM\CurrentControlSet\Control\Network | format-list -property MaxNumFilters
$children = get-childitem -path hklm:\system\currentcontrolset\control\network\"{4d36e974-e325-11ce-bfc1-08002be10318}" | get-childitem | where-object {$_.PSChildName -eq "Ndi"} | get-itemproperty | where-object {$_.FilterClass} |get-itemproperty -name FilterClass
"Filter Count: " + $children.count
"Filter List: "
$children | foreach-object -process { get-itemproperty -path $_.PSParentPath } | format-list -property Description,PSPath
    The output will be something like the following:

    MaxNumFilters : 8



    Filter Count: 6
    Filter List:


    Description : Eset Personal Firewall
    PSPath      : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\system\currentcontr
                  olset\control\network\{4d36e974-e325-11ce-bfc1-08002be10318}\{08D58B09-AA0
                  4-45BD-9F17-9842CE8CCF6D}

    Description : Virtual WiFi Filter Driver
    PSPath      : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\system\currentcontr
                  olset\control\network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BF-505
                  5-47CD-9055-A76B2B4E3698}

    Description : QoS Packet Scheduler
    PSPath      : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\system\currentcontr
                  olset\control\network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B5F4D659-7DA
                  A-4565-8E41-BE220ED60542}

    Description : WFP Lightweight Filter
    PSPath      : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\system\currentcontr
                  olset\control\network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B70D6460-363
                  5-4D42-B866-B8AB1A24454C}

    Description : NativeWiFi Filter
    PSPath      : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\system\currentcontr
                  olset\control\network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E475CF9A-60C
                  D-4439-A75F-0079CE0E18A1}

    Description : NDIS Capture LightWeight Filter
    PSPath      : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\system\currentcontr
                  olset\control\network\{4d36e974-e325-11ce-bfc1-08002be10318}\{EA24CD6C-D17
                  A-4348-9190-09F0D5BE83DD}

    Hopefully someone else will find this useful.



    • Edited by Saturn Jct Wednesday, March 7, 2012 4:52 PM Changed to use code block
    Wednesday, March 7, 2012 3:41 PM
    |
  • Discussion
    Sign in to vote
    1
    Sign in to vote

    First of all, thanks for sharing, nice to see you found the solution.

    If you want to export the output to a file on the disk you can use this revised code:

    $outtofile = @()
$outtofile += "Maxnumfilters: "+(get-itemproperty hklm:\SYSTEM\CurrentControlSet\Control\Network).maxnumfilters
$children = get-childitem -path hklm:\system\currentcontrolset\control\network\"{4d36e974-e325-11ce-bfc1-08002be10318}" | get-childitem | where-object {$_.PSChildName -eq "Ndi"} | get-itemproperty | where-object {$_.FilterClass} |get-itemproperty -name FilterClass
$outtofile += "Filter Count: " + $children.count
$outtofile += "Filter List: "
$outtofile += $children | foreach-object -process { get-itemproperty -path $_.PSParentPath }
$outtofile | out-file maxnumfilters.log

    Wednesday, March 7, 2012 4:02 PM
    |