Fix: Can’t Able to Enable Windows Firewall Service in Windows 10/11

Several Windows 10 and Windows 11 users are reporting that they can’t enable Windows Firewall after installing a pending Windows Update. Most users are reporting that nothing happens when they enable Windows Firewall conventionally. On top of this, they get the ‘Security snap-in failed to load. Restart the windows firewall services‘ error when they manually attempt to enable the main Windows Firewall service.

Can’t Enable Windows Firewall

After thoroughly investigating this issue, we discovered several different underlying instances where you will see this error occurring. Here’s a list of culprits you should be aware of:

  • Windows Firewall or associated service is stuck in a limbo state – If Windows Firewall and/or a series of associated services are stuck in a limbo state, you need to access the Services program and force start the main Windows Firewall service + every associated dependency.
  • GUI Windows Firewall issue – If you don’t have a 3rd party firewall installed and you still can’t control the state of Windows Firewall, you might be able to force the service to start using an elevated Command prompt.
  • BFE Permission issue – BFE (Base Filtering Engine) might be misconfigured, forcing the main Windows Firewall service to remain disabled. You can address this issue by editing the BFE permissions via Registry Editor. 
  • Misconfigured Firewall Settings – If you previously modified your firewall settings, you might have produced unintended consequences. If this scenario is plausible, try resetting all firewall-relates settings back to their default values.
  • Bad Windows update – It’s impossible to predict if a Microsoft update will impact a current Windows feature. If you started experiencing this issue after your OS installed a pending update, roll it back and reboot your PC.
  • System file corruption – System file corruption is another potential cause that might break Windows Firewall. Run SFC and DISM scans (in quick succession) to address this issue or consider a clean install or repair install operation. 

Now that we covered every potential culprit that might cause this behavior in your case let’s go over every documented fix confirmed to help treat this issue where the Firewall Component remains disabled on Windows 10 or 11. 

1. Run the Windows Firewall Troubleshooter

Anytime there is a core firewall component issue, you may anticipate having trouble accessing the conventional menu of Windows Firewall. Try running the Windows Firewall troubleshooter and see if one of the repair strategies included will fix the issue automatically.

If the Windows Firewall Troubleshooter has already supplied a Microsoft repair plan that addresses the error’s primary cause, repairing the issue merely needs running the software and implementing the recommended solution.

Note: Windows Firewall Troubleshooter is not part of the default troubleshooting fleet on Windows 10 and 11. You will need to download it externally from the official Windows update. 

Follow the instructions below to open the Windows Firewall Troubleshooter and deploy the recommended fix:

  1. Open your preferred browser and download the dedicated Firewall troubleshooter from the official Microsoft page.
    Note: This troubleshooter should work on both Windows 10 and Windows 11. 
  2. Once the troubleshooter has been downloaded locally, right-click on it and choose Run as administrator from the context menu that just appeared. 
  3. At the first screen of the Windows Firewall Troubleshooter, click on the Advanced hyperlink and then automatically check the box associated with Apply repairs automatically. 
    Apply repairs automatically
  4. Once this option is checked, click Next and wait until the troubleshooter finishes the initial scan.
    Note: Since you checked the option above, the utility will automatically begin applying the fix.
  5. After the fix has been successfully applied, reboot your PC and see if the problem is now fixed.

If Windows Firewall remains disabled despite your best efforts, move to the next method below. 

2. Restart the firewall service & associated services

If the Windows Firewall troubleshooter did not fix the issue in your case, the next thing you should investigate is a scenario in which the main Windows Firewall and/or a series of associated services are stuck in a limbo state – they’re neither open nor closed. 

To treat this issue, you’ll need to access the Services screen and force start the main Windows Firewall service + every associated dependency:

  • Windows Defender Firewall
  • Windows Defender Advanced Threat Protection Service
  • Windows Defender Antivirus Network Inspection Service
  • Windows Defender Antivirus Service
  • Windows Defender Security Center

Follow the instructions below for step-by-step instructions on doing this:

  1. Press the Windows key + R to open up a Run dialog box. 
  2. Next, type ‘services.msc’ and press Ctrl + Shift + Enter to open the Services screen with admin access.
    Access the Services screen
  3. When the User Account Control prompts you, click Yes to grant admin access. 
  4. Once inside the Services screen, scroll down through the list of services and locate the Windows Defender Firewall service. 
  5. After you locate it, right-click on it and choose Properties from the context menu. 
    Access the Properties screen
  6. Once inside the Properties screen, click on the General tab, then click on Start if the service is not running. 
  7. After the Windows Defender Firewall service is enabled, repeat steps 5 and steps 6 with the following services:
    • Windows Defender Advanced Threat Protection Service
    • Windows Defender Antivirus Network Inspection Service
    • Windows Defender Antivirus Service
    • Windows Defender Security Center
  8. Once the main Windows Firewall service + every associated dependency is enabled, see if the Firewall component is now enabled.

If the issue is still not fixed, move to the next method below. 

3. Delete the DisableAntiSpyware Registry key

If there is no other third-party antivirus software installed and the problem is GUI-related, you should be able to enable Windows Firewall by removing an underlying .reg key that’s forcing Windows Defender + Windows Firewall to remain disabled. 

IMPORTANT: The command listed below must be executed with administrative rights.

Follow the steps below to remove the problematic Registry key that’s likely forcing the native antivirus protection to remain disabled. 

Note: Both Windows 10 and Windows 11 are compatible with the procedures below.

  1. To bring up the Run dialog box, press the Windows key + R.
  2. To launch an elevated CMD prompt with admin privileges, type “cmd” in the Run dialog box and hit Ctrl + Shift + Enter.
    Open a CMD window
  3. In the User Account Control window, select Yes to allow admin access (UAC).
  4. To forcefully activate Windows Firewall, write or paste the following command into the elevated CMD prompt:
    REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
  5. Restart your computer after this command has been successfully executed to determine if the issue has been resolved.

Continue to the next procedure below if Windows Firewall is still deactivated.

4. Tweak your BFE permissions

You can expect to deal with this issue when the BFE (Base Filtering Engine) permissions that depend on Windows Firewall are misconfigured.

In this case, you should be able to fix the issue by editing the BFE permissions via Registry Editor. 

Note: Our recommendation is to back up your Registry cluster in advance before starting to follow the instructions below.

Follow the instructions below to tweak your BFE permissions and allow your Firewall component to function undeterred:

  1. Press the Windows key + R to open up a Run dialog box. Next, type ‘regedit’ and press Ctrl + Shift + Enter to open up the Registry Editor with admin access.
    Open Registry Editor
  2. Click Yes to grant admin access when prompted by the User Account Control (UAC)
  3. Once you’re inside Registry Editor, use the right-hand side menu to navigate to the following location:
    HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/BFE

    Note: You can navigate this path manually (using the menu on the left), or paste the full path above inside the nav bar at the top and press Enter to get there instantly. 

  4. Once inside the correct location, right-click on BFE and choose Permissions from the context menu that just appeared. 
    Access the Permissions
  5. Click on Add (under Group or user names) on the Security tab. 
  6. Inside the Select Users or Groups window, type ‘Everyone’ and press Ok to save the changes. 
    Access the Everyone tab
  7. Once the Everyone group has been created, click on it, then move down below to Permissions for Everyone and check the Full Control box associated with Allow. 
    Grant full control
  8. Click Apply to save the changes, then reboot your PC to allow the change to take effect.
  9. Once your PC boots back up, see if the Firewall component is now active.

If the problem still occurs, move down to the next method below. 

5. Reset the Firewall component via CMD

If you have already tried modifying the BFE (Base Filtering Engine) permissions and your firewall remains disabled (even though you’re not using a 3rd party firewall), try forcing the component to enable via a terminal command.

You can do this by opening up an elevated Command prompt and running a ‘netsh‘ command to force the Windows Firewall component to enable itself.

Note: This method will only work if you are experiencing this issue with Windows Firewall. Do not attempt this method if you are using a 3rd party firewall.

Follow the instructions below to reset the Windows Firewall component via Command Prompt:

  1. Press the Windows key + R to open up a Run dialog box. 
  2. Next, type ‘cmd’ inside the run box, then press Ctrl + Shift + Enter to open up an elevated Command prompt.

    Open a CMD window
  3. Click Yes to grant admin access at the User Account Control (UAC)
  4. Once you’re inside the elevated Command Prompt, type or paste the following command to reset the firewall component:
    netsh firewall set opmode mode=ENABLE exceptions=enable
  5. After the command has been processed successfully, reboot your PC and see if the problem is now fixed. 

If the Firewall component still refuses to start even though there’s no 3rd party AV or firewall installed, try the next method below. 

6. Uninstall the latest Windows update

It’s always hard to predict if a recent Windows update produced unintended consequences to other Windows features.

If you started to experience this issue immediately after you installed a Windows update, you could put this theory to the test by uninstalling the latest Windows update that got installed. 

This approach might be useful if you discover that the Windows Firewall started acting up after you installed a pending update.

To remove the most current Windows update, follow the instructions below:

Important: Additional instructions are provided so you may conceal the update and stop it from being installed again.

  1. To access the Run dialog box and the Programs and Features page, use the Windows key + R.
  2. After typing it there, type “appwiz.cpl” into the text box.
    Open the Programs and Features menu
  3. After choosing Programs and Features, choose View installed updates from the vertical menu on the left.
  4. Locate the most recent update on the Installed Updates page and right-click it. Click Uninstall from the context menu.
    Uninstall the latest Windows updates
  5. When asked for your approval to remove the update, select Yes. Allow the uninstalling process to complete by confirming if prompted to do so. 
  6. Restarting your computer once the update has been removed is not recommended. Instead, go to the Microsoft Show or Hide troubleshooter’s official download website.
  7. The tool we’ll be using should start downloading right away. Open the .diagcab file and choose Advanced after the operation is complete.
  8. Next, click Next after selecting the checkbox next to Apply Repairs Automatically.
    Uninstall the Troubleshooter
  9. The program will search your computer to find outstanding updates that haven’t been loaded. Choose Hide Updates from the menu of choices on the next screen to hide updates.
  10. On the following page, check the box next to the most current Windows update and click Next. In the future, Windows Update won’t try to install the same update again if you do this.
  11. Check whether the issue has been fixed by restarting your computer once.

Continue with the following step in the technique listed below if the same problem persists.

7. Run DISM & SFC Scans

It turns out that the Windows Firewall’s operation can also be hampered by file corruption.

Start running a few scans with two built-in tools, System File Checker (SFC) and Deployment Image Servicing and Management (DISM).

Note: Despite some similarities between SFC and DISM, we suggest running both tests immediately after the other to improve your chances of recovering the corrupt system files.

If this is the situation, start with a basic SFC scan.

Deploy an SFC scan

Note: Remember that this tool is only local and won’t require a live internet connection. Even if the application seems to have stalled after beginning this procedure, it’s imperative to maintain the CMD window active. Wait patiently for the process to finish.

Once the SFC scan is complete, restart your computer to see whether the issue has been fixed.

If the same problem is still ongoing with your firewall, run a DISM scan and complete the operation according to the on-screen directions.

Deploy a DISM scan

Note: The key contrast between DISM and SFC is that DISM uses a Windows update component to obtain healthy replacements for corrupt system files. Because of this, you must ensure that you have stable Internet before starting.

Whether the DISM scan was successful or not, restart your computer and check to see if Windows Firewall starts operating correctly.

If the Windows Firewall component is still not functioning as it should go for the final method below. 

8. Perform an in-place repair or clean install

If none of the above steps have assisted you in fixing the Windows Firewall issue, you may conclude that your issue is the consequence of a system corruption issue that cannot be fixed in the conventional manner (with DISM and SFC scans).

Other Windows users who had a similar issue said that the issue was fixed once they updated every Windows component. This may be achieved via a clean install or an in-place fix (repair install).

Repair install Windows 11

Note: The main drawback of a clean install is that you can’t store your stuff (apps, games, personal media, etc.) unless you back them up.

Note: The major advantage of selecting a repair install is that you can keep all your personal information, including applications, games, personal media, and even certain user preferences. But the procedure takes a little longer.

ABOUT THE AUTHOR

Kamil Anwar


Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.