Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Why is EFS running

03 Feb 2016   #1
RC5000

Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
 
 
Why is EFS running

My machine is a Windows 7 Home Premium machine from Dell.

My machine is experiencing a lot of problems. Here's a thread where I talk about it:

Windows Sort of Stops Working From Time to Time


An IT Technician I know examined my machine yesterday (in Safe Mode, no networking) and believes it is severely compromised. He said many logs are deleted; there might be something which has compromsed the MBR.

Yesterday I ran Taskmgr (which I do a lot) and saw EFS running. Now I have never gotten credentials for this and have never seen it run before. I have never run cipher.exe, for example.

Why would EFS be running?

The technician's recommendation is to toss the computer and get a new one.

I run Kaspersky anti-Virus. They seem to feel they may be the cause (they did not say so directly, but they've asked me to uninstall the current version and install a new one, which I did; it did not help).

I've run MalwareBytes and also Combofix.

The starting and stopping does not seem to happen when in Safe Mode with Networking.

BUT since yesterday the problem has not reoccurred, as far as I know.

The EFS running bothers me.

RON


My System SpecsSystem Spec
.
03 Feb 2016   #2
maxseven

Windows 7 Home Premium 64bit 6.1 Build 7601 (SP1)
 
 

Quote   Quote: Originally Posted by RC5000 View Post
My machine is a Windows 7 Home Premium machine from Dell...

The EFS running bothers me.
Your thread caught my eye and I looked at my own relatively-new-pristine Dell and the EFS service is Automatic and Started (running), though I can find no executable in Task Manager specific to EFS. You are talking about the Service being Started then?

This computer has a Smart Card capability, which I see is also Running, and I use neither the Smart Card nor Encryption or Bitlocker or any such stuff on this W7Pro x64 machine (at least not that I know of)!

I have no problems at all, so while I find that EFS can be disabled, I'm inclined to just leave it alone. Anyway FWIW and in-my-not-very-educated-about-EFS-opinion, the fact that your service is running should not necessarily be of concern to you (by itself).
My System SpecsSystem Spec
03 Feb 2016   #3
RC5000

Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
 
 

That is good to know. It was just I've never seen it before. This computer has smart-card capability but I have no way to use it (no device) and of course no Bitlocker or encryption either. So I'll leave it alone. With all the other weird stuff going on on my machine it was just one more thing.

THANKS!!!
My System SpecsSystem Spec
.

03 Feb 2016   #4
RC5000

Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
 
 

An IT technician examined my machine. He believes there is an SMM virus and a clean reinstall, factory reset will not make a difference. I cannot evaluate his abilities (I'm a .net developer with some but limited understand of machinery, networks, systems etc.) He said it seems the log files were purged and there were other issues (which I forgot now). He was quite concerned. He has no financial stake in anything. He suggested I get a new computer.
My System SpecsSystem Spec
03 Feb 2016   #5
maxseven

Windows 7 Home Premium 64bit 6.1 Build 7601 (SP1)
 
 

Quote   Quote: Originally Posted by RC5000 View Post
An IT technician examined my machine. He believes there is an SMM virus and a clean reinstall, factory reset will not make a difference. I cannot evaluate his abilities (I'm a .net developer with some but limited understand of machinery, networks, systems etc.) He said it seems the log files were purged and there were other issues (which I forgot now). He was quite concerned. He has no financial stake in anything. He suggested I get a new computer.
I had to look-up the SMM virus so will be no help to you about this. I can only say that when someone says "get a new computer" then akin to a doctor diagnosis ("you have x months to live") well I would certainly get a second opinion!

My System SpecsSystem Spec
03 Feb 2016   #6
RC5000

Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
 
 

I know. He's a friend of mine; he does not profit from it. He examined it for hours yesterday in Safe Mode. I cannot validate the findings. I am at least totally backed up. All my data and installation programs are safe in many copies, so if I do get a new machine it won't be the worst pain in the world.
My System SpecsSystem Spec
03 Feb 2016   #7
LMiller7

Windows 7 Pro 64 bit
 
 

My Windows 7 Home Premium system has EFS set to Automatic and is running. I have not changed service configuration. It is hosted by the lsass.exe process. This is a relatively new installation with no known problems.

My guess why it is running is that it does something else in addition to managing the encrypting file system. It is not unusual for services to do more than the documentation states.

I doubt this has anything to do with your problems.
My System SpecsSystem Spec
04 Feb 2016   #8
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

My systems have a bunch of EFS without any problem. I really don't know what they all are. What little research of have done on my system, they all seem to be related with programs I have installed.

If one of my computers had all the problems yours has I would do a Clean Install of everything.


Why is EFS running-efs.png


My System SpecsSystem Spec
Reply

 Why is EFS running




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Update keeps running and running for hours...Clean Install SSD
Hello all... Befuddling problem as I am pretty tech savvy but for whatever reason I can not get windows update to quite "checking" for update: So far.... 1) Downloaded SURT, ran fulling with no reported errors 2) Ran SFC with no reported errors
Windows Updates & Activation
!SASCore service running all the time, not running Superantispyware?
Found the the above service was running all the time and I only occasionally use SuperSpyware AntiSpyware as a standalone scan. This is solely as backup check to my Antimalwarebytes Pro. May I stop and disable it, and how would I remove it entirely? Thanks Glenn
General Discussion
Windows Update not running. Error Code 0xc8000247 when running SURT
Please help me out - I replaced my defective HDD with a new Samsung Spinpoint HDD, re-installed my Windows 7 image using the recovery DVDs, and can't update windows at all after that. I tried following the steps from Windows Update Posting Instructions - System Update Readiness Tool (SURT) and...
Windows Updates & Activation
Running dual Boot w/ Vista and Win 7, question on running programs
Greetings, New to the forum! I recently installed Win 7 on a second Hard drive. Is it possible to run the programs I had installed on the Vista Hard drive? Both are HD's are still installed. Thanks, Brad
General Discussion
BSOD running when running intel driver update utility and more apps
hello sorry if my post isnt great im a newbie here but for some time now ive been getting BSODs and finally figured out how to debug it with WinDbg (x86) and set the symbols for windows but i cant read the text. ive tried reinstalling my GPU and Java but no luck. when i try to run intel driver...
BSOD Help and Support
BSOD while running firefox. Computer has been running terrible.
I was not able to get perfmon /report to work, so I only have the BSOD report.
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:10.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App