Why is EFS running


  1. RC5000
    Posts : 39
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
       New #1

    Why is EFS running


    My machine is a Windows 7 Home Premium machine from Dell.

    My machine is experiencing a lot of problems. Here's a thread where I talk about it:

    Windows Sort of Stops Working From Time to Time


    An IT Technician I know examined my machine yesterday (in Safe Mode, no networking) and believes it is severely compromised. He said many logs are deleted; there might be something which has compromsed the MBR.

    Yesterday I ran Taskmgr (which I do a lot) and saw EFS running. Now I have never gotten credentials for this and have never seen it run before. I have never run cipher.exe, for example.

    Why would EFS be running?

    The technician's recommendation is to toss the computer and get a new one.

    I run Kaspersky anti-Virus. They seem to feel they may be the cause (they did not say so directly, but they've asked me to uninstall the current version and install a new one, which I did; it did not help).

    I've run MalwareBytes and also Combofix.

    The starting and stopping does not seem to happen when in Safe Mode with Networking.

    BUT since yesterday the problem has not reoccurred, as far as I know.

    The EFS running bothers me.

    RON
      My Computer
    Quote Quote

  3. maxseven
    Posts : 880
    Windows 7 Professional 64bit
       New #2

    RC5000 said:
    My machine is a Windows 7 Home Premium machine from Dell...

    The EFS running bothers me.
    Your thread caught my eye and I looked at my own relatively-new-pristine Dell and the EFS service is Automatic and Started (running), though I can find no executable in Task Manager specific to EFS. You are talking about the Service being Started then?

    This computer has a Smart Card capability, which I see is also Running, and I use neither the Smart Card nor Encryption or Bitlocker or any such stuff on this W7Pro x64 machine (at least not that I know of)!

    I have no problems at all, so while I find that EFS can be disabled, I'm inclined to just leave it alone. Anyway FWIW and in-my-not-very-educated-about-EFS-opinion, the fact that your service is running should not necessarily be of concern to you (by itself).
      My Computer
    Quote Quote

  4. RC5000
    Posts : 39
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
    Thread Starter
       New #3

    That is good to know. It was just I've never seen it before. This computer has smart-card capability but I have no way to use it (no device) and of course no Bitlocker or encryption either. So I'll leave it alone. With all the other weird stuff going on on my machine it was just one more thing.

    THANKS!!!
      My Computer
    Quote Quote

  6. RC5000
    Posts : 39
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
    Thread Starter
       New #4

    An IT technician examined my machine. He believes there is an SMM virus and a clean reinstall, factory reset will not make a difference. I cannot evaluate his abilities (I'm a .net developer with some but limited understand of machinery, networks, systems etc.) He said it seems the log files were purged and there were other issues (which I forgot now). He was quite concerned. He has no financial stake in anything. He suggested I get a new computer.
      My Computer
    Quote Quote

  7. maxseven
    Posts : 880
    Windows 7 Professional 64bit
       New #5

    RC5000 said:
    An IT technician examined my machine. He believes there is an SMM virus and a clean reinstall, factory reset will not make a difference. I cannot evaluate his abilities (I'm a .net developer with some but limited understand of machinery, networks, systems etc.) He said it seems the log files were purged and there were other issues (which I forgot now). He was quite concerned. He has no financial stake in anything. He suggested I get a new computer.
    I had to look-up the SMM virus so will be no help to you about this. I can only say that when someone says "get a new computer" then akin to a doctor diagnosis ("you have x months to live") well I would certainly get a second opinion!

      My Computer
    Quote Quote

  8. RC5000
    Posts : 39
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiproc; build: 7601 Multiprocessor Free
    Thread Starter
       New #6

    I know. He's a friend of mine; he does not profit from it. He examined it for hours yesterday in Safe Mode. I cannot validate the findings. I am at least totally backed up. All my data and installation programs are safe in many copies, so if I do get a new machine it won't be the worst pain in the world.
      My Computer
    Quote Quote

  10. LMiller7
    Posts : 2,497
    Windows 7 Pro 64 bit
       New #7

    My Windows 7 Home Premium system has EFS set to Automatic and is running. I have not changed service configuration. It is hosted by the lsass.exe process. This is a relatively new installation with no known problems.

    My guess why it is running is that it does something else in addition to managing the encrypting file system. It is not unusual for services to do more than the documentation states.

    I doubt this has anything to do with your problems.
      My Computer
    Quote Quote

  11. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #8

    My systems have a bunch of EFS without any problem. I really don't know what they all are. What little research of have done on my system, they all seem to be related with programs I have installed.

    If one of my computers had all the problems yours has I would do a Clean Install of everything.


    Why is EFS running-efs.png
      My Computer
    Quote Quote

 

  Related Discussions
I've got an odd problem here. On my Compaq Presario CQ60-615DX, it runs fine as long as it's plugged in. Once I unplug it and run it on the battery, once it gets down to about 87-88% or so, the screen just goes black, but doesn't shutdown and I'm unable to do anything except remove the battery and...
Hello all... Befuddling problem as I am pretty tech savvy but for whatever reason I can not get windows update to quite "checking" for update: So far.... 1) Downloaded SURT, ran fulling with no reported errors 2) Ran SFC with no reported errors
Please help me out - I replaced my defective HDD with a new Samsung Spinpoint HDD, re-installed my Windows 7 image using the recovery DVDs, and can't update windows at all after that. I tried following the steps from Windows Update Posting Instructions - System Update Readiness Tool (SURT) and...
Greetings, New to the forum! I recently installed Win 7 on a second Hard drive. Is it possible to run the programs I had installed on the Vista Hard drive? Both are HD's are still installed. Thanks, Brad
hello sorry if my post isnt great im a newbie here but for some time now ive been getting BSODs and finally figured out how to debug it with WinDbg (x86) and set the symbols for windows but i cant read the text. ive tried reinstalling my GPU and Java but no luck. when i try to run intel driver...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 16:52.
Find Us