Manually Remove Enforce GlobalProtect for Network Access Filters from Windows 10
Objective
The Enforce GlobalProtect for Network Access feature prevents a Windows PC from accessing the network if the GlobalProtect App is not actively connected to a gateway. The GlobalProtect App can be disabled (if permitted by policy) if local network access is needed when connection to a gateway is not possible. When disabled, the GlobalProtect App will remove the dynamic filters that are preventing network access.
A situation may occur where the GlobalProtect App crashes on startup and is unable to connect to a gateway or be disabled. In this scenario the dynamic filters are still in place and the Windows PC will not have access to the network. The PC can't be repaired remotely or download files from the internet.
This guide will show how to manually remove the dynamic filters that are preventing network access so the PC can be repaired or have GlobalProtect re-installed or removed.
Environment
- GlobalProtect App 5.1.0+
- Microsoft Windows 10
Procedure
1. Execute this command from a command prompt window that has administrator access: c:\temp\netsh wfp show filters
2. A filters.xml file will be generated in the current folder.
3. Open the filters.xml file and search (CTRL-F) for string "GlobalProtect Enforcer Filter"
4. Find each section of the file that resembles the following:
<item>
<filterKey>{90392f5c-014b-463a-b4f4-d2d2712921f2}</filterKey>
<displayData>
<name>GlobalProtect Enforcer Filter</name>
<description>GlobalProtect Enforcer Filter</description>
5. Copy the filterKey string of each section and paste them in a separate text file.
6. There will be approximately 16 filter keys to collect. The filter keys will be unique to the PC. The new text file should look like this:
9f9041fd-f868-4168-9e58-ce07028049b2
90392f5c-014b-463a-b4f4-d2d2712921f2
53fdd038-60c0-4088-b69a-e205db0e2d86
1a5ee6b0-c171-445e-ad1c-de8ec581a45f
72aca23c-caba-4941-9aa4-1b40bef3b186
25bf9828-a2ab-4c53-b88e-e3b10c8244f5
e0a7eb2c-9529-4807-8400-61a763699056
ad067b99-f49a-45b1-b98a-c1be5a7d737d
5b87ec27-c2ab-49b3-9695-9040b22e05eb
339a0417-8bba-43cb-9c28-905bce302732
5baf49b0-e823-4396-9bf5-6aa62e63983f
9b243359-7768-4812-aff4-0b38bccb42f8
51754430-2b99-4cd4-8a1e-b7c609f440f9
d67c013c-cb3b-4bbe-8049-bcdbad443a79
902030f2-20f6-489b-ab94-5789f5bc83cc
98de7c40-9423-4738-a871-3152868f7a5f
7. Open and run Registry Editor as administrator
8. Navigate to this path in the Windows Registry:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter
9. Export this registry key to a backup file.
10. Delete all values (approximately 16) that match the filter keys that were collected in step 5 above.
11. Network access should now be restored.