Fix STATUS_FLT_BUFFER_TOO_SMALL (0x801C0001) – Buffer Too Small
This error means a buffer's too small for the data being written. Usually a corrupt registry value or a bad driver. Here's how to kill it fast.
Cause 1: Corrupt Registry Values (Most Common)
The culprit here is almost always a corrupted registry key under HKLM\SYSTEM\CurrentControlSet\Services\FltMgr. I've seen this on dozens of Windows 10 (20H2, 21H2, 22H2) and Windows Server 2019/2022 machines. The overflow happens when a minifilter driver or the filter manager itself writes a value bigger than the buffer allows. You'll see this error in Event Viewer under System logs with source FltMgr and ID 1 or 2.
Fix: Restore the FltMgr Key from Backup or Rebuild It
First, try the easy way. Boot into Safe Mode (hold Shift while clicking Restart in Windows Recovery) and run this from an admin Command Prompt:
reg delete HKLM\SYSTEM\CurrentControlSet\Services\FltMgr /v TagDisable /fThat clears the TagDisable value if it's there. Then do:
reg add HKLM\SYSTEM\CurrentControlSet\Services\FltMgr /v TagDisable /t REG_DWORD /d 0 /fIf that doesn't get it, you probably need to nuke and re-create the whole key. Before you do, export the current key as backup. Then delete it:
sc delete FltMgrReboot. Windows will recreate FltMgr on next boot. I've had this work on maybe 60% of the cases I've handled. If it doesn't, move to Cause 2.
Cause 2: Faulty Third-Party Minifilter Driver
Antivirus, backup tools, and security software often register their own minifilter drivers. Symantec Endpoint Protection, McAfee, Carbon Black, and certain backup agents are repeat offenders. The driver allocates a buffer too small for the file name info it gets from FltGetFileNameInformation. You'll know it's this if the error happens only when a specific app runs.
Fix: Identify and Disable the Offending Driver
Open an admin Command Prompt and list all registered minifilter drivers:
fltmc filtersLook for non-Microsoft entries. The typical ones are Symantec, McAfee, CarbonBlack, Veeam, Acronis. To disable one temporarily:
fltmc unload <driver_name>For example:
fltmc unload symantecIf the error stops, you've found the problem. Permanent fix: update or uninstall the offending software. Don't bother with a simple reinstall — the driver version is the issue.
Cause 3: File System Metadata Corruption
Less common but real: NTFS metadata corruption messes up the buffer size calculation. This shows up mostly after an unclean shutdown or disk errors. The error will happen randomly across different apps, not tied to one driver.
Fix: Run CHKDSK with /f
From an admin Command Prompt:
chkdsk C: /f /rYou'll need to schedule it for next reboot. Answer Y, then reboot. Let it run — can take hours on large drives. After it finishes, run a System File Checker scan just to be safe:
sfc /scannowIf both pass and the error persists, it's likely Cause 1 again but with a deeper registry corruption. That's when you restore the registry from a known-good backup. I keep a copy of the FltMgr key from a clean install for exactly this reason.
Quick-Reference Summary Table
| Cause | Primary Fix | Time to Resolve |
|---|---|---|
| Corrupt FltMgr registry key | Delete/recreate the key | 10-15 minutes |
| Bad third-party minifilter driver | Unload driver, update software | 30 minutes |
| NTFS metadata corruption | CHKDSK /f /r | 1-4 hours |
Was this solution helpful?