0X80320007

FWP_E_SUBLAYER_NOT_FOUND (0x80320007) Fix Guide

Windows Errors Intermediate 👁 0 views 📅 Jun 9, 2026

Windows Filtering Platform error when a sublayer is missing. Usually hits after a firewall app uninstall or registry corruption. Fix in under 15 minutes.

What's happening with FWP_E_SUBLAYER_NOT_FOUND

This error code, 0x80320007, comes from the Windows Filtering Platform (WFP). It's the kernel-level system that manages network filtering — firewall rules, IPsec, connection security. When some app or driver tries to reference a specific sublayer (a named container for filtering rules) and that sublayer isn't registered in the WFP database, you get this error.

Real-world trigger: You just uninstalled a third-party firewall (like ZoneAlarm, Comodo, or Norton) or a VPN client that installed its own WFP callout drivers. The uninstaller deleted the sublayer entry but left a reference behind in the registry or in a service. Or, a Windows update borked the WFP sublayer store — I've seen this on Windows 10 20H2 and Windows 11 22H2 after a feature update hiccup.

The sublayer is stored in two places: the WFP state store (run-time, in memory) and the registry under HKLM\SYSTEM\CurrentControlSet\Services\WFP\Sublayers. The run-time store loads at boot from the registry. If the registry key is missing or corrupted, the sublayer won't exist for WFP to find. That's the core issue.

Fix 1: Reset WFP state via netsh (30 seconds)

This is the fastest check. netsh wfp can reset the WFP state back to defaults. It doesn't require a reboot in most cases.

  1. Open an elevated Command Prompt (right-click Start → Command Prompt (Admin) or Terminal (Admin)).
  2. Run this command:
netsh wfp set reset

This flushes the current run-time WFP sublayer cache and reloads it from the registry. If the registry is intact, it'll recreate any missing sublayers from default Windows entries. The command prints Ok. if it worked.

  1. Then run this to reapply the base firewall policy:
netsh advfirewall reset

That restores the Windows Firewall to its default rules, which includes all built-in sublayers (like FWPM_SUBLAYER_INSPECT and FWPM_SUBLAYER_IPSEC).

If the error was triggered by a corrupted run-time store only, this fix works instantly. Try the failing operation again — if the error's gone, you're done. If not, move to Fix 2.

Fix 2: Repair WFP via DISM and SFC (5 minutes)

If the registry entries themselves are damaged or missing, the reset command above won't help. The real fix is repairing the system files that manage the registry keys for WFP sublayers.

The sublayer registry keys are written by the WFP service (BFE — Base Filtering Engine) during boot. If the service's files are corrupted, it won't create the right sublayers.

  1. Open an elevated Command Prompt.
  2. First, run DISM to fix the component store:
DISM /Online /Cleanup-Image /RestoreHealth

This takes a few minutes. It checks the Windows image against known good files (from Windows Update or local source) and replaces any corruption. I've seen DISM fix missing WFP sublayer registry keys — the reason is that DISM repairs the registry hive files (.hiv) in C:\Windows\System32\config where the WFP sublayer data lives.

  1. After DISM completes, run SFC to check system files:
sfc /scannow

SFC specifically checks bfe.dll, fwpuclnt.dll, and other WFP-related files. If any are corrupted, it replaces them from the WinSxS backup.

  1. Reboot. The BFE service will recreate the sublayer registry entries from the repaired files.

Test your failing application. If the error persists, the registry likely has orphaned or missing sublayer entries that need manual restoration.

Fix 3: Manual registry restore of missing sublayers (15+ minutes)

This is the nuclear option — you're editing the WFP sublayer registry directly. Only do this if the first two fixes failed and you're comfortable with regedit. A wrong edit can break network connectivity.

What's actually happening here is that the sublayer GUID ({e10f6b3b-123b-4c2a-8a0a-2b3c4d5e6f7g} or similar) is missing from the registry. You need to find the exact GUID your error references, then recreate the key.

  1. Get the exact sublayer GUID from the error message. If the error is just the code, run this in an elevated Command Prompt to see the WFP sublayer list:
netsh wfp show state

This outputs a huge XML. Look for the sublayer that might be referenced — search for subLayer tags. The GUID is in the subLayerKey attribute. If you know which app caused the error, you can grep for its name in the XML output.

  1. Open regedit (regedit.exe). Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WFP\Sublayers
  1. Compare the GUIDs here with the one from the netsh output. The missing one won't appear in the registry. You need to recreate it.
  2. You can export a known-good sublayer key (like the default built-in ones) as a .reg file, then edit the GUID to match the missing one. But the easier approach: use a known-working backup from a healthy Windows machine.

If you have access to another machine with the same Windows version (10 or 11, same build), export the entire WFP\Sublayers key from that machine. Transfer the .reg file to your broken machine and double-click it to merge. This adds all missing sublayers without removing existing ones.

If you don't have a second machine, you can use the Windows 10/11 default sublayer set. The built-in WFP sublayers are documented by Microsoft — you can manually recreate them by creating a new key under Sublayers with the correct GUID as the key name, then adding these REG_DWORD values:

  • Flags = 0
  • Reserved = 0
  • Weight = 7 (or whatever the default for that sublayer)

The critical piece: the name value (REG_SZ) must match the official sublayer name, e.g., FWPM_SUBLAYER_INSPECT. If the name doesn't match, the BFE service ignores it.

After adding the key, reboot. The error should vanish.

Heads-up: If you mess up the GUID or name, the BFE service won't load the sublayer. Check the System Event Log for BFE errors (Event ID 5 or 6). If you see them, delete the sublayer key you added and try again with the correct values.

When none of these work

If you've tried all three and the error still shows, the problem is likely deeper — maybe a corrupted BFE service itself. Try an in-place Windows upgrade (install the same version of Windows over itself). That rebuilds the entire WFP stack from scratch without losing apps or data. It's a pain, but it's the last resort before a clean install.

Was this solution helpful?

FWP_E_SUBLAYER_NOT_FOUND 0x80320007 Windows Filtering Platform error sublayer does not exist WFP sublayer missing firewall error Windows 10 netsh wfp show reset WFP sublayers repair Windows Filtering Platform fix 0x80320007 sublayer registry fix Windows security service error WFP corruption fix firewall driver error Windows 11 FWP error