Actifile, when running with Data-In-Use Enable set to “on” installs a minifilter driver, in similar fashion to antivirus, EDR and other security agents.
For troubleshooting purposes it may be needed to unload the Actifile minifilter driver.
To disable the Actifile Minifilter, it does not have to be removed. Simply set Data-in-Use Enable to “off” and wait. You can accelerate the unloading of the driver by running the windows command “fltmc unload Actifile” (in an Administrator command window) or by running the PowerShell script Disable-Actifile.ps1 (or Kill-Actifile.ps1). The scripts require an elevated privilege.
Once the troubleshooting is complete, enable the Data-in-Use and run the PowerShell script Enable-Actifile.ps1.
The scripts are found under the Actifile installation directory (usually at C:\Program Files (x86)\Actifile Agent\Powershell Support Scripts).
Usage: For example, when trying to figure out performance issues when two security services interfere with each other. Disabling the driver allows the admin to locate the issue to the driver (data in use) – so a real time or behavioral security system (e.g. Threatlocker) is the cause or to the scanning (e.g. files are being locked as the Actifile scanner is trying to open them for analysis). If disabling the driver solves the issue – the problem is the former (whitelist Actifile, turn on learning mode, etc.). If disabling the driver doesn’t – the problem is the latter (whitelist Actifile with the EDR).