[Solved] Why Windows Defender Firewall stops with "The parameter is incorrect (ID 7024)" and how to fix it

In Windows 11 and Windows Server 2022,The Windows Defender Firewall service stops automaticallyAre you experiencing any problems?

Event viewerWhen you check,ID 7024 If the error "The parameter is incorrect" is recorded, it is caused by a Windows problem (enlarged registry).

This article explains the cause of this issue and how to fix it based on official Microsoft information.Special privilegesWe will explain the steps to repair it using the following in an easy-to-understand manner.

1. What happens and how to check it

If the following conditions apply, you are likely experiencing this issue:

• phenomenon: The Windows Defender Firewall service won't start or stops repeatedly.
• Supported OS: Windows 11, Windows Server 2022
• Event Log: The following error is recorded in the "System" log:

Source: Service Control Manager

Event ID: 7024

level: Error

Explanation: The Windows Defender Firewall service terminated with the following service-specific error:

The parameter is incorrect.

2. Cause: Registry bloat

The root cause of this error is that the following registry value, which stores the firewall settings, has become abnormally large (bloated).

• Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\AppCs
• Problem Value: DebugedLoopbackApps

If this value becomes too large, the service will fail to load when it starts, and will be forced to terminate with an error message saying "The parameter is incorrect." (Note: Even when viewing with the Registry Editor, the data may be too large to display (it will be blank).)

3. Solution: Delete the value with system privileges

The solution is this bloated DebugedLoopbackApps The solution is to delete the value (it's okay to delete it, as the OS will automatically recreate it when needed).

However, this place isCannot be deleted with normal administrator privilegesTherefore, you must use the tools provided by Microsoft to work with "SYSTEM privileges."

Advance preparation(Official tools and scriptsobtain）

If you operate the registry incorrectly, it may cause problems such as the system being unable to start. Please make a backup in advance using system restore or similar, and proceed at your own risk.

• How to create and restore a system restore point
• How to open and back up the Registry Editor
• Windows 11/10 Registry Basics: Concept, How to Open, and Internal Structure
• How to Take Ownership and Change Permissions in Windows 11 Registry
  

Acronis True Image 2025 (perpetual version) 1PC

To avoid panicking if your PC suddenly breaks down, it's a good idea to have a standard backup software to protect your important photos and data.

View on Amazon

Pochip

1.Download PSTools: Official Microsoft PsExec – Sysinternals site から PSTools.zip Download and solve it.

C:\temp\PSTools (Please place it directly under the C drive.tempPlease create a folder.)

2.Prepare the permission change script: Script to change the registry owner (ChangeOwnerAppCs.ps1 と RevertOwnerAppCs.ps1) C:\temp will be prepared.

Make sure you display the file extension first.How to display file extensions

Obtaining the permission change script

Download the necessary repair script from the Microsoft support blog.

1. Open the following link:
   • Official Microsoft blog:https://jpwinsup.github.io/blog/2025/11/18/Networking/Firewall/firewall-service-parameter-incorrect-error-repeated-termination/
2. Download the following two files from the links on the page:C:\temp Save to.
   • ChangeOwnerAppCs.txt
   • RevertOwnerAppCs.txt
3. Saved filesExtension .txt から .ps1 change to international success.
   • ChangeOwnerAppCs.ps1
   • RevertOwnerAppCs.ps1

*Addendum (2025/11/21): How to post scripts When the article was first published, the script code was posted as is for convenience, but to avoid copyright risks and provide information in a more appropriate format,The link has been corrected to "Link to official blog."

(If you have already used the code, please rest assured that there will be no problems with the operation of the script itself.)

2025/11/22 Update:[Technical explanation] What does this script do?

These two scripts provided by Microsoft do not simply manipulate the registry, but call APIs deep within Windows to perform "forced privilege exercise." We will explain specifically what process is performed.

1. Common process: Enabling privileges (RtlAdjustPrivilege)

[Win32Api.NtDll]::RtlAdjustPrivilege(9, ...) The line that says "privilege" is where the privilege is enabled. The number specified here 9 is an internal Windows code. SeTakeOwnershipPrivilege(Privilege to Acquire Ownership) By forcibly enabling (ON) this powerful privilege, which is normally turned off, you are preparing to rewrite the "ownership" of the registry key for which access is denied.

2. ChangeOwnerAppCs.ps1(Seizure of ownership)

This script breaks and opens the "lock" in the following three steps:

1. Change Owner: First, change the "Owner" of the registry key to the current NT SERVICE\mpssvc(the internal name of the firewall service) toAdministratorsForced change to (Administrator group) international success.
2. Grant Full Control: Now that you are the owner, you can change the permissions, so grant yourself (Administrators) "Full control (free reading and writing)" permissions.
3. result: This allows you to reg delete You can now delete it using the command.

3. RevertOwnerAppCs.ps1(Restore Permissions) behavior

A script to restore security after the work is done.

1. SDDL definition: O:SYG:SYD:PAI... This code-like string (SDDL) defines the "original correct security settings."
2. Restore Owner: Ownership again NT SERVICE\mpssvc and revert the access permissions to their original strict state.

This allows us to get the job done safely without having to lower the security level of our firewall.

Procedure

2025/11/21 Update:A batch file that automatically performs the following steps:is created.

1. Right-click the Start button > Click "Terminal (Admin)" to open PowerShell, and run the following command to navigate to the PSTools folder.

cd C:\temp\PSTools

2. Run the following command Start PowerShell with SYSTEM privileges international success.

.\psexec.exe -s -i powershell.exe

If you are running PsExec for the first time, the following screen will appear and you will need to agree to the PsExec license agreement. Click "Agree."

This will open a new PowerShell window.

3. In a new PowerShell windowEnter and run the following commands in order:and delete and repair the registry.

• 1.Set-ExecutionPolicy bypass -Scope Process -Force
  • Explanation:Enable temporary script execution policy (allowed only while the current PowerShell window is open).
• 2.C:\temp\ChangeOwnerAppCs.ps1
  • Explanation:Change the owner of the registry key (so that it can be deleted):
• 3.reg export "HKLM\System\CurrentControlSet\Services\mpssvc\Parameters\AppCs" fw.reg
  • Explanation:Back up your current key.
• 4.reg delete "HKLM\System\CurrentControlSet\Services\mpssvc\Parameters\AppCs" /v DebugedLoopbackApps /f
  • Explanation:Delete the offending registry value.
• 5.C:\temp\RevertOwnerAppCs.ps1
  • Explanation:Change the owner of the registry key back.

4.Restart your PCAfter restarting, if the Windows Defender Firewall service is "Running" normally, the repair is complete.

Windows Defender Firewall Repair Tool (Batch File)

Please perform the above preparations before proceeding.

Instructions:

1. Copy the code below and paste it into notepad.Fix_Firewall_Error7024.batSave it with a name such as (extension ".bat").

Please save it with the character code "ANSI".Save with character code "ANSI"

@echo off
setlocal

:: ========================================================
::  Windows Defender Firewall 修復ツール
:: ========================================================

:: --- 1. 固定パスの定義 ---
set "WorkDir=C:\temp"
set "PsExecPath=%WorkDir%\PSTools\PsExec.exe"
set "ScriptChange=%WorkDir%\ChangeOwnerAppCs.ps1"
set "ScriptRevert=%WorkDir%\RevertOwnerAppCs.ps1"
set "BackupFile=%WorkDir%\fw_backup.reg"

:: --- 2. 必須ファイルの存在チェック ---
if not exist "%PsExecPath%" goto :Error_PsExec
if not exist "%ScriptChange%" goto :Error_Change
if not exist "%ScriptRevert%" goto :Error_Revert

:: --- 3. 管理者権限の確認と自動昇格 ---
openfiles >nul 2>&1
if %errorlevel% neq 0 (
    echo.
    echo [info] 管理者権限が必要です。
    echo UACプロンプトが表示されたら「はい」を選択してください...
    echo.
    powershell -Command "Start-Process '%~f0' -Verb RunAs"
    exit /b
)

:: --- 4. SYSTEM権限チェックと自己昇格 ---
whoami | find /i "system" >nul
if %errorlevel% neq 0 (
    echo.
    echo [info] SYSTEM権限で新しいウィンドウを開きます...
    echo.
    "%PsExecPath%" -s -i -accepteula -w "%WorkDir%" cmd.exe /k ""%~f0""
    exit /b
)

:: ========================================================
::  ここから先は SYSTEM 権限（C:\temp）で実行されます
:: ========================================================

echo.
echo === 修復プロセスを開始します (SYSTEM権限) ===
echo 作業ディレクトリ: %CD%
echo.

:: --- 5. 権限変更を実行 ---
echo 1. レジストリキーの権限を変更しています...
echo    実行中: ChangeOwnerAppCs.ps1

powershell -NoProfile -ExecutionPolicy Bypass -File "%ScriptChange%"

if %errorlevel% neq 0 goto :Error_Perm
echo [成功]


:: --- 6. バックアップと削除 ---
set "RegKeyPath=HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\AppCs"
set "TargetVal=DebugedLoopbackApps"

echo.
echo 2. 現在のレジストリをバックアップしています...
reg export "%RegKeyPath%" "%BackupFile%" /y

echo.
echo 3. 問題の値を削除しています...
reg delete "%RegKeyPath%" /v "%TargetVal%" /f

:: エラーレベルを保存
set "DeleteResult=%errorlevel%"

:: 分岐処理（カッコを使わない方式に変更）
if %DeleteResult% EQU 0 goto :Success_Delete
if %DeleteResult% EQU 1 goto :Skip_Delete

:Error_Delete
echo.
echo [エラー] 削除に失敗しました。
echo アクセスが拒否されたか、予期せぬエラーです。
echo 念のため、権限を元に戻す処理に進みます。
goto :Revert

:Skip_Delete
echo.
echo [情報] 削除対象の値が見つかりませんでした。
echo 既に削除されているか、存在しません。
echo 修復は不要な状態です。権限を元に戻す処理に進みます。
goto :Revert

:Success_Delete
echo.
echo [成功] 肥大化したレジストリ値を削除しました。
goto :Revert

:Revert
:: --- 7. 権限復元を実行 (共通ルート) ---
echo.
echo 4. 権限を元に戻しています...
echo    実行中: RevertOwnerAppCs.ps1

powershell -NoProfile -ExecutionPolicy Bypass -File "%ScriptRevert%"

echo.
echo [完了] すべての作業が完了しました。
echo.
echo PCを再起動して、ファイアウォールが正常か確認してください。
goto :End

:: --- エラーハンドリング ---
:Error_PsExec
echo [エラー] PsExec.exe が見つかりません。
echo 以下の場所に配置してください: %PsExecPath%
pause
exit /b

:Error_Change
echo [エラー] ChangeOwnerAppCs.ps1 が見つかりません。
pause
exit /b

:Error_Revert
echo [エラー] RevertOwnerAppCs.ps1 が見つかりません。
pause
exit /b

:Error_Perm
echo [失敗] 権限の変更スクリプトがエラーを返しました。
echo 処理を中断します。
pause
exit /b

:End
echo.
echo このウィンドウおよび初めに開いたウィンドウは手動で閉じてください。（×ボタンで閉じて構いません）

2. Created batch fileFix_Firewall_Error7024.batDouble-click to run it.

3. When the "User Account Control" message appears, click "Yes".

4. The process will begin.

[Complete] All work is complete. Restart your PC and check if the firewall is working properly. Please manually close this window and the first window that opened. (You can close them by clicking the × button.)

When this message appears, close both Command Prompt windows and restart your PC.

5. After restarting, if the Windows Defender Firewall service is "Running" normally, the repair is complete.

Summary and points to note

• Windows 11 users: This problem (bloat problem) itself has already been fixed in Windows 11. Once you delete it using this procedure,It will not recur.
• For Windows Server 2022 users: If the problem is not fundamentally fixed, it may recur, and you will need to follow the same steps to remove it again.

If the firewall is disabled, not only will your security risk increase, but related features such as Microsoft Store updates may also stop working. If you are experiencing this error, we recommend that you take action as soon as possible.

[Reference/Information Source]

Microsoft Japan Windows Technology Support Blog:
The Windows Defender Firewall service repeatedly terminates with the error "The parameter is incorrect"