> So why not manage and migrate *all* bindings (including LWFs) in that operation?
NetCfg won’t let you remove WFP_Lower, if I recall correctly. The INetCfgBindingPath::Enable call will appear to succeed, but not actually remove it. This and nwifi are hardcoded, the first for security and the second because MUX drivers designed for XP would get horribly confused if they blindly removed nwifi.
WFP_Lower doesn’t even look at the datapath, by default. Perhaps you’ve installed some third party software that includes a WFP callout? If you look at !ndiskd.filter on a default OS configuration, you can see that the filter’s datapath is in “bypass mode”, which means that NDIS doesn’t even let the filter see the packets. If WFP_Lower is dropping packets, then somehow your system is not in that default configuration.
0: kd> !ndiskd.filter ffffe00123ea9c70
FILTER
Microsoft Virtual Ethernet Adapter (NDIS 6.30)-WFP Native MAC Layer LightWeight Filter-0000
State Running
Datapath Bypass mode