How to gather some information that might help below. All steps should be on the system running FIM/the LEM Agent.
- Open a command prompt as an administrator
- Run FLTMC, get the results (screenshot)
- Run TASKLIST, get the results
- Run VERIFIER (Details on verifier are here: https://support.microsoft.com/en-us/kb/244617 )
- Create custom settings
- Enable Special Pool, Pool Tracking, I/O Verification, IRP Logging and Miscellaneous Checks
- Choose to select driver names from a list
- Pick the swfsfltr.sys driver, click FINISH
- THE SYSTEM WILL NEED TO REBOOT
After the reboot, you can re-run VERIFIER and see the state of the FIM driver on the desktop. Was it "Unloaded" or "Never Loaded"?