Showing results for 
Show  only  | Search instead for 
Did you mean: 

svchost.exe WRITE_DENIED event

Hi,  this event is repeatedly being generated on a single endpoint daily.

Event Display Name File Write Denied

Event File Name C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Event Id 20719


Event Seq No 283,127

Generated by an Updater No

Generated in an Update Window No

Object Name C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb


Process ID 1892

Program Name C:\Windows\System32\svchost.exe

Reason McAfee Application Control prevented an attempt to modify this file because this file is whitelisted. To make changes to whitelisted files, define a policy with the relevant rules.


Any thoughts on how to eliminate something like this that's only impacting 1 of thousands of devices?  Rebuilding the machine is not an option.

ePO v4.6

MAC v6.1.0.662


Thanks in advance!


1 Reply

Re: svchost.exe WRITE_DENIED event

Hi infosecadmin,

Is this there an impact on the endpoint? It could be you just need to filter this event and ignore it. Also, is this file, catdb, located on those other 1000 machines you mention? It could be malicious adn App Control is doing exactly what it's suppsoed to be doing. If you know this file is safe and should be trying to do what it is doing you could just put the system in Update Mode and resolidify the drive. One thing I have run into that is supposed to be fixed with version 6 I believe (which I see you have), is if you make a change to a program that is currently running in memory a service restart or a reboot is necessary for App Control's MP (memory protection) to kick in. Good luck!



You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community