Since I recently patched HIPS on our laptops I keep getting messages the HIPS is blocking something called mfevtps.exe. I got curious and suspicious, what could this be? Well see this about McAfee Validation Trust Protection Service.
So it seems McAfee added a new module/service - which might be a good thing [tm] - but the new EXE keeps trying to reach the net, and get blocked all the time...
Anyone know what we're supposed to do with this ? (I'm thinking of adding it to the allowed apps but what does it do?)
Validation Trust Protection (VTP) ensures McAfee processes are secure against vulnerabilies that could be leveraged by an attacker to gain additional privileges on a system. VTP monitors privileges granted to McAfee drivers by the operating system kernel interface during code execution and ensures the validity of McAfee processes utilizing those drivers. Only processes that contain code signed by either McAfee or Microsoft will be trusted to utilize most aspects of McAfee drivers.
It protects HIP drivers from attack and prevents them from being replaced thus giving malware an opening into the kernel.