Well, today while checking my event logs, I discovered something related to this issue. My desktop and laptop were both updated on December 12 to build 11.0.649 of version 11.0 McAfee Security Center. Subsequent to the update, each time my computer is booted up, there is a cautionary entry in the event log as follows:
Event Type: Warning
Event Source: mfehidk
Event Category: (256)
Event ID: 516
Time: 7:16:47 AM
Process **\SVCHOST.EXE pid (1460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.
0000: 00 00 00 00 03 00 58 00 ......X.
0008: 00 01 00 00 04 02 00 81 .......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
m-m-m-m-m?????? such entries were never recorded prior to the December 21 update of McAfee Security Center. Now what is going on here?Message was edited by: Ex_Brit on 30/12/11 5:36:21 EST PM
Keep up the good work delclemons!
Check this link http://www.file.net/process/mfehidk.sys.html
Message was edited by: Del_Piero on 12/30/11 3:16:17 PM CSTMessage was edited by: Ex_Brit on 30/12/11 5:37:13 EST PM
We generate this event when one or more DLLs loaded by the mentioned process are from a third-party vendor (not McAfee or Microsoft) and contain untrusted code. SVCHOST usually hosts the 3rd party processes. If trusted and untrusted codes is run in the same instance of SVCHOST, this event would be logged to inform you so you can investigate.
What I would do is install Process Explorer from Sysinternals. When you boot, find the event and look for the Process ID section of the event (Process **\SVCHOST.EXE pid (1460)). Then in PE find the process with the noted PID, right click and you will be able to see any 3rd party code using the process. Then investigate each of these companies to see if they are legitimate.
This is really a completely different topic and should be seperated from this thread. I'd be happy to help you figure it out.
It appears my permissions are that of a non-employee so I will have to hope a mod can do this for me.
DRMessage was edited by: Ex_Brit on 30/12/11 5:37:41 EST PM
I have process Explorer already installed and will investigate. Thank you for your suggestions. I am a bit perplexed though......why this started following the security center update on December 21??? No other modifications were made and must be somehow related to the update.
DelbertMessage was edited by: Ex_Brit on 30/12/11 5:38:01 EST PM
Folks I've given you your own thread for this issue. Hopefully someone will answer on Monday.Message was edited by: Ex_Brit on 31/12/11 7:36:39 EST PM
I've spent the last two days monitoring the event logs and watching the Process ID section of the event (Process **\SVCHOST.EXE pid. The code using the process has always been verified by Mcrosoft!!!! Once again, this is just another issue that has cropped up on my computers following the December 21 update to build11.0.649 of McAfee Security Center. The event always appears after using Windows Update, Malwarebytes update or Java Update.
McAfee has done something to THEIR code that has created this new event.
I was one of the "victims" of the DAT update about a year ago that went sour before it was DISCOVERED causing one of my desktops to crash. I had to reinstall my OS following that experience. Yes, McAfee gave me another 24 months of free subscription to compensate, but, do I need to continually have problems with this "buggy" software??? Please, what is going on? I've used McAfee exclusively since 1997 on my computers when I was running Windows 95!!
I'm hoping Doug will chime in here as I'm in the fog when it comes to these things.
It is a harmless event. It existed before the update as well. I can find some old event logs for you if you like. We are simply telling you that a process on your PC is not trusted. If it were malicious we would quarantine it. If you would like next week I can set up a time to do a remote session and take a look to see if everything is alright.
It is a harmless event. It existed before the update as well. I can find some old event logs for you if you like. We are simply telling you that a process on your PC is not trusted. If it were malicious we would quarantine it. If you would like next week I can set up a time to do a remote session and take a look to see if everything is alright.<<<<
Thank you for your offer Doug, but, I DO NOT allow any tech support access to anything on my computers. I just have this thing about it and am pretty proficient in handling the technical things myself. It is just frustrating to have a nice "clean" event log for so long with no problems and then, bingo......here comes McAfee with these warnings. I just like to know what is going on "inside" my computer and monitor all aspects daily.
Ok well I thought i would offer. I will see if there is another way to do it hands off. I know of one method, but need to write out the instructions.