cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
delclemons
Level 7
Report Inappropriate Content
Message 1 of 17

MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Well, today while checking my event logs, I discovered something related to this issue.   My desktop and laptop were both updated on December 12 to build 11.0.649 of version 11.0 McAfee Security Center.   Subsequent to the update, each time my computer is booted up, there is a cautionary entry in the event log as follows:

Event Type: Warning

Event Source: mfehidk

Event Category: (256)

Event ID: 516

Date:  12/30/2011

Time:  7:16:47 AM

User:  N/A

Computer: C-4550-A

Description:

Process **\SVCHOST.EXE pid (1460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Data:

0000: 00 00 00 00 03 00 58 00   ......X.

0008: 00 01 00 00 04 02 00 81   .......

0010: 00 00 00 00 00 00 00 00   ........

0018: 00 00 00 00 00 00 00 00   ........

0020: 00 00 00 00 00 00 00 00   ........

m-m-m-m-m??????    such entries were never recorded prior to the December 21 update of McAfee Security Center.    Now what is going on here?

Message was edited by: Ex_Brit on 30/12/11 5:36:21 EST PM
16 Replies
Del_Piero
Level 7
Report Inappropriate Content
Message 2 of 17

Re:MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Keep up the good work delclemons!

Check this link http://www.file.net/process/mfehidk.sys.html

Message was edited by: Del_Piero on 12/30/11 3:16:17 PM CST

Message was edited by: Ex_Brit on 30/12/11 5:37:13 EST PM

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

We generate this event when one or more DLLs loaded by the mentioned process are from a third-party vendor (not McAfee or Microsoft) and contain untrusted code. SVCHOST usually hosts the 3rd party processes. If trusted and untrusted codes is run in the same instance of SVCHOST, this event would be logged to inform you so you can investigate.

What I would do is install Process Explorer from Sysinternals. When you boot, find the event and look for the Process ID section of the event (Process **\SVCHOST.EXE pid (1460)). Then in PE find the process with the noted PID, right click and you will be able to see any 3rd party code using the process. Then investigate each of these companies to see if they are legitimate.

This is really a completely different topic and should be seperated from this thread. I'd be happy to help you figure it out.

It appears my permissions are that of a non-employee so I will have to hope a mod can do this for me.

DR

Message was edited by: Ex_Brit on 30/12/11 5:37:41 EST PM
delclemons
Level 7
Report Inappropriate Content
Message 4 of 17

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Doug

I have process Explorer already installed and will investigate.    Thank you for your suggestions.   I am a bit perplexed though......why this started following the security center update on December 21???   No other modifications were made and must be somehow related to the update.

Delbert

Message was edited by: Ex_Brit on 30/12/11 5:38:01 EST PM

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Folks I've given you your own thread for this issue.  Hopefully someone will answer on Monday.

Message was edited by: Ex_Brit on 31/12/11 7:36:39 EST PM
delclemons
Level 7
Report Inappropriate Content
Message 6 of 17

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

I've spent the last two days monitoring the event logs and  watching the Process ID section of the event (Process **\SVCHOST.EXE pid.  The code using the process has always been verified by Mcrosoft!!!!     Once again, this is just another issue that has cropped up on my computers following the December 21 update to build11.0.649 of McAfee Security Center.  The event always appears after using Windows Update, Malwarebytes update or Java Update.

McAfee has done something to THEIR code that has created this new event.

I was one of the "victims" of the DAT update about a year ago that went sour before it was DISCOVERED causing one of my desktops to crash.    I had to reinstall my OS following that experience.   Yes, McAfee gave me another 24 months of free subscription to compensate, but, do I need to continually have problems with this "buggy" software???    Please, what is going on?    I've used McAfee exclusively since 1997 on my computers when I was running Windows 95!!

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

I'm hoping Doug will chime in here as I'm in the fog when it comes to these things.

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

It is a harmless event. It existed before the update as well. I can find some old event logs for you if you like. We are simply telling you that a process on your PC is not trusted. If it were malicious we would quarantine it. If you would like next week I can set up a time to do a remote session and take a look to see if everything is alright.

Regards,

delclemons
Level 7
Report Inappropriate Content
Message 9 of 17

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

>>>

It is a harmless event. It existed before the update as well. I can find some old event logs for you if you like. We are simply telling you that a process on your PC is not trusted. If it were malicious we would quarantine it. If you would like next week I can set up a time to do a remote session and take a look to see if everything is alright.<<<<

Thank you for your offer Doug, but, I DO NOT allow any tech support access to anything on my computers.   I just have this thing about it and am pretty proficient in handling the technical things myself.   It is just frustrating to have a nice "clean" event log for so long with no problems and then, bingo......here comes McAfee with these warnings.   I just like to know what is going on "inside" my computer and monitor all aspects daily.

Cheers,

Delbert

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Ok well I thought i would offer. I will see if there is another way to do it hands off. I know of one method, but need to write out the instructions.

Regards,

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community