cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Greens
Level 9
Report Inappropriate Content
Message 1 of 3

SVCHOST.exe unsigned code

I've been having problems with WFP errors for quite some time and have been active on the long thread on it.  Around Sept. 22 I stopped getting the WFP errors on shut down but a new problem developed at that time.  I mentioned it in a post on the other thread and read that another person has a similar issue.  Don't know if this problem is related to the other issues or not so I thought I'd try a new thread.  On start up, I am now getting the following note in the event log:  "**\SVCHOST.Exe pid (1660) contained an unsigned or corrupted code and was blocked from performing a privileged operation with a McAfee driver".  From what I can tell, McAfee and everything else is working ok. The pid number varies.  Anything to be concerned about?

2 Replies

Re: SVCHOST.exe unsigned code

I had been receiving "516 errors" multiple times daily, but yesterday for the first time I got the same error you are reporting - 514 error - only difference is the PID number on mine was 1244.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: SVCHOST.exe unsigned code

I wonder ....

I found a McAfee Corporate KnowledgeBase article about this (or a similar) issue. It's at https://kc.mcafee.com/corporate/index?page=content&id=KB71083

and relates to a different McAfee product, but the 516 issue occurs there too.

The first two scenarios relate to 3rd-party applications and libraries :

  • Third-party application (hook) scenario
    Occurs when third-party applications "hook" or "inject" their code into McAfee processes to provide functionality. McAfee does not trust these third-party programs and generates the event to inform the administrator that the McAfee process may be compromised.
  • Third-party libraries scenario
    Occurs when the McAfee Agent loads for critical portions of the encryption and updating functions. These libraries (cryptocme2.dll or ccme_base.dll) do not contain a necessary McAfee signature required for inspection by VSE 8.8.

The third scenario is rather different. I don't think the MSI.DLL suggestion is relevant (I read the Microsoft KB article and it doesn't look as if it applies) but the basic issue may be that some certificates are missing from your certificate store. If so that would be a very obscure cause.

  • Microsoft Certificate Stores need updating
    The issue can be caused by Microsoft DLLs for which there is no corresponding certificate (this has been noted with MSI.dllfrom the MSI Installer 4.5.6001.22159).

Solution 3

Microsoft Certificate Stores need updating

To address this issue with regard to MSI.DLL, see Microsoft KnowledgeBase article http://support.microsoft.com/kb/972397. In addition to the files listed, the related fix also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For additional technical information about how Windows updates root certificates in Windows XP SP2 and SP3, see Microsoft TechNet article http://technet.microsoft.com/en-us/library/bb457160.aspx.

For detailed technical information about how Windows updates root certificates in Windows Vista and later, see Microsoft TechNet article http://technet.microsoft.com/en-us/library/cc749331(WS.10).aspx.

Message was edited by: Hayton on 28/09/11 05:16:26 IST

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community