VSTSKMGR.EXE could not be successfully validated with the mfevtp service and was blocked from performing a privileged operation with a McAfee driver.
Windows 2003 R2 SP2
McAfee VirusScan 8.8
McAfee Agent 4.0.0
McAfee ePO 4.6
One server in a group of three (all subject to the same tasks and policies) seems to be getting the following error in the Windows Event Viewer System log every two minutes or so:
Event Type: Warning
Event Source: mfehidk
Event Category: (256)
Event ID: 519
Process **\VSTSKMGR.EXE pid (2668) could not be successfully validated with the mfevtp service and was blocked from performing a privileged operation with a McAfee driver.
0000: 00 00 00 00 03 00 58 00 ......X.
0008: 00 01 00 00 07 02 00 81 .......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Looking at the server we found client tasks were not displayed in McAfee VirusScan (even though some, such as deploying VirusScan, were working) and so we removed the system from ePO, all the McAfee software (including agent) from the server, then re-added it in ePO and deployed everything to it again. Now the tasks are showing correctly again but tthe error is still occuring.
All three servers serve similar functions (file sharing, DNS, AD, etc.) but only this one is having problems. I am not aware of any task (Windows or McAfee) scheduled for every two minutes. The shortest task is policy enforcement which is every five.
When this error starts occuring we also find that attempts to connect by RDP, or even via the console, lead to errors. We resolved this once with a reboot, but the problem has reoccured several days later. This time I had a locked session on the server which continues to operate fine.
Message was edited by: Quitch on 23/08/11 14:50:35 IST
EDIT: After 2 hours the errors have just stopped. I can't see why.
Message was edited by: Quitch on 23/08/11 15:36:24 IST