Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2968 Views 2 Replies Latest reply: Sep 27, 2011 11:03 PM by Hayton RSS
Greens Newcomer 53 posts since
Feb 1, 2008
Currently Being Moderated

Sep 27, 2011 9:44 AM

SVCHOST.exe unsigned code

I've been having problems with WFP errors for quite some time and have been active on the long thread on it.  Around Sept. 22 I stopped getting the WFP errors on shut down but a new problem developed at that time.  I mentioned it in a post on the other thread and read that another person has a similar issue.  Don't know if this problem is related to the other issues or not so I thought I'd try a new thread.  On start up, I am now getting the following note in the event log:  "**\SVCHOST.Exe pid (1660) contained an unsigned or corrupted code and was blocked from performing a privileged operation with a McAfee driver".  From what I can tell, McAfee and everything else is working ok. The pid number varies.  Anything to be concerned about?

  • mattpollard Newcomer 15 posts since
    Aug 5, 2011
    Currently Being Moderated
    1. Sep 27, 2011 1:51 PM (in response to Greens)
    Re: SVCHOST.exe unsigned code

    I had been receiving "516 errors" multiple times daily, but yesterday for the first time I got the same error you are reporting - 514 error - only difference is the PID number on mine was 1244.

  • Hayton Volunteer Moderator 4,601 posts since
    Sep 27, 2010
    Currently Being Moderated
    2. Sep 27, 2011 11:16 PM (in response to mattpollard)
    Re: SVCHOST.exe unsigned code

    I wonder ....

     

    I found a McAfee Corporate KnowledgeBase article about this (or a similar) issue. It's at https://kc.mcafee.com/corporate/index?page=content&id=KB71083

    and relates to a different McAfee product, but the 516 issue occurs there too.

     

    The first two scenarios relate to 3rd-party applications and libraries :

    • Third-party application (hook) scenario
      Occurs when third-party applications "hook" or "inject" their code into McAfee processes to provide functionality. McAfee does not trust these third-party programs and generates the event to inform the administrator that the McAfee process may be compromised.
    • Third-party libraries scenario
      Occurs when the McAfee Agent loads for critical portions of the encryption and updating functions. These libraries (cryptocme2.dll or ccme_base.dll) do not contain a necessary McAfee signature required for inspection by VSE 8.8.

     

    The third scenario is rather different. I don't think the MSI.DLL suggestion is relevant (I read the Microsoft KB article and it doesn't look as if it applies) but the basic issue may be that some certificates are missing from your certificate store. If so that would be a very obscure cause.

     

    • Microsoft Certificate Stores need updating
      The issue can be caused by Microsoft DLLs for which there is no corresponding certificate (this has been noted with MSI.dllfrom the MSI Installer 4.5.6001.22159).

    Solution 3

    Microsoft Certificate Stores need updating

    To address this issue with regard to MSI.DLL, see Microsoft KnowledgeBase article http://support.microsoft.com/kb/972397. In addition to the files listed, the related fix also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

    For additional technical information about how Windows updates root certificates in Windows XP SP2 and SP3, see Microsoft TechNet article http://technet.microsoft.com/en-us/library/bb457160.aspx.

    For detailed technical information about how Windows updates root certificates in Windows Vista and later, see Microsoft TechNet article http://technet.microsoft.com/en-us/library/cc749331(WS.10).aspx.

     

     

    Message was edited by: Hayton on 28/09/11 05:16:26 IST

    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points