2 Replies Latest reply: Sep 27, 2011 11:16 PM by Hayton RSS

    SVCHOST.exe unsigned code

    Greens

      I've been having problems with WFP errors for quite some time and have been active on the long thread on it.  Around Sept. 22 I stopped getting the WFP errors on shut down but a new problem developed at that time.  I mentioned it in a post on the other thread and read that another person has a similar issue.  Don't know if this problem is related to the other issues or not so I thought I'd try a new thread.  On start up, I am now getting the following note in the event log:  "**\SVCHOST.Exe pid (1660) contained an unsigned or corrupted code and was blocked from performing a privileged operation with a McAfee driver".  From what I can tell, McAfee and everything else is working ok. The pid number varies.  Anything to be concerned about?

        • 1. Re: SVCHOST.exe unsigned code
          mattpollard

          I had been receiving "516 errors" multiple times daily, but yesterday for the first time I got the same error you are reporting - 514 error - only difference is the PID number on mine was 1244.

          • 2. Re: SVCHOST.exe unsigned code
            Hayton

            I wonder ....

             

            I found a McAfee Corporate KnowledgeBase article about this (or a similar) issue. It's at https://kc.mcafee.com/corporate/index?page=content&id=KB71083

            and relates to a different McAfee product, but the 516 issue occurs there too.

             

            The first two scenarios relate to 3rd-party applications and libraries :

            • Third-party application (hook) scenario
              Occurs when third-party applications "hook" or "inject" their code into McAfee processes to provide functionality. McAfee does not trust these third-party programs and generates the event to inform the administrator that the McAfee process may be compromised.
            • Third-party libraries scenario
              Occurs when the McAfee Agent loads for critical portions of the encryption and updating functions. These libraries (cryptocme2.dll or ccme_base.dll) do not contain a necessary McAfee signature required for inspection by VSE 8.8.

             

            The third scenario is rather different. I don't think the MSI.DLL suggestion is relevant (I read the Microsoft KB article and it doesn't look as if it applies) but the basic issue may be that some certificates are missing from your certificate store. If so that would be a very obscure cause.

             

            • Microsoft Certificate Stores need updating
              The issue can be caused by Microsoft DLLs for which there is no corresponding certificate (this has been noted with MSI.dllfrom the MSI Installer 4.5.6001.22159).

            Solution 3

            Microsoft Certificate Stores need updating

            To address this issue with regard to MSI.DLL, see Microsoft KnowledgeBase article http://support.microsoft.com/kb/972397. In addition to the files listed, the related fix also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

            For additional technical information about how Windows updates root certificates in Windows XP SP2 and SP3, see Microsoft TechNet article http://technet.microsoft.com/en-us/library/bb457160.aspx.

            For detailed technical information about how Windows updates root certificates in Windows Vista and later, see Microsoft TechNet article http://technet.microsoft.com/en-us/library/cc749331(WS.10).aspx.

             

             

            Message was edited by: Hayton on 28/09/11 05:16:26 IST