2 Replies Latest reply on Oct 3, 2012 4:18 AM by mcdave Branched from an earlier discussion.

    mcshield - event id 522, category 256

    redrum

      I have the same here with concerning mfehidk. The event is like this:

       

      EventId: 522

      Source: mfehidk

      Category: (256)

      Description: Process **\SVCHOST.EXE pid(892) could not be successfully validated with the mfevtp service and would have been blocked from performing a privileged operation with a Mcafee driver if enforcement was enabled.

       

      I think this is connected with a mfe6 memory pool tag, that dramatically consumes and exhausts the nonpaged pool and raises also the 5020 event, not allowing new connections to the server service. The server is a file server, so all shared resources become unaccessible until restart.

       

      The server is a Windows 2003 R2 Standard installation, acts as ePO secondary repository, with ePO Agent Handler 4.6.3 installed (updated from 4.6.1), and the latest Viruscan 8.8 Patch 2 (updated from 8.7) and HIP 8.0 Patch 2 (updated from 7.0) don't solved the problems with this drasticall nonpaged memory pool consume.Server is using IPsec to secure connections with CIFS protocol from the rest of the domanin computers.

       

      I can't determine wich mfe* driver is using this pool tag, but after this event 522 i'm thinking that the problem is the mfehidk driver.

        • 1. Re: mcshield - event id 522, category 256
          Peacekeeper

          As this is a corporate product I have moved it to a hopefully better forum.

          • 2. Re: mcshield - event id 522, category 256
            mcdave

            same issue here after installing VSE8.8 Patch 2 on a windows XP client (that had 519 events in Category (256) before which are now gone)

             

            Event Type:    Warning

            Event Source:    mfehidk

            Event Category:    (256)

            Event ID:    522

            Date:        10/3/2012

            Time:        6:34:27 AM

            User:        N/A

            Computer:    xxx

            Description:

            Process **\SVCHOST.EXE pid (888) could not be successfully validated with the mfevtp service and would have been blocked from performing a privileged operation with a McAfee driver if enforcement was enabled.

            Data:

            0000: 00 00 00 00 03 00 58 00   ......X.

            0008: 00 01 00 00 0a 02 00 81   .......

            0010: 00 00 00 00 00 00 00 00   ........

            0018: 00 00 00 00 00 00 00 00   ........

            0020: 00 00 00 00 00 00 00 00   ........

             

             

            this happens after and between masses of 333 events (Application Popup)

            Event Type:    Error

            Event Source:    Application Popup

            Event Category:    None

            Event ID:    333

            Date:        10/3/2012

            Time:        6:34:15 AM

            User:        N/A

            Computer:    xxx

            Description:

            An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system's image of the Registry.

             

            For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

            Data:

            0000: 00 00 00 00 01 00 6c 00   ......l.

            0008: 00 00 00 00 4d 01 00 c0   ....M..À

            0010: 00 00 00 00 4d 01 00 c0   ....M..À

            0018: 00 00 00 00 00 00 00 00   ........

            0020: 00 00 00 00 00 00 00 00   ........