2 Replies Latest reply on Jun 2, 2009 2:27 AM by Firewall-Joe

    HIPS blocking McAfee service...

    SergeM
      Amazing !

      Since I recently patched HIPS on our laptops I keep getting messages the HIPS is blocking something called mfevtps.exe.
      I got curious and suspicious, what could this be? Well see this about McAfee Validation Trust Protection Service.

      So it seems McAfee added a new module/service - which might be a good thing [tm] - but the new EXE keeps trying to reach the net, and get blocked all the time...

      Anyone know what we're supposed to do with this ? (I'm thinking of adding it to the allowed apps but what does it do?)

      Serge
        • 1. RE: HIPS blocking McAfee service...
          I called McAfee about the same thing - I was told it was related to the Artemis technology.

          I'm not 100% sure I believe that, however I did end up allowing that app to "call home".
          • 2. RE: HIPS blocking McAfee service...
            It has nothing to do with Artemis.

            Validation Trust Protection (VTP) ensures McAfee processes are secure against vulnerabilies that could be leveraged by an attacker to gain additional privileges on a system. VTP monitors privileges granted to McAfee drivers by the operating system kernel interface during code execution and ensures the validity of McAfee processes utilizing those drivers. Only processes that contain code signed by either McAfee or Microsoft will be trusted to utilize most aspects of McAfee drivers.

            It protects HIP drivers from attack and prevents them from being replaced thus giving malware an opening into the kernel.


            Joe