3 Replies Latest reply on Sep 6, 2015 10:01 PM by ruralgal089

    Automatic update failure: observations

    tzdvl

      Sorry for starting this new thread, but I have a couple of observations regarding the recent updating problem that I have not yet seen addressed.

      I have been patiently following the two recent relevant threads with interest, and while I appreciate the efforts of the programmers and beta testers to fix the problem, as well as the great communication by the moderators, the problem has not yet been fixed.

      Maybe this information might be helpful?

       

      I am running McAfee AntiVirus Plus with Windows 7 on a Dell XPS 8700 desktop (Intel i7 processor, 12GB RAM).

      Since August 14 have been experiencing the problem where the program will not update, with the perpetual "spinning gray circle" on first booting my system (or sometimes when bringing it out of sleep).

      In order to successfully update I must do each update manually, AND with Access Protection OFF.

       

      On August 23 my McAfee Security Center updated (initiated manually) from Build 14.0.4113 to Build 14.0.4119. I had hoped the issue would be fixed, but it's not.

      Yesterday, after running the MVT again (no problems found), I went through the process of uninstalling AntiVirus Plus, running MCPR, and reinstalling, but I got the "gray circle" again this morning.

       

       

      So... Observation #1:

       

      When I do open the AntiVirus Plus UI and attempt a manual update I get two DIFFERENT results, depending on whether I have Access Protection enabled or disabled.

       

      If Access Protection is On/ enabled, the process always finishes with the message: "McAfee cannot update your software. Please check your internet connection. If the problem continues, please contact Technical Support."

       

      If  Access Protection is Off / disabled, the process APPEARS to complete, with the message: "You currently have the latest updates available."

       

      BUT, as others have reported, the process completes VERY quickly, giving the impression that an update might not have actually occurred.

       

      In addition, after each manual update, the interface states that the next update is scheduled after ONLY 10 MINUTES.

      For instance, this morning I performed an update (AP off) at 7:57 AM, and the update completed showing the message Next check for updates: Wednesday, August 26, 2015 8:07 AM

       

      Is this normal, or to be expected after a SUCCESSFUL manual update?

       

       

      Observation #2:

       

      Since May 14, 2015, I have been consistently seeing specific Warning events in the System log in my Windows Event Viewer whenever the McAfee update process runs.

       

      Between  May 14 and August 13  I was experiencing no obvious problems with McAfee updates. The program was behaving and updating normally as far as I could tell.

       

      BUT - about twice daily, whenever McAfee updated, a Warning (Event ID: 516) was generated in the System log, similar to this:

       

      Log Name:      System

      Source:        mfehidk

      ate:          8/10/2015 7:13:52 PM

      Event ID:      516

      Task Category: (256)

      Level:        Warning

      Keywords:      Classic

      Description:      Process **\MCUPDA~1.EXE pid (3580) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

       

      As I said, the update process seemed to be working normally in spite of the warning message about "signed but untrusted code".

       

       

      NOW, Since August 14 there has been a change in the Warning (I believe August 14 was when the Security Center update to Build 14.0 4113 occurred?).

       

      I am now seeing a DIFFERENT Warning (Event ID: 512), now being logged twice daily:

       

      Log Name:      System

      Source:        mfehidk

      Date:          8/24/2015 7:53:01 AM

      Event ID:      512

      Task Category: (256)

      evel:        Warning

      Keywords:      Classic

      Description:      Process **\MCUPDA~1.EXE pid (6040) is not from a trusted source and was blocked from performing a privileged operation with a McAfee driver.

       

      Notice that this warning apparently states that the Mcafee updater was BLOCKED?

      It appears that, according to the logs, the McAfee updater has been consistently blocked twice daily since the August 14 program update.

       

       

      I can't believe that I am the only one seeing these "untrusted code" and "blocked" warnings in my Event Viewer logs, but I haven't seen any reference to this detail.

       

      I HAVE found a number of past threads (for various unrelated problems) referencing Event ID 516 "untrusted code" Warnings, related to "certificate mismatch", but there never seemed to be a definitive fix offered.

       

      I DID notice, however, that on August 23, right after my Security Center updated to Build 4119 (which generated the usual Application Information log AVLogEvent - Event ID 5008 "Content successfully updated")

      I saw that the VERY next Application log entry was:

       

      Log Name:      Application

      Source:        Microsoft-Windows-CAPI2

      Date:          8/23/2015 7:20:05 AM

      Event ID:      4111

      Task Category: None

      Level:        Information

      Keywords:      Classic

      Description:      Successful auto update of third-party root list with effective date: Thursday, July 23, 2015 7:16:35 PM.

       

      BOTH log entries had the same time stamp of 8/23/2015 7:20:05 AM, so I assumed that the "third-party root list" update occurred as part of the McAfee program update, and would fix the "not from a trusted source and was blocked from performing a privileged operation with a McAfee driver" glitch, and therefore fix the update problem.

       

      But next morning I saw the same update hang, and another associated "blocked" warning in the System log.

       

      I obviously don't really understand the arcane workings and interactions of "untrusted code", "third-party root certificates" and "certificate mismatches", or how they relate to software from Microsoft, McAfee and Intel,

      but might the information in the Warning logs being generated during each McAfee update attempt be relevant to the problem at hand?

       

      Thanks for any advice, and thanks again for your patience...

       

      Ken

        • 1. Re: Automatic update failure: observations
          gollyrojer

          Ken, when you refer to "the two recent relevant threads", would you please provide a link or means of identifying and locating them?  I am just now joining McAfee Community because of an entry in my Event Viewer, and your post came up in the results of my search.  So now, of course, I have no idea what threads you mean.

           

          To reassure you that you aren't the only one seeing the "untrusted" warning, here's mine:

          Process **\MCUPDA~1.EXE pid (408) is not from a trusted source and was blocked from performing a privileged operation with a McAfee driver.

          • 2. Re: Automatic update failure: observations
            tzdvl

            Sorry, I was in a bit of a hurry this morning!

            These are the two threads I've been following regarding the update problems:

             

            Total Protection not updating

             

            Automatic checking for updates at bootup stalls-W7

             

            Ken

            • 3. Re: Automatic update failure: observations
              ruralgal089

              I have same error with different #512 , I've been trying to DL windows update that keeps failing and found this error with McAfee, maybe I should go back to an earlier time to see if this happens often, no time to do since Windows update is driving me crazy

               

              Log Name: System

              Source: mfehidk

              Date: 9/6/2015 11:25:36 AM

              Event ID: 512

              Task Category: (256)

              Level: Warning

              Keywords: Classic

              User: N/A

              Computer: me

              Description:

              Process **\mcupdatemgr.exe pid (6956) is not from a trusted source and was blocked from performing a privileged operation with a McAfee driver.

              Event Xml:

              <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

                <System>

                <Provider Name="mfehidk" />

                <EventID Qualifiers="33024">512</EventID>

                <Level>3</Level>

                <Task>256</Task>

                <Keywords>0x80000000000000</Keywords>

                <TimeCreated SystemTime="2015-09-06T15:25:36.733731300Z" />

                <EventRecordID>55888</EventRecordID>

                <Channel>System</Channel>

                <Computer>me</Computer>

                <Security />

                </System>

                <EventData>

                <Data>\Device\mfehidk</Data>

                <Data>**\mcupdatemgr.exe</Data>

                <Data>6956</Data>

                <Binary>00000000030030000001000000020081000000000000000000000000000000000000000 000000000</Binary>

                </EventData>

              </Event>

              1 of 1 people found this helpful