We did make changes to Patch 7 that might get flagged by Code Integrity, but those changes were unavoidable for our part and not actually indicative of an issue (changes we had to make in how our drivers were built to work around a Win10 TH2 issue)
So this event may be unavoidable, consequently.
Is it just that file of ours mentioned in such events? mfebopk.sys is the buffer overflow protection driver, and only ever loaded on 32-bit systems.
If it's just that file being mentioned, we can expect that others are not seeing the event because they're on 64-bit systems.
Thank you for assistance.
This seen on only on 32-bit systems as you supected
FYI, since your posting I've seen other reports of the symptom and where a little more detail was available that the "why" was made clear.
We will be releasing a hotfix that solves this (and the AP rule: Prevent Windows Process spoofing issue) in the coming weeks, hopefully before the end of April.
I am also having this issue.
It appears that the following driver files are signed with an untrusted "McAfee Test" certificate and is causing these issues:
Furthermore, it introduces a significant delay (4-10 minutes) in the UAC prompt when accessing McAfee VirusScan Console.
UPDATE: I just installed HF1123565 and it seemed to resolve the certificate issue. Still noticing the long delay in the UAC prompt. I am also on a domain and noticed that GPO updates seem to be getting blocked by the "Prevent Programs from running in the Temp folder".