5 Replies Latest reply on Mar 3, 2017 6:34 AM by catdaddy

    Suspicious error occurring while updating McAfee LiveSafe

    dutchsecurity

      I updated my McAfee LiveSafe manually half an hour ago and my laptop crashed. After restarting it I checked the Windows 8.1 logs. It read (in Dutch, hence my translation):

       

      Logboeknaam:   System

      Bron:          mfehidk

      Datum:         25-2-2017 17:12:32

      Gebeurtenis-id:516

      Taakcategorie: (256)

      Niveau:        Waarschuwing

      Trefwoorden:   Klassiek

      Gebruiker:     n.v.t.

      Computer:      [deleted by me]

      Beschrijving:

      Proces **\MCUPDA~1.EXE pid (5972) bevat ondertekende maar niet vertrouwde code. Er is echter wel toegestaan dat het proces een geprivilegieerde bewerking met een McAfee-driver uitvoerde.

       

      Translatiion: Process **\MCUPDA~1.EXE pid (5972) contains signed but not trusted code. The process however got permission to perform a priviliged edit using a McAfee-driver.

       

       

       

      Gebeurtenis-XML:

      <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

        <System>

          <Provider Name="mfehidk" />

          <EventID Qualifiers="33024">516</EventID>

          <Level>3</Level>

          <Task>256</Task>

          <Keywords>0x80000000000000</Keywords>

          <TimeCreated SystemTime="2017-02-25T16:12:32.846748000Z" />

          <EventRecordID>26191</EventRecordID>

          <Channel>System</Channel>

          <Computer>Miniklappertje</Computer>

          <Security />

        </System>

        <EventData>

          <Data>\Device\mfehidk</Data>

          <Data>**\MCUPDA~1.EXE</Data>

          <Data>5972</Data>

          <Binary>00000000030030000001000004020081000000000000000000000000000000000000000 000000000</Binary>

        </EventData>

      </Event>

      *

      +System
      -Provider
      [
      Name]
      mfehidk

       

      -EventID516
      [
      Qualifiers]
      33024
      Level3
      Task256
      Keywords0x80000000000000
      -TimeCreated
      [
      SystemTime]
      2017-02-25T16:12:32.846748000Z
      EventRecordID26191
      ChannelSystem
      Computer[deleted by me]
      Security
      -EventData
      \Device\mfehidk
      **\MCUPDA~1.EXE
      5972
      00000000030030000001000004020081000000000000000000000000000000000000000000000000

       


      Binaire gegevens:

      In woorden

      0000: 00000000 00300003 00000100 81000204

       

      0010: 00000000 00000000 00000000 00000000
      0020: 00000000 00000000  

      In bytes

      0000: 00 00 00 00 03 00 30 00  
      ......0.
      0008: 00 01 00 00 04 02 00 81   .......
      0010: 00 00 00 00 00 00
      00 00   ........
      0018: 00 00 00 00 00 00 00 00   ........
      0020: 00 00 00
      00 00 00 00 00   ........