Tomica I explained in your other thread about how to disable it.

Brad I suggest opening a case with Technical Support, it's free via phone or online chat and linked under Useful Links at the top of this page.

'Buffer overflow prevented' simply means something tried to use too much memory and was prevented from doing so.

But support might be able to troubleshoot why it happened.

.

The "Buffer Overflow Prevented" message is something that's been discussed here in the past, but in the Business section. Preventing buffer overflows is an essential guard against many malware attacks, since any piece of code (in an application or an operating system) that fails to check rigorously the user input into a field on a form can allow an attacker to overwrite memory and either crash the app (or the system) or execute malicious code. So McAfee is doing its job here.

If the message refers to a particular application it would be helpful to know what it is. The regular McAfee Security Advisories I receive mention this prevention very frequently.

See https://en.wikipedia.org/wiki/Buffer_overflow

Hi Hayton,

Thanks for your informative reply. I appreciate the very useful jobMcAfee Antivirus does, but there are occasions when false positives occur – andI am convinced this happened here.

In my case (Vista SP2, Office 2003 user), McAfee had just done one ofits automatic updates; this one was an “upgrade” requiring a reboot to make iteffective. After the reboot, I wanted to call up an Excel file I’ve been usingfor years (finance.xls), and after nothing happened the McAfee warning windowappeared advising of the buffer overflow prevention.

As attempts to restart Excel failed, I rebooted and a message appearedsaying there was a serious problem with the Excel Add-in eurotool.xla (I livein Germany).So with the Add-in deactivated, Excel worked OK with other files, but the samething happened when I wanted to open finance.xls – buffer overflow. As thisfile has a Workbbok_Open macro in the “This Workbook” part of the macro section(Alt + F11 - the macro is activated when the file is opened) I deactivated themacro and everything was OK again. A McAfee virus scan of the file wasnegative.

With the file open, I ran the macro manually and Excel closed on me and– you’ve got it – McAfee buffer overflow prevention. I moved the macro from“This Workbook” to a Module and it ran with no problem.

So for apparently no reason (there was no change in the PC configurationor any file) McAfee – after the Tuesday August 14 upgrade - took exception to

the Excel Add-in eurotool.xla

and

a macro in “This Workbook”

Deactivating the McAfee real-time scan and/or the buffer overflowexploits options made no difference

Out of curiosity, as a test in Word, I activated a short macro in “ThisDocument” and exactly the same thing happened – buffer overflow message. Thistime I clicked the right-hand option “Don’t prevent buffer overflow…” Afterthat everything returned to normal – and there was no crash because of a bufferoverflow.

My only worry now is what if a really real buffer overflow impends. Didthe right-hand click deactivate buffer overflow checks forever? The bufferoverflow exploits option is activated.

I’d be grateful for your thoughts.

PS any news on "Mfehidik" in the Event Manager

Hello Hayton,

A few days ago I started receiving this (Buffer Overflow Prevented) alert message from McAfee. The message usually appears after coming back from sleep mode.

I'm currently running Windows Vista.

McAfee has identified Explorer.EXE. as the cause.

Please assist.

Thanks

If a scan doesn't pick anything up then this is probably Vista tripping up when writing back to memory everything it stored on disk before going into Sleep mode - although with explorer.exe you have to consider the possibility that some malware has injected extra code into the executable (a common practice).

Explorer.exe should have a file size in Vista of about 3Mb - see the table of known file sizes at http://jack.is/tech-support/tech-tips/explorer.php. Check the size of the file on your system against the entries there.

Scan with McAfee and Stinger, and if they come up clean but you still have doubts you can always run 'sfc /scannow' from a command-line prompt. If the exe file has changed at all this will replace it with a backup copy.