I'm McAfee user since few years. Yesterday for the 1st time directories $MfeDeepRem have been created on my computer drives (one per drive).
I know about this page - https://service.mcafee.com/?locale=en-US&articleId=TS103194&page=shell&shell=article-view
but I still have some additional questions related to this, as in one of the mentioned $MfeDeepRem there are also subdirectories:
CURRENT_SESSIONS (it is empty)
TERMINATED_SESSIONS (it has one more subdirectory with files inside - more info. below)
USER_DATA (it has one more subdirectory with file inside - more info. below)
SESSION_COUNT (size 0 KB)
Now - in TERMINATED_SESSIONS there is subdirectory - its name starts with "00000001 (followed by string of digits and letters)" and inside there are files:
CHANGE_LOG (size 1 KB)
CONFIG_DATA (1 KB)
PROCESS_GUIDS (1 KB)
In directory USER_DATA there is also subdirectory "00000001 etc." and inside file which name ends with "REGVALUE_CONTENT". Size of this file is around 1 KB too.
The linked McAfee page says that auto-creation of $MfeDeepRem is nothing to worry about, but it doesn't explain what if it is created with such content inside. Shoud these files be there by default? I woudl like to know is it OK?
If no, then what are these files? What caused their creation?
Is it really possible that McAfee blocked or removed some infection but didn't inform me about it?
The Quarantine is empty. There is also no any related information in history of McA activities.
I'll be grateful for your response
Kindly let us know the version of McAfee that is installed on your device. By default these files would be created and will take care of your device. These folder would be hidden by default.
Ok, so not only the empty directories can be created but also they can have the mentioned files inside - as I understand - and it is fine.
The files are only in $MfeDeepRem of one drive. On the other drives there are only USER_DATA subdirectories inside - but they are all empty.
I use total Protection (16.0. R45)
These folders are "hidden" but I have visiblity of hidden folders turned on 😉 They were absent earlier and were created (without any visible for me reason) only 2 days ago.
Unfortunatley I have to back to this sujbect.
Nothing related to this issue didn't happen since April/May until now - and exactly until 05.07.2022.
At 05.07.2022 inside $MfeDeepRem on the system drive, the subfolder "Current_session" was modified (its modifcation date was changed), but it reminded empty. Additionally in "Terminaded_sessions" new folder has been created with 05.07.2022 date and new "Change_log", "Config_data", Process_Guids" files inside
Same happend at 06.07.2022 and again at 09.07.2022 - new folders and files, like above, have been created!
I simply has to ask - is it still normal?
At 05.07.2022 there was the larger McAfee update.
At 06.07.2022 there was the problem with McAfee update scanner (the "you are offiline" bug), which was reported also by different user (here: https://forums.mcafee.com/t5/Total-Protection/Not-offline/m-p/708220 )
At 09.07.2022 I also had for a while the update problem also with the "you are offline" message.
Can changes in $MfeDeepRem be related to this? Can it be coincidence?
I scanned my device with McAfee and few other malware scanners - they all don't detect any threads.
I didn't download any files and didn't install anything new on my computer recently (except updates).
McAfee didn't inform me about any threads detected/blocked with pop-up or something, there is also nothing about it in program's activity history.
I'll be really greatfull for answer.
Unfortunately the $MfeDeepRem case isn't anywhere explained enough and one can't really know how to interpretate what is going on there - what can happens there and when.
AV activity should not provide additional doubts and cause safety worries.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: