cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DerFalk
Level 7
Report Inappropriate Content
Message 11 of 17

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Something new?

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Nothing to report. I only have these events happening from June 2011 to December 12, 2011 the day before the 11.0.649 deployment. So it is definitely not due to the recent release. I think it is more of a coincidence. Therefore I will need to collect sufficient data for engineering. If you are getting these events please PM me and I will give you instructions on how to run WebMER and submit your results. MER stand for Minimum Escalation Requirements and will collect the Event Logs, McAfee logs, file, and registry info. It also collects version info from windows\*.dll.

Regards,

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Doug

Yes, please send me the instructions you have to handle this event?   Can you PM the instructions?

Cheers,

Delbert

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

I was one of those who had the issue of the Command Prompt every 10 minutes attempting to update the McAfee Site Advisor.    I disabled the site advisor service for one day and then went back and reset it to start automatically.   Following this, the McAfee Site Advisor command prompt no longer appeared.   The strange thing associated with this event is that I NO LONGER have the MFEHIDK event logged in my Event Logs.......apparently this issue and the command prompt issue were related????????

Message was edited by: delclemons on 1/23/12 10:34:01 AM CST
Hayton
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 15 of 17

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

I'm seeing these on my XP machine. They started appearing two days ago (May 12). The date indicates it's unlikely to be the result of a Microsoft update.

Event ID : 516

Source : mfehidk

Category : [256]

Process **\SVCHOST.EXE pid (1600) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

PID 1600 here is "C:\WINDOWS\System32\svchost.exe -k netsvcs" which is runs a lot of services.

svchost.exe has not been modified, updated or replaced. A right-click scan on that file shows it as clean. Looking at the DLL lower pane in Process Explorer I see that svchost.exe is listed there with "Unable to verify" (the only such entry).

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

This actually gets worse...

This event generated by the HIDS component in the System Event log (514) does NOT log anything to the ePO console....  This event is however is VERY important in that it can and does detect a Malware installation being attempted or trying to alter your system so....

                     DO NOT IGNORE this alert !!!!

This is the ONLY item that McAfee triggered to indicate we had an issue as these events went WAY up during the infections....  we found it afterwards  ;-(

I hope you have a logging syslog server for this EventCode because that is ALL McAfee will do for this particular malware type... Generate a 514 Warning.. McAfee Driver  This event is the ONLY thing McAfee has to detect or info/warning to indicate something bad is occuring...  not necessarily what.. but something is happening... 

And no DAT file or Extra.DAT has been created to detect it...  We have given it to over 12 AV companies...

Baaaaaaad malware

I have a PER in to request something for 514 Events, but made to feel like.. We don't do anything for this...  My ePO Console says everything is GREAT... it really isn't....

Sad...  Further Proof anti-Malware software does NOT detect real and current malware. 

Ohhh and there is already a variant Sophos picked up on one of the remnants we sent them...

HH

Re: MFEHIDK Event (branched from the Annoying McAfee Desktop Shortcut doesn't get deleted permanently thread)

Hacker Hurricane wrote:

This actually gets worse...

This event generated by the HIDS component in the System Event log (514) does NOT log anything to the ePO console....  This event is however is VERY important in that it can and does detect a Malware installation being attempted or trying to alter your system so....

                     DO NOT IGNORE this alert !!!!

This is the ONLY item that McAfee triggered to indicate we had an issue as these events went WAY up during the infections....  we found it afterwards  ;-(

I hope you have a logging syslog server for this EventCode because that is ALL McAfee will do for this particular malware type... Generate a 514 Warning.. McAfee Driver  This event is the ONLY thing McAfee has to detect or info/warning to indicate something bad is occuring...  not necessarily what.. but something is happening... 

And no DAT file or Extra.DAT has been created to detect it...  We have given it to over 12 AV companies...

Baaaaaaad malware

I have a PER in to request something for 514 Events, but made to feel like.. We don't do anything for this...  My ePO Console says everything is GREAT... it really isn't....

Sad...  Further Proof anti-Malware software does NOT detect real and current malware. 

Ohhh and there is already a variant Sophos picked up on one of the remnants we sent them...

HH

You're posting in Home and Home office.  You need the ePO section in Business perhaps or maybe the Security Awareness > Malware Discussion > Corporate User Assistance?   The two products are poles apart so can't be compared.

.

Message was edited by: Ex_Brit on 13/07/12 5:47:13 EDT PM
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community