Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 516 Source: mfehidk

Source
Level
Description
Process **\MCSHIELD.EXE pid (3304) contains signed but untrusted code but was allowed to perform a privileged operation with a McAfee driver.
Comments
 
I got rid of the mfehidk errors by turning off access protection in the McAfee Security Center.
From a support forum: "I solved this by:
1. Uninstalling all McAfee products (inc MVT) via Control Panel
2. Running McAfee's uninstaller
3. Rebooting
4. Running CCleaner (which found a few registry entries left by McAfee Uninstaller)
5. Reinstalling the product"
From a support forum:
"I appear to have found a fix for this issue on my Windows 7 X64 Ultimate install with the 2010 BT Netprotect verion of McAfee Antivirus. I found a reference to a McAfee utility in the Knowledge base for an issue with PCPeople. I figured the issue must be caused by an install issue so I looked for a way to install the driver again.

The solution was to run mfehidin.exe to install MFEHIDK.sys from the command line with the command "mfehidin.exe -i mfehidk.sys". mfehidin.exe resides in my c:\program files\common files\mcafee\vscore directory along with the MFEHIDK. inf, cat and sys files so you have to change directory on the command line to "cd c:\program files\common files\mcafee\vscore and then run the mfehidin.exe -i mfehidk.sys command. For other operating systems it may be in another place so you will have to search your McAfee program file directories to be sure. Then type "mfehidin.exe -i mfehidk.sys" (no quotes) into the command line and press enter.

An alternative method that might work would be to right click on mfehidk.inf and select install from the popup window. This should install the driver again using the security catalog information contained in mfehidk.cat which is where I think McAfee got the install process wrong as it does not appear to register the security catalog details when installing the driver. After I did this I got a windows automatic certificate update for a Digicert SSL Certificate but I do not know if this was related. I have not got this error since doing this."
According to EV100236 (McAfee KB71083) this event is generated by VSE when one or more DLLs loaded by the mentioned process are unsigned or untrusted. See the article for some suggested solutions.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...