Click on the Category button to get more articles regarding that product.
Windows XP Sp3, Event 516, mfehdik, SLL-API, memory Leak, crypt32.dll
Memory leak in MFEVTPS.EXE
Recent Microsoft security updates for Windows XP SP3 and Server 2003R2 introduce a memory leak for the VirusScan Enterprise process MFEVTPS.EXE. The leak is actually from a Windows binary, Crypt32.dll, that MFEVTPS.EXE utilizes. A fix for this issue is available from Microsoft. Other security related products may also have such problems.
http://support.microsoft.com/kb/959658/en-us
https://mysupport.mcafee.com/Eservice/Article.aspx?id=KB71083
Event: 516, Crypt32.dll
Product: Mcafee VSE 8.8 on WIndows XP, Server 2003R2
File: WindowsXP-KB959658-x86-DEU.exe
File: WindowsXP-KB959658-x86-ENU.exe
Install silent with: WindowsXP-KB959658-x86-DEU.exe -q -n -z
The Hotfix needs a Reboot you may surpress with Option -Z
66.218: Destination:C:\WINDOWS\system32\crypt32.dll (5.131.2600.5512)
66.218: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
66.218: IsRebootRequiredForFileQueue: At least one file operation was delayed; reboot is required.
66.218: IsRebootRequiredForFileQueue: c:\windows\system32\crypt32.dll was delayed; reboot is required.
66.218: DoInstallation: A reboot is required to complete the installation of one or more files.
66.218: In Function SetVolatileFlag, line 11741, RegOpenKeyEx failed with error 0x2
66.218: In Function SetVolatileFlag, line 11758, RegOpenKeyEx failed with error 0x2
66.218: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing to do.
66.312: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0
You have an application that uses the HttpSendRequest function of the WinHTTP API or of the Windows Internet (WinINet) API to send a Secure Sockets Layer (SSL) request. When you run this application in Windows XP Service Pack 3 (SP3) for some time, you may notice that the system performance decreases. This decrease occurs because of a memory leak in the application.
Prozess **\VSTSKMGR.EXE pid (1580) enthält signierten aber nicht vertrauenswürdigen Inhalt. Das Ausführen einer bevorzugten Operation mit einem McAfee-Treiber wurde jedoch zugelassen.
Version after installing the Hotfix:
Please also read what Mcafee says to the Event:
https://community.mcafee.com/message/210329#210329
Re: mfehidk Warnings with VSE8.8 installed
Hi Everyone,
I know a great many of you are looking forward to making the Event 516 “noise” go away.
Unfortunately the Patch 1 release for VSE 8.8 will not give you that. However, we plan to release a hotfix for a specific issue that was identified which is responsible for the “noise”.
The VSTSKMGR.exe process is executing code routines that will inevitably result in the Event 516 occurring frequently.
The hotfix will solve this and is expected to be available by the end of October (it will be freely available once it’s released).
When the noisy aspect of these events is resolved, what will remain are legitimate Event 516 occurrences. Meaning, the VSE product is warning you that there is 3rd party code inside our process(es) interacting with our kernel level drivers. For these legitimate events, if you know it’s not due to malware, and if you wish for those events to cease, then there is a mechanism to allow that.
A comprehensive knowledgebase article is being written to cater to the various scenarios and to better educate our customers on this particular event, including how to fix the noise and how to make them stop altogether. The first step though will be to get the hotfix out that solves the “noise”.
The article will be KB71083, but as yet the new and revised content has not been published so it still has old content for now. I’ll let you know when it’s live.