The following tables contain the processes and drivers that ENS installs.
Windows Services controlled by Service Control Manager (SCM or services.exe)
| SCM Name |
EXE and Path |
Description |
| TA |
| MASVC |
\Program Files\McAfee\Agent\masvc.exe |
TA service |
| MACMNSVC |
\Program Files\McAfee\Agent\macmnsvc.exe |
TA Common services |
| McAfeeFramework |
\Program Files\McAfee\Agent\x86\macompatsvc.exe |
TA Backwards Compatibility Service |
| Shared |
| MFEFIRE |
\Program Files\Common Files\McAfee\SystemCore\mfefire.exe |
Provides firewall services to our products |
| MFEMMS |
\Program Files\Common Files\McAfee\SystemCore\mfemms.exe |
Manages our services |
| MFEVTPS |
\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe |
Provides validation trust protection services |
Processes running as a service
| EXE |
Path |
Description |
| ENS |
| MCSHIELD |
\Program Files\Common Files\McAfee\AVSolution\ |
Scanner service |
| MFEATP |
\Program Files\McAfee\Endpoint Security\Adaptive threat Protection\mfeatp.exe |
Adaptive Threat Protection Service |
| MFEESP |
\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ |
ENS Platform component hosting server |
| MFECANARY |
\Program Files\Common Files\McAfee\SystemCore\ |
The Canary process is a short-lived process that closes five seconds after running.
The process identifies and reports back on DLL injections. |
| MFEENSPPL |
\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\ |
Provides Protected Process Light service |
| MFEFIRE |
\Program Files\Common Files\McAfee\SystemCore\ |
Provides firewall services to our products |
| MFEFW |
\Program Files\McAfee\Endpoint Security\Firewall\ |
Firewall Business Object Hosting Server |
| MFETP |
\Program Files\McAfee\Endpoint Security\Threat Prevention\ |
Security component hosting server |
| MFEVTPS |
\Windows\System32\ |
Process Validation Service |
| MFEHCS |
\Program Files\Common Files\McAfee\SystemCore |
HookCore Service |
| MFEMACTL |
\Program Files\McAfee\Agent\x86 |
TA AAC Host |
| MCCHHOST |
\Program Files (x86)\McAfee\Endpoint Security\x86\Web Control |
Web Control |
| MFEWC |
\Program Files (x86)\McAfee\Endpoint Security\x86\Web Control |
Web Control Service |
ENS Storage Protection processes
| EXE |
Path |
Description |
| MFEDSP |
\Program Files\McAfee\Endpoint Security\Storage Protection |
Storage Protection Service |
Processes running as User
| EXE |
Path |
Description |
| TA |
| MCTRAY |
\Program Files\McAfee\Agent\x86\mctray.exe |
McTray Application |
| UPDATERUI |
\Program Files\McAfee\Agent\x86\UpdaterUI.exe |
Common User Interface |
| ENS |
| MFECONSOLE |
\Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\ |
ENS console |
Endpoint Security drivers
| Process name |
Description |
| mfeaack.sys |
The Arbitary Access Control driver, which provides Self-Protection and Access Protection for file/folder, process, and registry blocking |
| mfeavfk.sys |
A file system filter content driver used for antivirus scanning and maintaining a file cache |
| mfeclnrk.sys |
Used during rootkit removal |
| mfeelamk.sys |
The Early Launch Antimalware (ELAM) driver. This component is used with the Microsoft ELAM framework to verify that boot start drivers don't contain malware. Available for Windows 8 and later (Windows kernel version 6.2 and later). |
| mfeepmpk.sys |
The Exploit Prevention driver |
| MfeEpNfcp.sys |
Provides Exploit Prevention NIPS capability |
| mfefirek.sys |
The Firewall Engine driver. Receives network traffic and matches the traffic to the current rules. |
| mfehck.sys |
The HookCore Driver. Used for injecting into third-party processes and performing API hooking. |
| mfehidk.sys |
The Host Intrusion Detection Link Driver. Facilitates I/O events for relevant content drivers. |
| mfencbdc.sys |
The AMCore main driver |
| mfencrk.sys |
The Rootkit Scanner driver |
| mfenlfk.sys |
The NDIS Light Filter driver used for packet-level filtering |
| mfeplk.sys |
The Arbitary Access Control Protected Launch Plug-in driver |
| mfewfpk.sys |
Provides application-level network filtering |
