Certificate revocation prevents mfenlfk.sys installation
Last Modified: 2023-02-27 20:13:53 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Certificate revocation prevents mfenlfk.sys installation
Technical Articles ID:
KB91212
Last Modified: 2023-02-27 20:13:53 Etc/GMT Environment
Active Response 2.0 or later Client Proxy 2.3.1.278 or later Data Exchange Layer client 4.x or later Data Loss Prevention Endpoint 11.x Endpoint Security 10.x Problem
Windows disallows the installation of the Network Driver Interface Specification (NDIS) The From the [17:03:15:128] - Failed to copy inf file, hr=e0000247 [17:03:15:128] - WARNING: Could not open BehaviorBlocking key [17:03:15:128] - Lock Service DACL mfenlfk [17:03:15:129] - InstallCustomDriver failed [17:03:15:129] - ERROR: parseDriver: failed [17:03:15:129] - Verifying Mfenlfk.sys is installed and running... [17:03:15:129] - GetDriverService mfenlfk.sys [17:03:15:129] - ERROR: Could not open mfenlfk.sys service. GetLastError()=1060 [17:03:15:129] - mfenlfk.sys service is not running. [17:03:15:974] - Install error: un-winding install An example from a failed Endpoint Security installation in the 23/10/2018 17:03:02.422 [9140] [BootstrapperMain] Copied from C:\ProgramData\McAfee\Agent\Evaluation\ENDP_GS_1060\Install\0000\\mfehidin64.exe to C:\ProgramData\McAfee\Agent\Evaluation\ENDP_GS_1060\Install\0000\\mfehidin.exe 23/10/2018 17:03:02.423 [9140] [BootstrapperMain] "C:\ProgramData\McAfee\Agent\Evaluation\ENDP_GS_1060\Install\0000\\mfehidin.exe" -installcab:"vscore_all.cab" -guid:{EA334ECD-7513-486B-A265-0C698FACBB06} -log:"C:\WINDOWS\TEMP\\McAfeeLogs\McAfee_Common_VSCore_Install_All_23102018170302419.log" -etl:"C:\WINDOWS\TEMP\\McAfeeLogs\McAfee_Common_VSCore_Install_All_23102018170302419.etl" 23/10/2018 17:03:02.424 [9140] [BootstrapperMain] RunCommandLine: "C:\ProgramData\McAfee\Agent\Evaluation\ENDP_GS_1060\Install\0000\\mfehidin.exe" -installcab:"vscore_all.cab" -guid:{EA334ECD-7513-486B-A265-0C698FACBB06} -log:"C:\WINDOWS\TEMP\\McAfeeLogs\McAfee_Common_VSCore_Install_All_23102018170302419.log" -etl:"C:\WINDOWS\TEMP\\McAfeeLogs\McAfee_Common_VSCore_Install_All_23102018170302419.etl" 23/10/2018 17:03:22.371 [9140] [BootstrapperMain] RunCommandLine: Process return code : 4294967295 23/10/2018 17:03:22.372 [9140] [BootstrapperMain] VSCore Installation Return value : 4294967295 23/10/2018 17:03:22.373 [9140] [BootstrapperMain] VSCore Installation failed!! Additional information about the certificate action can be found at >>> Section start 2018/10/26 10:02:36.109 cmd: "C:\ProgramData\McAfee\Agent\Current\ENDP_GS_1050\Install\0000\\mfehidin.exe" -installcab:"vscore_all.cab" -guid:{EA334ECD-7513-486B-A265-0C698FACBB06} -log:"C:\WINDOWS\TEMP\\McAfeeLogs\McAfee_Common_VSCore_Install_All_2610201810022376.log" -etl:"C:\WINDOWS\TEMP\\McAfeeLogs\McAfee_Common_VSCore_Install_All_2610201810022376.etl" inf: Copy style: 0x00000000 sto: {Setup Import Driver Package: C:\ProgramData\McAfee\Agent\Current\ENDP_GS_1050\Install\0000\x64\mfenlfk.inf} 10:02:36.124 inf: Provider: McAfee, Inc. inf: Class GUID: {4D36E974-E325-11CE-BFC1-08002BE10318} inf: Driver Version: 01/01/2017,14.2.0.611 inf: Catalog File: mfenlfk.cat pol: {Driver package policy check} 10:02:36.249 pol: {Driver package policy check - exit(0x00000000)} 10:02:36.249 sto: {Stage Driver Package: C:\ProgramData\McAfee\Agent\Current\ENDP_GS_1050\Install\0000\x64\mfenlfk.inf} 10:02:36.249 inf: {Query Configurability: C:\ProgramData\McAfee\Agent\Current\ENDP_GS_1050\Install\0000\x64\mfenlfk.inf} 10:02:36.265 inf: Driver package 'mfenlfk.inf' is configurable. inf: {Query Configurability: exit(0x00000000)} 10:02:36.265 flq: Copying 'C:\ProgramData\McAfee\Agent\Current\ENDP_GS_1050\Install\0000\x64\mfenlfk.cat' to 'C:\WINDOWS\System32\DriverStore\Temp\{b1b06d34-6ba1-6e47-b5c3-793c0f2976b1}\mfenlfk.cat'. flq: Copying 'C:\ProgramData\McAfee\Agent\Current\ENDP_GS_1050\Install\0000\x64\mfenlfk.inf' to 'C:\WINDOWS\System32\DriverStore\Temp\{b1b06d34-6ba1-6e47-b5c3-793c0f2976b1}\mfenlfk.inf'. flq: Copying 'C:\ProgramData\McAfee\Agent\Current\ENDP_GS_1050\Install\0000\x64\mfenlfk.sys' to 'C:\WINDOWS\System32\DriverStore\Temp\{b1b06d34-6ba1-6e47-b5c3-793c0f2976b1}\mfenlfk.sys'. sto: {DRIVERSTORE IMPORT VALIDATE} 10:02:36.281 sig: {_VERIFY_FILE_SIGNATURE} 10:02:36.312 sig: Key = mfenlfk.inf sig: FilePath = C:\WINDOWS\System32\DriverStore\Temp\{b1b06d34-6ba1-6e47-b5c3-793c0f2976b1}\mfenlfk.inf sig: Catalog = C:\WINDOWS\System32\DriverStore\Temp\{b1b06d34-6ba1-6e47-b5c3-793c0f2976b1}\mfenlfk.cat ! sig: Verifying file against specific (valid) catalog failed. ! sig: Error 0x800b010c: A certificate was explicitly revoked by its issuer. sig: {_VERIFY_FILE_SIGNATURE exit(0x800b010c)} 10:02:36.312 sig: {_VERIFY_FILE_SIGNATURE} 10:02:36.312 sig: Key = mfenlfk.inf sig: FilePath = C:\WINDOWS\System32\DriverStore\Temp\{b1b06d34-6ba1-6e47-b5c3-793c0f2976b1}\mfenlfk.inf sig: Catalog = C:\WINDOWS\System32\DriverStore\Temp\{b1b06d34-6ba1-6e47-b5c3-793c0f2976b1}\mfenlfk.cat ! sig: Verifying file against specific Authenticode(tm) catalog failed. ! sig: Error 0x800b010c: A certificate was explicitly revoked by its issuer. sig: {_VERIFY_FILE_SIGNATURE exit(0x800b010c)} 10:02:36.328 !!! sig: An unexpected error occurred while validating driver package. Catalog = mfenlfk.cat, Error = 0x800B010C !!! sig: Driver package is considered unsigned, and Code Integrity is enforced. !!! sig: Driver package failed signature validation. Error = 0xE0000247 sto: {DRIVERSTORE IMPORT VALIDATE: exit(0xe0000247)} 10:02:36.328 !!! sig: Driver package failed signature verification. Error = 0xE0000247 !!! sto: Failed to import driver package into Driver Store. Error = 0xE0000247 sto: {Stage Driver Package: exit(0xe0000247)} 10:02:36.343 sto: {Setup Import Driver Package - exit (0xe0000247)} 10:02:36.343 !!! inf: Failed to import driver package into driver store !!! inf: Error 0xe0000247: A problem was encountered while attempting to add the driver to the store. <<< Section end 2018/10/26 10:02:36.546 <<< [Exit status: FAILURE(0xe0000247)] Cause
This issue occurs because of either of the following:
Solution 1
This issue is resolved in the following product versions:
Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Solution 2
Apply the missing SHA-2 code signing support update for Windows Server 2008, Windows Server 2008 R2, and Windows 7.
Related Information
Other causes of Affected ProductsLanguages:This article is available in the following languages: |
|