Knowledge Center

File Write Denied events recorded when modification of the edb.log file is attempted
Technical Articles ID:   KB90849
Last Modified:  9/2/2018


McAfee Application and Change Control (MACC) 8.x.x, 7.x.x, 6.x.x

Microsoft Windows (All Versions)


Modification of the edb.log file results in the following being recorded in the s3diag.log file and the Solidcore.log file:


<WRITE_DENIED  file_name="C:\WINDOWS\Security\Database\edb.log" pid="976" process_name="c:\windows\system32\services.exe" ppid="896" parent_process_name="c:\windows\system32\wininit.exe" event_time="1534227106927" event_time_utc="Aug 14 2018:06:11:46" is_system_file="false" deny_reason="File-solidified" user_name="NT Authority\System" />


U.3304.3704: Aug 15 2018:10:19:41.654:   ERROR: evt.c       : 1256: McAfee Solidifier prevented an attempt to modify file 'C:\WINDOWS\Security\Database\edb.log' by process/script C:\Windows\System32\services.exe (sha1: 3dc7889dd4fce098f026876e75131839c6918a32, md5: 8207db785c4a1a8c901154d12df6e38e) (Process Id: 984, User: NT AUTHORITY\SYSTEM).


Supported file types for MACC are:
  • PE32
  • PE64
  • 16-bit DOS executable
The edb.log file has a 16-bit DOS header. With the header being 16-bit DOS, the file is solidified when solidification occurs.


MACC is working as intended and this behavior is considered to be normal.


The following workaround is provided to help with whitelisting the edb.log file and stop the events from being generated:
  1. Log on to the ePO Console.
  2. Open an existing Solidcore Rule Group or create a new rule group specifically for Application Control.
  3. Edit the existing or new rule group.
  4. Select the Exclusions tab and click Add.
  5. Expand Advanced options.
  6. Enable Exclude local path and all its contained files and sub-directories from the whitelist.
  7. Enter "C:\Windows\security\database\edb.log" for the path.
  8. Save the rule group.
  9. Perform a Wake Up Call to all agents and push the new rule to clients.


40K • < 1 minute @ broadband

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.