Video Screencast Help

Windows Security Logs log 5038

Created: 14 Feb 2013 | 5 comments

Hello,

I am in need of help resolving why I keep getting these through out the day on my Windows Security Logs:

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files (x86)\Symantec\SYMEVENT.SYS

I get this on:

Windows 2008 R2 Datacenter SP1 (Virtual)

Terminal Server

SEP Version: 11.0.7101.1056

SEP's status is protected no problems detected. Latest update was from today Feb 14. Please advise.

Comments 5 CommentsJump to latest comment

_Brian's picture

Were any upgrades done recently?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James-x's picture

Hello,

Can you confirm that the OS is 2008 R2 and not just 2008?

Do you see any entries in the Event Viewer for tcpip.sys which also mention Code Integrity errors?

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

Backup Name's picture

Brian81 - There were no upgrades at all. This is a brand new Win2k8 install (6 months ago) that was from scatch.

James-x - Yes This is a Windows Server 2008 R2 Datacenter SP1.

No. I have not seen any errors on the logs for TCPIP.SYS

SYSTEM logs also reveals this error.

\??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

James-x's picture

Hello,

Thanks for the reply.

I'm not certain why this issue would be occurring on your machines. I've seen this before on Windows 2008 boxes, but in the end it wasn't an issue with our driver, but was an issue with the OS. (We also saw several Microsoft drivers, including TCPIP.SYS, experiencing the same issue.)

If this is an issue you are interested in pursuing further, I would suggest opening a ticket with support. This may not be the sort of thing the forums can help you solve.

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

Backup Name's picture

Thanks James! I just thought of tossing it out there if anybody have some suggestions.