Endpoint Protection

 View Only
  • 1.  Windows Security Logs log 5038

    Posted Feb 14, 2013 12:34 PM

    Hello,

    I am in need of help resolving why I keep getting these through out the day on my Windows Security Logs:

    Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume2\Program Files (x86)\Symantec\SYMEVENT.SYS

    I get this on:

    Windows 2008 R2 Datacenter SP1 (Virtual)

    Terminal Server

    SEP Version: 11.0.7101.1056

    SEP's status is protected no problems detected. Latest update was from today Feb 14. Please advise.



  • 2.  RE: Windows Security Logs log 5038

    Posted Feb 14, 2013 01:31 PM

    Were any upgrades done recently?



  • 3.  RE: Windows Security Logs log 5038

    Posted Feb 14, 2013 02:19 PM

    Hello,

    Can you confirm that the OS is 2008 R2 and not just 2008?

    Do you see any entries in the Event Viewer for tcpip.sys which also mention Code Integrity errors?

    James



  • 4.  RE: Windows Security Logs log 5038

    Posted Feb 15, 2013 10:39 AM

    Brian81 - There were no upgrades at all. This is a brand new Win2k8 install (6 months ago) that was from scatch.

    James-x - Yes This is a Windows Server 2008 R2 Datacenter SP1.

    No. I have not seen any errors on the logs for TCPIP.SYS

    SYSTEM logs also reveals this error.

    \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

     



  • 5.  RE: Windows Security Logs log 5038

    Posted Feb 15, 2013 11:23 AM

    Hello,

    Thanks for the reply.

    I'm not certain why this issue would be occurring on your machines. I've seen this before on Windows 2008 boxes, but in the end it wasn't an issue with our driver, but was an issue with the OS. (We also saw several Microsoft drivers, including TCPIP.SYS, experiencing the same issue.)

    If this is an issue you are interested in pursuing further, I would suggest opening a ticket with support. This may not be the sort of thing the forums can help you solve.

    James



  • 6.  RE: Windows Security Logs log 5038

    Posted Feb 15, 2013 02:20 PM

    Thanks James! I just thought of tossing it out there if anybody have some suggestions.