Video Screencast Help
Search Video Help Close Back
to help

Windows Security Logs log 5038

Created: 14 Feb 2013 | 5 comments
Backup Name's picture
Backup Name
0 0 Votes
Login to vote

Hello,

I am in need of help resolving why I keep getting these through out the day on my Windows Security Logs:

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files (x86)\Symantec\SYMEVENT.SYS

I get this on:

Windows 2008 R2 Datacenter SP1 (Virtual)

Terminal Server

SEP Version: 11.0.7101.1056

SEP's status is protected no problems detected. Latest update was from today Feb 14. Please advise.

Discussion Filed Under:
, , ,

Comments 5 CommentsJump to latest comment

Brian81's picture
Brian81 Trusted Advisor
Windows Security Logs log 5038 - Comment:14 Feb 2013 : Link

Were any upgrades done recently?

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
James-x's picture
James-x Symantec Employee
Windows Security Logs log 5038 - Comment:14 Feb 2013 : Link

Hello,

Can you confirm that the OS is 2008 R2 and not just 2008?

Do you see any entries in the Event Viewer for tcpip.sys which also mention Code Integrity errors?

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

0
Login to vote
Backup Name's picture
Backup Name
Windows Security Logs log 5038 - Comment:15 Feb 2013 : Link

Brian81 - There were no upgrades at all. This is a brand new Win2k8 install (6 months ago) that was from scatch.

James-x - Yes This is a Windows Server 2008 R2 Datacenter SP1.

No. I have not seen any errors on the logs for TCPIP.SYS

SYSTEM logs also reveals this error.

\??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

0
Login to vote
James-x's picture
James-x Symantec Employee
Windows Security Logs log 5038 - Comment:15 Feb 2013 : Link

Hello,

Thanks for the reply.

I'm not certain why this issue would be occurring on your machines. I've seen this before on Windows 2008 boxes, but in the end it wasn't an issue with our driver, but was an issue with the OS. (We also saw several Microsoft drivers, including TCPIP.SYS, experiencing the same issue.)

If this is an issue you are interested in pursuing further, I would suggest opening a ticket with support. This may not be the sort of thing the forums can help you solve.

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

0
Login to vote
Backup Name's picture
Backup Name
Windows Security Logs log 5038 - Comment:15 Feb 2013 : Link

Thanks James! I just thought of tossing it out there if anybody have some suggestions.

0
Login to vote