Carbon Black Cloud: Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.
search cancel

Carbon Black Cloud: Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.

book

Article ID: 289806

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Windows Security Event log show an error similar to:
 
Event ID:      5038

Task Category: System Integrity

Keywords:      Audit Failure

Description:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

Environment

  • Carbon Black Cloud sensor: All Supported Versions
    • Endpoint Standard
    • Enterprise EDR
  • Microsoft Windows: All Supported Versions

Cause

Interop issue due to Windows code integrity enforcement.

Resolution

The event has no negative effect can be ignored