Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.
search cancel

Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.

book

Article ID: 289806

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Windows Security Event log show an error similar to:
 
Event ID:      5038

Task Category: System Integrity

Keywords:      Audit Failure

Description:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

Environment

  • Carbon Black Cloud sensor: All Supported Versions
    • Endpoint Standard
    • Enterprise EDR
  • Microsoft Windows: All Supported Versions

Cause

  • Some files was not signed in version 4.0.0.x and older.
  • All sensor versions are affected with Microsoft bug having an interop issue due to Windows code integrity enforcement.

Resolution

The event has no negative effect can be ignored when blocking log-in when security log is full is not configured. 

Additional Information