Results 1 to 5 of 5

Thread: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

  1. #1
    artfuldodga Guest

    Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

    Code integrity determined that the image hash of a file is not valid. The
    file could be corrupt due to unauthorized modification or the invalid hash
    could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys

    Log Name: Security
    Source: Microsoft-Windows-Security-Auditing
    Date: 8/11/08 3:35p
    Event ID: 5038
    Task Category: System Integrity
    Level: Information
    Keywords: Audit Failure
    User: N/A
    Computer: XPS1530-PC
    Description:
    Code integrity determined that the image hash of a file is not valid. The
    file could be corrupt due to unauthorized modification or the invalid hash
    could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Security-Auditing"
    Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5038</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
    <EventRecordID>27081</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="56" />
    <Channel>Security</Channel>
    <Computer>XPS1530-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data
    Name="param1">\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys</Data>
    </EventData>
    </Event>

    OS Vista Ultimate SP1

    I have no idea why this failure is showing up, is there a specific service
    needed for the audit success? Other than seeing the error(s) occur via Event
    Viewer, I have not had any issues with connectivity, and other security
    audits complete fine without failure. Anyone have any ideas what might fix
    this? I do not believe I modified the tcpip.sys in any way

  2. #2
    Engel Guest

    RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

    See if the information in this article, "How to Repair and Verify the
    Integrity of Vista System Files with System File Checker"

    <http://www.vistax64.com/tutorials/66978-system-files.html>

    Good luck

  3. #3
    Paul Shapiro Guest

    Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

    Interesting. My Vista 64 SP1 crashed two days ago for the first time in
    months, and reported the same error with the same file. It just happened
    once so I didn't investigate further. Seems to have been working fine since
    then and no more error message in the event log. I wondered if was
    antivirus-related? I have Trend Micro plus Windows Defender. Anything sound
    familiar?

  4. #4
    artfuldodga Guest

    RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid

    yeah so the results of the manual check.

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.
    C:\Windows\system32>sfc /verifyfile=C:\Windows\System32\drivers\tcpip.sys
    Windows Resource Protection did not find any integrity violations.

    error is still showing up in event viewer with no adverse effects, wondering
    where i can go from here in order to sort it out? maybe i need to have a
    specific service enabled in order for it to process correctly, any more ideas?

  5. #5
    Allan Guest

    Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid

    Try replacing the module from the installation media with a good copy after
    backing up this allegedly corrupted driver. You should not have to do a
    complete repair reinstallation (I don't believe so).

Similar Threads

  1. Replies: 5
    Last Post: 28-10-2010, 07:23 PM
  2. Security Failure Audit Account Logon Event ID 675
    By Itsme in forum Active Directory
    Replies: 1
    Last Post: 01-06-2009, 05:53 PM
  3. Failure Audit - Logon/Logoff - Event ID 529
    By Actionguy in forum Windows Security
    Replies: 2
    Last Post: 28-01-2009, 08:33 PM
  4. Replies: 5
    Last Post: 20-11-2008, 02:37 PM
  5. event: 566 Object Access Audit Failure
    By maratha in forum Active Directory
    Replies: 1
    Last Post: 14-02-2008, 04:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •