Go Back   TechArena Community > Technical Support > Computer Help > Windows Vista > Vista Help
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

Vista Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 09-11-2008
artfuldodga
 
Posts: n/a
Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/11/08 3:35p
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XPS1530-PC
Description:
Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
<EventRecordID>27081</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>Security</Channel>
<Computer>XPS1530-PC</Computer>
<Security />
</System>
<EventData>
<Data
Name="param1">\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys</Data>
</EventData>
</Event>

OS Vista Ultimate SP1

I have no idea why this failure is showing up, is there a specific service
needed for the audit success? Other than seeing the error(s) occur via Event
Viewer, I have not had any issues with connectivity, and other security
audits complete fine without failure. Anyone have any ideas what might fix
this? I do not believe I modified the tcpip.sys in any way

Reply With Quote
  #2  
Old 10-11-2008
Engel
 
Posts: n/a
RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

See if the information in this article, "How to Repair and Verify the
Integrity of Vista System Files with System File Checker"

<http://www.vistax64.com/tutorials/66978-system-files.html>

Good luck
Reply With Quote
  #3  
Old 10-11-2008
Paul Shapiro
 
Posts: n/a
Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

Interesting. My Vista 64 SP1 crashed two days ago for the first time in
months, and reported the same error with the same file. It just happened
once so I didn't investigate further. Seems to have been working fine since
then and no more error message in the event log. I wondered if was
antivirus-related? I have Trend Micro plus Windows Defender. Anything sound
familiar?
Reply With Quote
  #4  
Old 12-11-2008
artfuldodga
 
Posts: n/a
RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid

yeah so the results of the manual check.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>sfc /verifyfile=C:\Windows\System32\drivers\tcpip.sys
Windows Resource Protection did not find any integrity violations.

error is still showing up in event viewer with no adverse effects, wondering
where i can go from here in order to sort it out? maybe i need to have a
specific service enabled in order for it to process correctly, any more ideas?
Reply With Quote
  #5  
Old 20-11-2008
Allan
 
Posts: n/a
Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid

Try replacing the module from the installation media with a good copy after
backing up this allegedly corrupted driver. You should not have to do a
complete repair reinstallation (I don't believe so).
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Vista > Vista Help
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor"
Thread Thread Starter Forum Replies Last Post
Event ID: 5038 Microsoft Security Essentials Security Log Audit Failure Aleeza Networking & Security 5 28-10-2010 07:23 PM
Security Failure Audit Account Logon Event ID 675 Itsme Active Directory 1 01-06-2009 05:53 PM
Failure Audit - Logon/Logoff - Event ID 529 Actionguy Windows Security 2 28-01-2009 08:33 PM
Event Viewer Shows Frequent TaskScheduler Failure (CrawlStartPages) jminiman Vista Help 5 20-11-2008 02:37 PM
event: 566 Object Access Audit Failure maratha Active Directory 1 14-02-2008 04:04 PM


All times are GMT +5.5. The time now is 05:40 PM.