Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/23/2015 1:44:16 PM
Event ID: 6281
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: EppPCool
Description:
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume4\Windows\System32\guard64.dll
Event Xml:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>6281</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2015-12-23T19:44:16.281035800Z" />
<EventRecordID>67946</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="5276" />
<Channel>Security</Channel>
<Computer>EppPCool</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">\Device\HarddiskVolume4\Windows\System32\guard64.dll</Data>
</EventData>
</Event>