Jump to content

a2hooks32.dll page hashes of an image file are not valid.


MTS
 Share

Recommended Posts

Recently noticed this error in Event Viewer.

Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

File Name:    \Device\HarddiskVolume3\EmsisoftInternetSecurity\a2hooks32.dll

- <System>
  <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
  <EventID>6281</EventID>
  <Version>0</Version>
  <Level>0</Level>
  <Task>12290</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8010000000000000</Keywords>
  <TimeCreated SystemTime="2017-06-27T00:44:17.083589900Z" />
  <EventRecordID>163397</EventRecordID>
  <Correlation />
  <Execution ProcessID="4" ThreadID="48" />
  <Channel>Security</Channel>
  <Computer>Windows-PC</Computer>
  <Security />
  </System>
- <EventData>
  <Data Name="param1">\Device\HarddiskVolume3\EmsisoftInternetSecurity\a2hooks32.dll</Data>
  </EventData>
  </Event>
Link to comment
Share on other sites

18 hours ago, MTS said:

Recently noticed this error in Event Viewer.

Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

That's normal, and it's nothing to worry about. ;)

Basically the code signing requirements for certain system files are much stricter than for anti-virus software, and anti-virus software (ours included) will attempt to inject a DLL file into every running process in order to open hooks to those processes to monitor them, so when EIS injects its DLL file (in this case a2hooks32.dll) into a running process that has stricter code signing requirements you'll see that error message in the Event Viewer.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...