Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

Posted: 11-08-2008, 08:58 PM
Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/11/08 3:35p
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XPS1530-PC
Description:
Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
<EventRecordID>27081</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>Security</Channel>
<Computer>XPS1530-PC</Computer>
<Security />
</System>
<EventData>
<Data
Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
</EventData>
</Event>

OS Vista Ultimate SP1

I have no idea why this failure is showing up, is there a specific service
needed for the audit success? Other than seeing the error(s) occur via Event
Viewer, I have not had any issues with connectivity, and other security
audits complete fine without failure. Anyone have any ideas what might fix
this? I do not believe I modified the tcpip.sys in any way

Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor


Responses to "Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor"

Engel
Guest
Posts: n/a
 
RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor
Posted: 11-09-2008, 08:38 PM

See if the information in this article, "How to Repair and Verify the
Integrity of Vista System Files with System File Checker"

<http://www.vistax64.com/tutorials/66978-system-files.html>

Good luck


Ǝиçεl
-=-


"artfuldodga" wrote:
> Code integrity determined that the image hash of a file is not valid. The
> file could be corrupt due to unauthorized modification or the invalid hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 8/11/08 3:35p
> Event ID: 5038
> Task Category: System Integrity
> Level: Information
> Keywords: Audit Failure
> User: N/A
> Computer: XPS1530-PC
> Description:
> Code integrity determined that the image hash of a file is not valid. The
> file could be corrupt due to unauthorized modification or the invalid hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-Security-Auditing"
> Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
> <EventID>5038</EventID>
> <Version>0</Version>
> <Level>0</Level>
> <Task>12290</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8010000000000000</Keywords>
> <TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
> <EventRecordID>27081</EventRecordID>
> <Correlation />
> <Execution ProcessID="4" ThreadID="56" />
> <Channel>Security</Channel>
> <Computer>XPS1530-PC</Computer>
> <Security />
> </System>
> <EventData>
> <Data
> Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
> </EventData>
> </Event>
>
> OS Vista Ultimate SP1
>
> I have no idea why this failure is showing up, is there a specific service
> needed for the audit success? Other than seeing the error(s) occur via Event
> Viewer, I have not had any issues with connectivity, and other security
> audits complete fine without failure. Anyone have any ideas what might fix
> this? I do not believe I modified the tcpip.sys in any way
Paul Shapiro
Guest
Posts: n/a
 
Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor
Posted: 11-10-2008, 01:04 AM
Interesting. My Vista 64 SP1 crashed two days ago for the first time in
months, and reported the same error with the same file. It just happened
once so I didn't investigate further. Seems to have been working fine since
then and no more error message in the event log. I wondered if was
antivirus-related? I have Trend Micro plus Windows Defender. Anything sound
familiar?

"Engel" <Engel@discussions.microsoft.com> wrote in message
news:8B730BEF-0E34-4965-B8E0-0B5742ACA61A@microsoft.com...
>
> See if the information in this article, "How to Repair and Verify the
> Integrity of Vista System Files with System File Checker"
>
> <http://www.vistax64.com/tutorials/66978-system-files.html>
>
> Good luck
>
>
> Ǝиçεl
> -=-
>
>
> "artfuldodga" wrote:
>
>> Code integrity determined that the image hash of a file is not valid.
>> The
>> file could be corrupt due to unauthorized modification or the invalid
>> hash
>> could indicate a potential disk device error.
>>
>> File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>>
>> Log Name: Security
>> Source: Microsoft-Windows-Security-Auditing
>> Date: 8/11/08 3:35p
>> Event ID: 5038
>> Task Category: System Integrity
>> Level: Information
>> Keywords: Audit Failure
>> User: N/A
>> Computer: XPS1530-PC
>> Description:
>> OS Vista Ultimate SP1
>>
>> I have no idea why this failure is showing up, is there a specific
>> service
>> needed for the audit success? Other than seeing the error(s) occur via
>> Event
>> Viewer, I have not had any issues with connectivity, and other security
>> audits complete fine without failure. Anyone have any ideas what might
>> fix
>> this? I do not believe I modified the tcpip.sys in any way
artfuldodga
Guest
Posts: n/a
 
RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid
Posted: 11-12-2008, 12:35 PM
yeah so the results of the manual check.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>sfc /verifyfile=C:\Windows\System32\drivers\tcpip.sys
Windows Resource Protection did not find any integrity violations.

error is still showing up in event viewer with no adverse effects, wondering
where i can go from here in order to sort it out? maybe i need to have a
specific service enabled in order for it to process correctly, any more ideas?

"Engel" wrote:
>
> See if the information in this article, "How to Repair and Verify the
> Integrity of Vista System Files with System File Checker"
>
> <http://www.vistax64.com/tutorials/66978-system-files.html>
>
> Good luck
>
>
> Ǝиçεl
> -=-
>
>
> "artfuldodga" wrote:
>
> > Code integrity determined that the image hash of a file is not valid. The
> > file could be corrupt due to unauthorized modification or the invalid hash
> > could indicate a potential disk device error.
> >
> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
> >
> > Log Name: Security
> > Source: Microsoft-Windows-Security-Auditing
> > Date: 8/11/08 3:35p
> > Event ID: 5038
> > Task Category: System Integrity
> > Level: Information
> > Keywords: Audit Failure
> > User: N/A
> > Computer: XPS1530-PC
> > Description:
> > Code integrity determined that the image hash of a file is not valid. The
> > file could be corrupt due to unauthorized modification or the invalid hash
> > could indicate a potential disk device error.
> >
> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
> > Event Xml:
> > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> > <System>
> > <Provider Name="Microsoft-Windows-Security-Auditing"
> > Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
> > <EventID>5038</EventID>
> > <Version>0</Version>
> > <Level>0</Level>
> > <Task>12290</Task>
> > <Opcode>0</Opcode>
> > <Keywords>0x8010000000000000</Keywords>
> > <TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
> > <EventRecordID>27081</EventRecordID>
> > <Correlation />
> > <Execution ProcessID="4" ThreadID="56" />
> > <Channel>Security</Channel>
> > <Computer>XPS1530-PC</Computer>
> > <Security />
> > </System>
> > <EventData>
> > <Data
> > Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
> > </EventData>
> > </Event>
> >
> > OS Vista Ultimate SP1
> >
> > I have no idea why this failure is showing up, is there a specific service
> > needed for the audit success? Other than seeing the error(s) occur via Event
> > Viewer, I have not had any issues with connectivity, and other security
> > audits complete fine without failure. Anyone have any ideas what might fix
> > this? I do not believe I modified the tcpip.sys in any way
Allan
Guest
Posts: n/a
 
Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid
Posted: 11-19-2008, 07:43 PM

"artfuldodga" <artfuldodga@discussions.microsoft.com> wrote in message
news:BCDD2D91-75C1-4695-9C7C-B1EA98AEAEFC@microsoft.com...
> yeah so the results of the manual check.
>
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. All rights reserved.
> C:\Windows\system32>sfc /verifyfile=C:\Windows\System32\drivers\tcpip.sys
> Windows Resource Protection did not find any integrity violations.
>
> error is still showing up in event viewer with no adverse effects,
> wondering
> where i can go from here in order to sort it out? maybe i need to have a
> specific service enabled in order for it to process correctly, any more
> ideas?
>
> "Engel" wrote:
>
>>
>> See if the information in this article, "How to Repair and Verify the
>> Integrity of Vista System Files with System File Checker"
>>
>> <http://www.vistax64.com/tutorials/66978-system-files.html>
>>
>> Good luck
>>
>>
>> Ǝиçεl
>> -=-
>>
>>
>> "artfuldodga" wrote:
>>
>> > Code integrity determined that the image hash of a file is not valid.
>> > The
>> > file could be corrupt due to unauthorized modification or the invalid
>> > hash
>> > could indicate a potential disk device error.
>> >
>> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>> >
>> > Log Name: Security
>> > Source: Microsoft-Windows-Security-Auditing
>> > Date: 8/11/08 3:35p
>> > Event ID: 5038
>> > Task Category: System Integrity
>> > Level: Information
>> > Keywords: Audit Failure
>> > User: N/A
>> > Computer: XPS1530-PC
>> > Description:
>> > Code integrity determined that the image hash of a file is not valid.
>> > The
>> > file could be corrupt due to unauthorized modification or the invalid
>> > hash
>> > could indicate a potential disk device error.
>> >
>> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>> > Event Xml:
>> > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>> > <System>
>> > <Provider Name="Microsoft-Windows-Security-Auditing"
>> > Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
>> > <EventID>5038</EventID>
>> > <Version>0</Version>
>> > <Level>0</Level>
>> > <Task>12290</Task>
>> > <Opcode>0</Opcode>
>> > <Keywords>0x8010000000000000</Keywords>
>> > <TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
>> > <EventRecordID>27081</EventRecordID>
>> > <Correlation />
>> > <Execution ProcessID="4" ThreadID="56" />
>> > <Channel>Security</Channel>
>> > <Computer>XPS1530-PC</Computer>
>> > <Security />
>> > </System>
>> > <EventData>
>> > <Data
>> > Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
>> > </EventData>
>> > </Event>
>> >
>> > OS Vista Ultimate SP1
>> >
>> > I have no idea why this failure is showing up, is there a specific
>> > service
>> > needed for the audit success? Other than seeing the error(s) occur via
>> > Event
>> > Viewer, I have not had any issues with connectivity, and other security
>> > audits complete fine without failure. Anyone have any ideas what might
>> > fix
>> > this? I do not believe I modified the tcpip.sys in any way
Try replacing the module from the installation media with a good copy after
backing up this allegedly corrupted driver. You should not have to do a
complete repair reinstallation (I don't believe so).

--
Allan

 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Audit failure on tcpip.sys Jeff Windows Vista Security 1 02-07-2008 03:58 PM
Help with Failure Audit in Event Viewer needed! John Latter Windows XP New Users 2 09-21-2004 04:25 PM
Event viewer - Security - Success Audit - Privilege Use Rob Windows XP Security & Administration 2 01-15-2004 02:48 PM
Failure Audit Security Log Event ID 577 Jake Windows XP Security & Administration 6 11-14-2003 06:35 PM
Event Viewer Failure Audit HELP PLEASE Confused Windows XP Security & Administration 0 10-22-2003 07:54 PM