Event ID: 5038

Code integrity determined that the image hash of a file is not valid.

Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:  %1
Microsoft Documentation

Event ID - 5038



The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

This event generates by Code Integrity feature if the signature of a file is not valid.

Code Integrity is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.



Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"System Integrity"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List