Knowledge Base

Yes

Environment

Carbon Black Cloud sensor: All Supported Versions
- Endpoint Standard
- Enterprise EDR
Microsoft Windows: All Supported Versions

Symptoms

Windows Security Event log show an error similar to:

Event ID:      5038

Task Category: System Integrity

Keywords:      Audit Failure

Description:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

Cause

Interop issue due to Windows code integrity enforcement.

Resolution

The event has no negative effect can be ignored

Knowledge Base

Carbon Black Cloud: Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.

Carbon Black Cloud: Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.

Environment

Symptoms

Cause

Resolution

Audit and Remediation

Carbon Black Cloud

Container

Endpoint Standard

Enterprise EDR

Managed Detection

Managed Detection and Response

Prevention

Workload

Knowledge Base

Carbon Black Cloud: Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.

Carbon Black Cloud: Event Log Message: Event ID 5038 Code integrity determined that the image hash of a file is not valid.

Environment

Symptoms

Cause

Resolution

Thank you for your feedback.

Thank you for your feedback.