Environment
- Carbon Black Cloud sensor: All Supported Versions
- Endpoint Standard
- Enterprise EDR
- Microsoft Windows: All Supported Versions
Symptoms
Windows Security Event log show an error similar to:
Event ID: 5038
Task Category: System Integrity
Keywords: Audit Failure
Description:
Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
Cause
Interop issue due to Windows code integrity enforcement.
Resolution
The event has no negative effect can be ignored