Results 1 to 6 of 6

Thread: Windows 7 Security Log Event ID 6281

  1. #1
    duras Guest

    Default Windows 7 Security Log Event ID 6281

    I am having problems with Windows 7 security alerts and ZASS:

    In my windows logs I get this event:

    Log Name: Security
    Source: Microsoft-Windows-Security-Auditing
    Date: 28/12/2009 5:29:45 PM
    Event ID: 6281
    Task Category: System Integrity
    Level: Information
    Keywords: Audit Failure
    User: N/A
    Computer: xxxx-PC
    Description:
    Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    It is a brand new hard drive and I ran CHKDSK with no errors. I installed the new disk on 24/12 and the error has occurred 153 times. Any advice from anyone?

    Regards
    kpgduras

    ZoneAlarm Security Suite version:9.1.008.000
    TrueVector version:9.1.008.000
    Driver version:9.1.008.000
    Anti-virus engine version:8.0.2.42
    Anti-virus signature DAT file version:1000116608
    AntiSpam version:6.0.0.2383
    Last edited by duras; December 28th, 2009 at 02:08 AM. Reason: Added ZASS details

  2. #2
    cyostendorf Guest

    Default Re: Windows 7 Security Log Event ID 6281

    I have noticed the same problem in Windows 7. I am getting the same log message and am using the same version of ZA Internet Suite.

    This is the entry from Microsoft for " Event ID 3002 — User-mode Protected Media Path File ValidationUpdated: December 16, 2008

    Applies To: Windows Server 2008 R2 (apparently also Win 7, my addition)


    Protected Processes are used to enhance the Digital Rights Management technology in Windows Vista and Windows Server 2008. Code Integrity validates user-mode files loaded into Protected Processes that are part of the Protected Media Path. The validation compares the page hashes stored in the system security catalog files to the page hashes of the user-mode files themselves. If the page hashes in the system security catalog files do not match the page hashes from the system file, the system file is not loaded by the operating system.

    Additionally, Code Integrity validates cryptographic system files. The following cryptographic system files are validated by Code Integrity: bcrypt.dll, dssenh.dll, rsaenh.dll, win32_tpm.dll, and fveapi.all.

    Note: If a kernel debugger is attached to the computer, Code Integrity still validates the page hashes on the user-mode files against the page hashes stored in the system security catalog files, but the operating system will load the files."

    So something is wrong with the install package (no hash or wrong hash or the hash itself or something has changed the dll so the hash is different. The hash and computed hash do not agree.

    Anyone have any ideas?

  3. #3
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,461

    Post Re: Windows 7 Security Log Event ID 6281

    Quote Originally Posted by cyostendorf View Post
    I have noticed the same problem in Windows 7. I am getting the same log message and am using the same version of ZA Internet Suite.

    This is the entry from Microsoft for " Event ID 3002 — User-mode Protected Media Path File ValidationUpdated: December 16, 2008

    Applies To: Windows Server 2008 R2 (apparently also Win 7, my addition)

    ~~SNIP~~

    So something is wrong with the install package (no hash or wrong hash or the hash itself or something has changed the dll so the hash is different. The hash and computed hash do not agree.

    Anyone have any ideas?
    This Forum exist to allow Volunteer experienced Zone Alarm Users to help the Few Users who encounter a problem with ZoneAlarm and need to be guided in the right direction..

    Whenever posting here- or Contacting ZA Tech Support, it is always advisable to list your:Windows OS (XP SP 2-3 / Vista SP1-2 / Windows 7 32-Bit/64-Bit), your ZoneAlarm product Type (Free,Pro,AV, Suite,Extreme) and ZA version number (7.0,8.0,9.0,9.1), Brand of Computer and CPU, is it a DeskTop or Laptop, List any other Security Programs installed.


    It is Sometimes very Difficult to Diagnose and fix a Computer from halfway across the Country,
    without All the Details,without the ability to sit in front of your Computer monitor and see what's going on..

    Please Contact ZA Tech Support Directly by Clicking on the Support link in my Signature..

    Please Post back with your Progress Report..
    --------------------------------------------------------
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    cyostendorf Guest

    Default Re: Windows 7 Security Log Event ID 6281

    Quote Originally Posted by cyostendorf View Post
    I have noticed the same problem in Windows 7. I am getting the same log message and am using the same version of ZA Internet Suite.

    This is the entry from Microsoft for " Event ID 3002 — User-mode Protected Media Path File ValidationUpdated: December 16, 2008

    Applies To: Windows Server 2008 R2 (apparently also Win 7, my addition)


    Protected Processes are used to enhance the Digital Rights Management technology in Windows Vista and Windows Server 2008. Code Integrity validates user-mode files loaded into Protected Processes that are part of the Protected Media Path. The validation compares the page hashes stored in the system security catalog files to the page hashes of the user-mode files themselves. If the page hashes in the system security catalog files do not match the page hashes from the system file, the system file is not loaded by the operating system.

    Additionally, Code Integrity validates cryptographic system files. The following cryptographic system files are validated by Code Integrity: bcrypt.dll, dssenh.dll, rsaenh.dll, win32_tpm.dll, and fveapi.all.

    Note: If a kernel debugger is attached to the computer, Code Integrity still validates the page hashes on the user-mode files against the page hashes stored in the system security catalog files, but the operating system will load the files."

    So something is wrong with the install package (no hash or wrong hash or the hash itself or something has changed the dll so the hash is different. The hash and computed hash do not agree.

    Anyone have any ideas?
    The following is added information per the response I received.
    I will contact Tech Support also.

    Desktop, Asus Motherboard-M4A78EM With AMD Phenon II X2-550


    Running Windows 7 Ultimate, 64-bit


    Win 7 Security Log entry:

    Log Name: Security
    Source: Microsoft-Windows-Security-Auditing
    Date: 2/20/2010 9:49:37 AM
    Event ID: 6281
    Task Category: System Integrity
    Level: Information
    Keywords: Audit Failure
    User: N/A
    Computer: WIN7BLK-PC
    Description:
    Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll


    Zone Alarm Info:

    ZoneAlarm Security Suite version 9.1.008.000
    TrueVector security engine version 9.1.008.000
    Driver version 9.1.008.000
    Anti-virus/Anti-spyware engine version 8.0.2.42 file version 1012139552
    AntiSpam version 6.0.0.2385

  5. #5
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,461

    Smile Re: Windows 7 Security Log Event ID 6281

    Thank you for your Feedback..

    Please Post back here with your Progress Report so that Users of this Forum with a simular problem may benifit from the solution to your problem..

  6. #6
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,461

    Default Re: Windows 7 Security Log Event ID 6281

    Your Welcome..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •