Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 6281 Source: Microsoft-Windows-Security-Auditing

Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Program Files\ThreatFire\TFWAH.dll
Some users reported this after upgrading to a new version of Windows (i.e. from Vista to Windows 7). If that's the case, the software that is reported in the event may have to be re-installed.
In one case, the software mentioned in the event (BitDefender) had the wrong hashing information and the vendor fixed it by releasing a new version (from version 10 to version 11). The vendor also said that at least in their case, the event can be ignored as it will not affect the functionality of the software.
A support forum posts suggests running the SFC utility (Windows File Checker - Scans all protected system files and replaces incorrect versions with correct Microsoft versions.). In a command line prompt, type:

sfc /ScanNow

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.