Event ID/Source search
Keyword searchExample: Windows cannot unload your registry file
Event ID: 6281 Source: Microsoft-Windows-Security-Auditing
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Program Files\ThreatFire\TFWAH.dll
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is a hash?
Some users reported this after upgrading to a new version of Windows (i.e. from Vista to Windows 7). If that's the case, the software that is reported in the event may have to be re-installed.
In one case, the software mentioned in the event (BitDefender) had the wrong hashing information and the vendor fixed it by releasing a new version (from version 10 to version 11). The vendor also said that at least in their case, the event can be ignored as it will not affect the functionality of the software.
A support forum posts suggests running the SFC utility (Windows File Checker - Scans all protected system files and replaces incorrect versions with correct Microsoft versions.). In a command line prompt, type:
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated