Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Windows File Protection|
The protected system file <file path> could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the Windows File Protection?
As per Microsoft: "Windows File Protection (WFP) prevents the replacement of protected system files such as .sys, .dll, .ocx, and .exe files. While Windows was shutting down, WFP was closed before it could complete a verification and/or replacement of the protected system file listed in the event". See MSW2KDB for more details.
If you are using McAfee VirusScan Multiplatform 4.5.1, then see the link to "Network Associates Support Solution ID: nai26580" to fix this problem.
"When a normal user (non-Administrator) is logged on to a Microsoft Windows 2000 Professional-based computer and Windows File Protection (WFP) prompts the user for an installation CD-ROM to replace a protected file, the user may not receive the prompt on their desktop. This behavior occurs because WFP uses Winlogon as the protection service that is running in the context of the system account. WFP does not interact with normal users.
Normally, WFP posts system event log messages when a protected file is replaced, but the event message is not posted until the WFP dialog box is answered. Because typical users do not know that WFP is prompting them for the installation source, the computer may be restarted before the WFP dialog box is answered." In this situation the above error occurs. See Microsoft Knowledge Base Article ME258911.
For a description of the Windows 2000 Windows File Protection Feature see ME222193.
|Private comment: Subscribers only. See example of private comment|
|Links: ME222193, ME258911, Network Associates Support Solution ID: nai26580, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated