Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 64008 Source: WindowsFileProtection

Level
Description
The protected system file <file path> could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
Comments
 
As per Microsoft: "Windows File Protection (WFP) prevents the replacement of protected system files such as .sys, .dll, .ocx, and .exe files. While Windows was shutting down, WFP was closed before it could complete a verification and/or replacement of the protected system file listed in the event". See MSW2KDB for more details.
If you are using McAfee VirusScan Multiplatform 4.5.1, then see the link to "Network Associates Support Solution ID: nai26580" to fix this problem.
"When a normal user (non-Administrator) is logged on to a Microsoft Windows 2000 Professional-based computer and Windows File Protection (WFP) prompts the user for an installation CD-ROM to replace a protected file, the user may not receive the prompt on their desktop. This behavior occurs because WFP uses Winlogon as the protection service that is running in the context of the system account. WFP does not interact with normal users.

Normally, WFP posts system event log messages when a protected file is replaced, but the event message is not posted until the WFP dialog box is answered. Because typical users do not know that WFP is prompting them for the installation source, the computer may be restarted before the WFP dialog box is answered." In this situation the above error occurs. See Microsoft Knowledge Base Article ME258911.

For a description of the Windows 2000 Windows File Protection Feature see ME222193.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...