EventID.Net
 
home| search| account| evlog| eventreader| it admin tasks| tcp/ip ports| documents | contributors| about us 
 
Event ID/Source search
Event ID: Event Source:
Keyword search
Example: Windows cannot unload your registry file
EventID.Net Splunk Add-on

Splunk Add-onBuild a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.

read more...
 
Event ID: 64008 Source: Windows File Protection
Source: Windows File Protection
Type: Warning
Description:
The protected system file <file path> could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
English: Request a translation of the event description in plain English.
Concepts to understand:
What is the Windows File Protection?
Comments:
EventID.Net
As per Microsoft: "Windows File Protection (WFP) prevents the replacement of protected system files such as .sys, .dll, .ocx, and .exe files. While Windows was shutting down, WFP was closed before it could complete a verification and/or replacement of the protected system file listed in the event". See MSW2KDB for more details.
Click if the comment is good! x 4

EventID.Net
If you are using McAfee VirusScan Multiplatform 4.5.1, then see the link to "Network Associates Support Solution ID: nai26580" to fix this problem.
Click if the comment is good! x 8

Grayhoodrelic
"When a normal user (non-Administrator) is logged on to a Microsoft Windows 2000 Professional-based computer and Windows File Protection (WFP) prompts the user for an installation CD-ROM to replace a protected file, the user may not receive the prompt on their desktop. This behavior occurs because WFP uses Winlogon as the protection service that is running in the context of the system account. WFP does not interact with normal users.

Normally, WFP posts system event log messages when a protected file is replaced, but the event message is not posted until the WFP dialog box is answered. Because typical users do not know that WFP is prompting them for the installation source, the computer may be restarted before the WFP dialog box is answered." In this situation the above error occurs. See Microsoft Knowledge Base Article ME258911.

For a description of the Windows 2000 Windows File Protection Feature see ME222193.
Click if the comment is good! x 4
Private comment: Subscribers only. See example of private comment
Links: ME222193, ME258911, Network Associates Support Solution ID: nai26580, MSW2KDB
Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...
Feedback: Send comments or solutions - Notify me when updated

Printer friendly

  • Subscribe
    SubscribeSubscribe to EventID.Net now!
    Already a subscriber? Login here!

 





 

 

Recommend Us


  • Quick Tip
    Connect to EventID.Net directly from the Microsoft Event Viewer!
    Instructions


Customer services

Contact us
Support
Terms of Use

Help & FAQ

Sales FAQ
EventID.Net FAQ
Advertise with us

Articles

Managing logs
Recommended books
Newsletter

Links

Follow us on Facebook
Firegen Log Analyzers
Link to us


© Copyright 2001-2016 EventID.Net