Purpleroses 21 Posted November 12, 2020 Share Posted November 12, 2020 I had to reset my pc and now under audit failure code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid has could indicate a potential disk device error. \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll. What I want to know is this safe and I get this when I turn on my computer and during the day at different times? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted November 12, 2020 Administrators Share Posted November 12, 2020 This was already discussed here: https://forum.eset.com/topic/25035-program-fileseseteset-nod32-antiviruseamsidll Do you have an older machine with BIOS or a newer one with UEFI? Do you have the latest version of ESET 14.0 installed? Link to comment Share on other sites More sharing options...
itman 1,741 Posted November 12, 2020 Share Posted November 12, 2020 (edited) If you check the forum, there are multiple postings about it. Yes, it is safe. Is it the proper way for Eset to do things, the answer is no. These are code integrity errors. Windows won't allow .dll injection into Code Integrity Guard protected processes unless they are properly signed. Eset's .dlls are not so signed. Edited November 12, 2020 by itman Link to comment Share on other sites More sharing options...
Purpleroses 21 Posted November 12, 2020 Author Share Posted November 12, 2020 Marco I have a new computer with UEFI. Plus I have version 14.0.22.0. Thank you both for responding Link to comment Share on other sites More sharing options...
itman 1,741 Posted November 12, 2020 Share Posted November 12, 2020 (edited) Also of note is the only svchost.exe instance that Eset is injecting on an extended basis after system startup is WMI: Edited November 12, 2020 by itman Link to comment Share on other sites More sharing options...
Purpleroses 21 Posted December 17, 2020 Author Share Posted December 17, 2020 I have had my computer on all day and I just noticed under audit failure event 5038 I had 6 audit failures at 2.42 pm. I have not restarted my computer or anything. Is this normal? Link to comment Share on other sites More sharing options...
itman 1,741 Posted December 17, 2020 Share Posted December 17, 2020 19 minutes ago, Purpleroses said: I have had my computer on all day and I just noticed under audit failure event 5038 I had 6 audit failures at 2.42 pm. I have not restarted my computer or anything. Is this normal? Those are code integrity errors. If the entries are in regards to eamsi.dll, you can disregard them. Ref.: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5038 Link to comment Share on other sites More sharing options...
Purpleroses 21 Posted December 17, 2020 Author Share Posted December 17, 2020 (edited) Yes they are related to eamsi.dll. I just thought those only happen if you shut down or restart your computer. But I have done neither of those two things of shutting down or restarting my computer today? Thank you Itman Edited December 17, 2020 by Purpleroses Link to comment Share on other sites More sharing options...
Recommended Posts