Jump to content

Question about Event Id 5038


Recommended Posts

I had to reset my pc and now under audit failure code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid has could indicate a potential disk device error. \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll.   What I want to know is this safe and I get  this when I turn on my computer and during the day at different times?

Link to comment
Share on other sites

If you check the forum, there are multiple postings about it.

Yes, it is safe. Is it the proper way for Eset to do things, the answer is no. These are code integrity errors. Windows won't allow .dll injection into Code Integrity Guard protected processes unless they are properly signed. Eset's .dlls are not so signed.

Edited by itman
Link to comment
Share on other sites

Also of note is the only svchost.exe instance that Eset is injecting on an extended basis after system startup is WMI:

Eset_WMI.thumb.png.9d37e48c818ae734bb6c9dfd00ac6653.png

Edited by itman
Link to comment
Share on other sites

  • 1 month later...

I have had my computer on all day and I just noticed under audit failure event 5038  I had 6 audit failures at 2.42 pm.  I have not restarted my computer or anything.  Is this normal?

Link to comment
Share on other sites

19 minutes ago, Purpleroses said:

I have had my computer on all day and I just noticed under audit failure event 5038  I had 6 audit failures at 2.42 pm.  I have not restarted my computer or anything.  Is this normal?

Those are code integrity errors.

If the entries are in regards to eamsi.dll, you can disregard them.

Ref.: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5038

Link to comment
Share on other sites

Yes they are related to  eamsi.dll.  I just thought those  only happen if you shut down or restart your computer.  But I have done neither of those two things of shutting down or restarting my computer today? Thank you Itman

Edited by Purpleroses
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...