Jump to content

Code Intégrity


Recommended Posts

Hello,

Since I migrated to Windows 10, and Installed Nod32, I got at least 4 times a day a system lock. 

By looking at all event journals, I found a lot of times,  the error below in the "code Integrity" journal.  I'm not sure my problems come from this, but I prefer ask you for it, especially because  I notices all recorded times correspond to my lock times. 

Thanks in advance.

Gérard

Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

+ System 

  - Provider 

   [ Name]  Microsoft-Windows-CodeIntegrity 
   [ Guid]  {4ee76bd8-3cf4-44a0-a0ac-3937643e37a3} 
 
   EventID 3033 
 
   Version 0 
 
   Level 2 
 
   Task 1 
 
   Opcode 111 
 
   Keywords 0x8000000000000000 
 
  - TimeCreated 

   [ SystemTime]  2021-02-15T10:38:11.3871372Z 
 
   EventRecordID 16403 
 
  - Correlation 

   [ ActivityID]  {0ce77fef-0378-0007-b0a7-e70c7803d701} 
 
  - Execution 

   [ ProcessID]  2284 
   [ ThreadID]  12768 
 
   Channel Microsoft-Windows-CodeIntegrity/Operational 
 
   Computer GEGE-ASUS 
 
  - Security 

   [ UserID]  S-1-5-18 
 

- EventData 

  FileNameLength 57 
  FileNameBuffer \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll 
  ProcessNameLength 65 
  ProcessNameBuffer \Device\HarddiskVolume6\Program Files\ESET\ESET Security\ekrn.exe 
  RequestedPolicy 7 
  ValidatedPolicy 1 
  Status 3221226536 

 

Link to comment
Share on other sites

  • Administrators

In order to investigate the issue, please carry on as follows:

- configure Windows to generate complete memory dumps as per https://support.eset.com/en/kb380
- reboot the machine
- reproduce the lock
- manually generate a system crash as per the above KB so that a dump is generated
- after a reboot, compress the memory dump
- collect logs with ESET Log Collector
- open a support ticket with your local ESET distributor and provide them with the dump and ELC logs.

Link to comment
Share on other sites

Do you have BonJour installed?

As far as this event log entry:

Quote

Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Appears Bonjour attempts to inject mdnsNSP.dll into every running process: https://apple.stackexchange.com/questions/132336/windows-why-does-bonjours-mdnsnsp-dll-inject-itself-into-every-process .  Eset's ekrn.exe process won't allow that due to certificate restrictions employed on it.

I don't even know if Bonjour runs properly on Win 10.

You can either ignore the event log entry or uninstall Bonjour. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...