| Subject: Event 5038, Microsoft Windows security auditing. fveapi.dll |
| Group: microsoft.public.windows.vista.security |
| Date: 7/30/2008 10:03:02 AM |
| From: =?Utf-8?B?UGV0ZXIgSw==?= [Email Address Protection] |
I get this security event a lot on Vista 32-bit SP1: "Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dll" This file is located in two places on my system, and it seems the same in both: C:\Windows\System32\fveapi.dll C:\Windows\SoftwareDistribution\Download\f7fd361ee72a8e86a63bf6b0eb2d2503\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll Version: 6.0.6001.18000 Size: 173056 bytes SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d Can someone else verify this to be the correct file after 32-bit SP1 is installed? If it IS correct, why do I get an incredible pause sometimes when loading a program that uses this DLL, followed by this audit failure event in the log, but then apparently everything continues on as it should...? ------------------------------------------------------------------------ Peter Klavins |
| Back |
| Subject: Re: Event 5038, Microsoft Windows security auditing. fveapi.dll |
| Group: microsoft.public.windows.vista.security |
| Date: 7/30/2008 11:59:31 AM |
| From: Paul Montgomery [Email Address Protection] |
On Wed, 30 Jul 2008 11:19:00 -0700, BillD <BillD@discussions.microsoft.com> wrote: > > >"Peter K" wrote: > >> This file is located in two places on my system, and it seems the same in >> both: >> >> C:\Windows\System32\fveapi.dll > >fveapi.dll is not part of Vista. I haven't it. In your case, it's probably a bug. I can't wait for your post about it. |
| Back |
| Subject: Re: Event 5038, Microsoft Windows security auditing. fveapi.dll |
| Group: microsoft.public.windows.vista.security |
| Date: 7/30/2008 12:02:47 PM |
| From: "meerkat" [Email Address Protection] |
"Peter K" <p.klavins@online.nospam> wrote in message news:C01FBA1D-1570-4B35-B6C3-6B7097F47A9D@microsoft.com... >I get this security event a lot on Vista 32-bit SP1: > > "Code integrity determined that the image hash of a file is not valid. > The > file could be corrupt due to unauthorized modification or the invalid hash > could indicate a potential disk device error. > > File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dll" > > This file is located in two places on my system, and it seems the same in > both: > > C:\Windows\System32\fveapi.dll > C:\Windows\SoftwareDistribution\Download\f7fd361ee72a8e86a63bf6b0eb2d2503\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll > > Version: 6.0.6001.18000 > Size: 173056 bytes > SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d > > Can someone else verify this to be the correct file after 32-bit SP1 is > installed? > > If it IS correct, why do I get an incredible pause sometimes when loading > a > program that uses this DLL, followed by this audit failure event in the > log, > but then apparently everything continues on as it should...? > . Hi Peter K Go here and have a read. http://www.greatis.com/vista/DLL/f/fveapi.dll.htm bw.. |
| Back |
| Subject: Re: Event 5038, Microsoft Windows security auditing. fveapi.dll |
| Group: microsoft.public.windows.vista.security |
| Date: 7/31/2008 9:15:03 AM |
| From: =?UTF-8?B?UMSTdGVyaXMgS8S8YXZpxYbFoQ==?= [Email Address Protection] |
Peter K wrote: > I get this security event a lot on Vista 32-bit SP1: > > "Code integrity determined that the image hash of a file is not valid. The > file could be corrupt due to unauthorized modification or the invalid hash > could indicate a potential disk device error. > > File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dll" > Well, by chance in my digging I came across another tab in the Event Viewer that showed another event related to the same problem that must cascade into the security auditing event above: Event ID 3002, "Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dll" Putting this into Google reveals this quite informational Microsoft web page "User-mode Protected Media Path File Validation": http://technet2.microsoft.com/windowsserver2008/en/library/81e36ccc-e318-42ec-8a5e-41ccb306fc211033.mspx?mfr=true in which the fix for this problem is to do a Startup Repair. I'll try that this evening! ------------------------------------------------------------------------ Peter Klavins klavins@netspace.net.au |
| Back |
| Subject: Re: Event 5038, Microsoft Windows security auditing. fveapi.dll |
| Group: microsoft.public.windows.vista.security |
| Date: 7/31/2008 2:22:33 PM |
| From: "Peter Foldes" [Email Address Protection] |
See the following http://www.greatis.com/vista/DLL/f/fveapi.dll.htm --=20 Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Peter K" <p.klavins@online.nospam> wrote in message = news:C01FBA1D-1570-4B35-B6C3-6B7097F47A9D@microsoft.com... >I get this security event a lot on Vista 32-bit SP1: >=20 > "Code integrity determined that the image hash of a file is not valid. = The=20 > file could be corrupt due to unauthorized modification or the invalid = hash=20 > could indicate a potential disk device error. >=20 > File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dll" >=20 > This file is located in two places on my system, and it seems the same = in=20 > both: >=20 > C:\Windows\System32\fveapi.dll > = C:\Windows\SoftwareDistribution\Download\f7fd361ee72a8e86a63bf6b0eb2d2503= \x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000= _none_34daa5e8f21ef8d2\fveapi.dll >=20 > Version: 6.0.6001.18000 > Size: 173056 bytes > SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d >=20 > Can someone else verify this to be the correct file after 32-bit SP1 = is=20 > installed? >=20 > If it IS correct, why do I get an incredible pause sometimes when = loading a=20 > program that uses this DLL, followed by this audit failure event in = the log,=20 > but then apparently everything continues on as it should...? >=20 > = ------------------------------------------------------------------------ > Peter Klavins |
| Back |