1.    2 Weeks Ago #1
    Join Date : Oct 2016
    Charlotte, NC
    Posts : 437
    Win10 Home x64 - 1709

    Windows Defender & Event ID 5038


    Anyone else seeing this or know what the issue might be?
    I've noticed lately, on my HP Envy laptop (see specs) ... every time Windows Defender Updates, I get two Event Id 5038 errors.

    Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5038</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2017-10-30T17:55:07.764628100Z" />
    <EventRecordID>52167</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="128" />
    <Channel>Security</Channel>
    <Computer>EAGLE-HP</Computer>
    <Security />
    </System>
    - <EventData>
    <Data Name="param1">\Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKslfbb3ad3a.sys</Data>
    </EventData>
    </Event>

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5038</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2017-10-30T17:55:06.667979200Z" />
    <EventRecordID>52166</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="488" />
    <Channel>Security</Channel>
    <Computer>EAGLE-HP</Computer>
    <Security />
    </System>
    - <EventData>
    <Data Name="param1">\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{76A494C8-D093-4CE8-9D00-50A07483D55A}\MpKsl6589f933.sys</Data>
    </EventData>
    </Event>

    Note: According to diskpart ... volume 3 is my EFI volume ... I ran HP's EFI Diagnostics and it reports no issues.

    DISKPART> list volume

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    Volume 0 E DVD-ROM 0 B No Media
    Volume 1 C Local NTFS Partition 654 GB Healthy Boot
    Volume 2 D Local NTFS Partition 276 GB Healthy
    Volume 3 EFI SYSTEM FAT32 Partition 550 MB Healthy System

    Things I've done ...
    HDD Tune & SeaTools - reports no issues with HDD
    Chkdsk (/x/f/r) - reports no issues
    Dism & Sfc - reports no issues
    Defender & Malwarebytes -reports no issues (rand full scans with both including rootkits for MB)
    Adware - reports no issues
    Rkill - reports no issues
    TDSKiller - reports no issues
      My ComputersSystem Spec
  2.    2 Weeks Ago #2
    Join Date : Oct 2014
    Posts : 2,454
    W10 Pro + W10 Preview
      My ComputersSystem Spec
  3.    2 Weeks Ago #3
    Join Date : Oct 2016
    Charlotte, NC
    Posts : 437
    Win10 Home x64 - 1709
    Thread Starter

    Hey dencal,
    Thanks, I had seen that post and tried those, but forgot to mention it. I turned Safe Boot off and deleted the pagefile.sys last night and just now manually checked updates and Defender updated with no Event Id 5038. Now to turn Safe Boot back on and see if it the Event Id 5038 comes back.

    Note: With no Event Id 5038 that xxxxxx.sys file actually shows up in the C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{xxxxx-xxxx-xxxx-xxxx-xxxxx} folder (where it didn't before) and no MpEngineStore folder is created or left in C:\Windows\System32
      My ComputersSystem Spec
  4.    2 Weeks Ago #4
    Join Date : Oct 2016
    Charlotte, NC
    Posts : 437
    Win10 Home x64 - 1709
    Thread Starter

    Update ...
    I turned Secure Boot back on and Windows Defender updated without generating Event Id 5038. Just guessing here, but I think when I cleaned up my partitions (duplicate winre) ... I had 100mb un-allocated partition stuck between the EFI System (450mb) and MSR(16mb) partitions. I extended the EFI partition from 450mb to 550mb to get rid of it and in doing that ... I changed/messed up something with Secure Boot. I guess ... turning it off and back on fixed it.
      My ComputersSystem Spec

 


Similar Threads
Thread Forum
Performance & Maintenance Clear All Event Logs in Event Viewer in Windows
How to Clear All Event Logs in Event Viewer in Windows Event Viewer is a tool that displays detailed information as event logs about significant events on your PC. Event logs are special files that record significant events on your PC, such as...
Tutorials
Multiple Application Errors (Event 1000) in Event Viewer
Hi. I have noticed that during the long duration my PC is on (18 hours), several apps keep getting crash. Even after I restart these apps, they will eventually crash. PC is still functioning. The apps that are crashing are: Asus AI Suite 2 (I...
BSOD Crashes and Debugging
Windows Defender error spamming my event viewer.
The last couple days I've gotten this error about 40 times saying, Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error BA060000). Its labeled eventid 16, I've tried updating windows and its say there no updates...
AntiVirus, Firewalls and System Security
Does Bit Defender Prohibit Windows Defender From Being Activated Too ?
Hello. Using BitDefender. Cant seem to activate Windows Defender (also). Does Bit Defender prohibit Windows Defender from being activated ? Any idea why I can't activate ? Assuming I can, somehow, do I want both ?
AntiVirus, Firewalls and System Security
Event Viewer Errors: SettingSyncHost, Source ESENT, Event 467
Hello everyone, I keep seeing this error appear several times a day, even during idle, in my Event Viewer. I did a clean install of build 10586 less than a month ago. I'm not having any overt issues yet, but the error is disturbing. ...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 11:04.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums