Windows Defender & Event ID 5038

  1.    30 Oct 2017 #1

    Windows Defender & Event ID 5038


    Anyone else seeing this or know what the issue might be?
    I've noticed lately, on my HP Envy laptop (see specs) ... every time Windows Defender Updates, I get two Event Id 5038 errors.

    Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5038</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2017-10-30T17:55:07.764628100Z" />
    <EventRecordID>52167</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="128" />
    <Channel>Security</Channel>
    <Computer>EAGLE-HP</Computer>
    <Security />
    </System>
    - <EventData>
    <Data Name="param1">\Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKslfbb3ad3a.sys</Data>
    </EventData>
    </Event>

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5038</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2017-10-30T17:55:06.667979200Z" />
    <EventRecordID>52166</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="488" />
    <Channel>Security</Channel>
    <Computer>EAGLE-HP</Computer>
    <Security />
    </System>
    - <EventData>
    <Data Name="param1">\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{76A494C8-D093-4CE8-9D00-50A07483D55A}\MpKsl6589f933.sys</Data>
    </EventData>
    </Event>

    Note: According to diskpart ... volume 3 is my EFI volume ... I ran HP's EFI Diagnostics and it reports no issues.

    DISKPART> list volume

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    Volume 0 E DVD-ROM 0 B No Media
    Volume 1 C Local NTFS Partition 654 GB Healthy Boot
    Volume 2 D Local NTFS Partition 276 GB Healthy
    Volume 3 EFI SYSTEM FAT32 Partition 550 MB Healthy System

    Things I've done ...
    HDD Tune & SeaTools - reports no issues with HDD
    Chkdsk (/x/f/r) - reports no issues
    Dism & Sfc - reports no issues
    Defender & Malwarebytes -reports no issues (rand full scans with both including rootkits for MB)
    Adware - reports no issues
    Rkill - reports no issues
    TDSKiller - reports no issues
      My ComputersSystem Spec

  2. dencal's Avatar
    Posts : 2,853
    W10 Pro + W10 Preview
       31 Oct 2017 #2
      My ComputersSystem Spec

  3.    31 Oct 2017 #3

    Hey dencal,
    Thanks, I had seen that post and tried those, but forgot to mention it. I turned Safe Boot off and deleted the pagefile.sys last night and just now manually checked updates and Defender updated with no Event Id 5038. Now to turn Safe Boot back on and see if it the Event Id 5038 comes back.

    Note: With no Event Id 5038 that xxxxxx.sys file actually shows up in the C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{xxxxx-xxxx-xxxx-xxxx-xxxxx} folder (where it didn't before) and no MpEngineStore folder is created or left in C:\Windows\System32
      My ComputersSystem Spec

  4.    01 Nov 2017 #4

    Update ...
    I turned Secure Boot back on and Windows Defender updated without generating Event Id 5038. Just guessing here, but I think when I cleaned up my partitions (duplicate winre) ... I had 100mb un-allocated partition stuck between the EFI System (450mb) and MSR(16mb) partitions. I extended the EFI partition from 450mb to 550mb to get rid of it and in doing that ... I changed/messed up something with Secure Boot. I guess ... turning it off and back on fixed it.
      My ComputersSystem Spec


 

Related Threads
Performance & Maintenance Clear All Event Logs in Event Viewer in Windows in Tutorials
How to Clear All Event Logs in Event Viewer in Windows Event Viewer is a tool that displays detailed information as event logs about significant events on your PC. Event logs are special files that record significant events on your PC,...
Hi. I have noticed that during the long duration my PC is on (18 hours), several apps keep getting crash. Even after I restart these apps, they will eventually crash. PC is still functioning. The apps that are crashing are: Asus AI Suite 2 (I...
Windows Defender error spamming my event viewer. in AntiVirus, Firewalls and System Security
The last couple days I've gotten this error about 40 times saying, Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error BA060000). Its labeled eventid 16, I've tried updating windows and its say there no updates...
Hello. Using BitDefender. Cant seem to activate Windows Defender (also). Does Bit Defender prohibit Windows Defender from being activated ? Any idea why I can't activate ? Assuming I can, somehow, do I want both ?
Hello everyone, I keep seeing this error appear several times a day, even during idle, in my Event Viewer. I did a clean install of build 10586 less than a month ago. I'm not having any overt issues yet, but the error is disturbing. ...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 16:41.
Find Us