Elastic Windows Event Explorer


Publisher - Microsoft-Windows-CodeIntegrity

Event ID 3001 v1

Message:

Code Integrity determined an unsigned kernel module %{FileNameBuffer} is loaded into the system. Check with the publisher to see if a signed version of the kernel module is available.

Event Data:

# Name In Type
Out Type
1 FileNameLength win:UInt16 xs:unsignedShort
2 FileNameBuffer win:UnicodeString xs:string
3 SecureRequired win:HexInt32 win:HexInt32
4 RequestedSigningLevel win:UInt8 xs:unsignedByte
5 ProcessNameLength win:UInt16 xs:unsignedShort
6 ProcessNameBuffer win:UnicodeString xs:string

Observed Windows Versions:

Version: 1

Fingerprint: UDFQRRVUZWBXU