Elastic Windows Event Explorer


Publisher - Microsoft-Windows-CodeIntegrity

Event ID 3032 v1

Message:

Code Integrity determined a revoked image %{FileNameBuffer} is loaded into the system.  Check with the publisher to see if a new signed version of the image is available.

Event Data:

# Name In Type
Out Type
1 FileNameLength win:UInt16 xs:unsignedShort
2 FileNameBuffer win:UnicodeString xs:string
3 SecureRequired win:HexInt32 win:HexInt32
4 RequestedSigningLevel win:UInt8 xs:unsignedByte
5 ProcessNameLength win:UInt16 xs:unsignedShort
6 ProcessNameBuffer win:UnicodeString xs:string

Observed Windows Versions:

Version: 1

Fingerprint: GIAMPMZCXVN4W