Elastic Windows Event Explorer


Publisher - Microsoft-Windows-CodeIntegrity

Event ID 3081 v12

Message:

Code Integrity determined that a process (%{Process Name}) attempted to load %{File Name} that violated Driver policy.

Event Data:

# Name In Type
Out Type
1 FileNameLength win:UInt16 xs:unsignedShort
2 File Name win:UnicodeString xs:string
3 ProcessNameLength win:UInt16 xs:unsignedShort
4 Process Name win:UnicodeString xs:string
5 Requested Signing Level win:UInt8 xs:unsignedByte
6 Validated Signing Level win:UInt8 xs:unsignedByte
7 Status win:HexInt32 win:HexInt32
8 SHA1 Hash Size win:UInt32 xs:unsignedInt
9 SHA1 Hash win:Binary xs:hexBinary
10 SHA256 Hash Size win:UInt32 xs:unsignedInt
11 SHA256 Hash win:Binary xs:hexBinary
12 USN win:UInt64 win:HexInt64
13 SI Signing Scenario win:UInt32 xs:unsignedInt
14 PolicyNameLength win:UInt16 xs:unsignedShort
15 PolicyName win:UnicodeString xs:string
16 PolicyIDLength win:UInt16 xs:unsignedShort
17 PolicyID win:UnicodeString xs:string
18 PolicyHashSize win:UInt32 xs:unsignedInt
19 PolicyHash win:Binary xs:hexBinary
20 OriginalFileNameLength win:UInt16 xs:unsignedShort
21 OriginalFileName win:UnicodeString xs:string
22 InternalNameLength win:UInt16 xs:unsignedShort
23 InternalName win:UnicodeString xs:string
24 FileDescriptionLength win:UInt16 xs:unsignedShort
25 FileDescription win:UnicodeString xs:string
26 ProductNameLength win:UInt16 xs:unsignedShort
27 ProductName win:UnicodeString xs:string
28 FileVersion win:AnsiString xs:string

Observed Windows Versions:

Version: 12

Fingerprint: YM57XHSRDD4NC