Author Topic: eventlog err:did not meet the Windows signing level requirements  (Read 416 times)

0 Members and 1 Guest are viewing this topic.

Offline MattGinAZ

  • Newbie
  • *
  • Posts: 5
any ideas?

Log Name:      Microsoft-Windows-CodeIntegrity/Operational
Source:        Microsoft-Windows-CodeIntegrity
Date:          3/18/2023 6:52:18 AM
Event ID:      3033
Task Category: (1)
Level:         Error
Keywords:     
User:          LOCAL SERVICE
Computer:      Matt-Desktop
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CodeIntegrity" Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" />
    <EventID>3033</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>111</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2023-03-18T13:52:18.9839972Z" />
    <EventRecordID>19264</EventRecordID>
    <Correlation ActivityID="{d5a4d083-5852-000a-8914-a5d55258d901}" />
    <Execution ProcessID="5832" ThreadID="3684" />
    <Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel>
    <Computer>Matt-Desktop</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="FileNameLength">70</Data>
    <Data Name="FileNameBuffer">\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll</Data>
    <Data Name="ProcessNameLength">52</Data>
    <Data Name="ProcessNameBuffer">\Device\HarddiskVolume2\Windows\System32\svchost.exe</Data>
    <Data Name="RequestedPolicy">12</Data>
    <Data Name="ValidatedPolicy">1</Data>
    <Data Name="Status">3221226536</Data>
  </EventData>
</Event>

Offline MattGinAZ

  • Newbie
  • *
  • Posts: 5
Re: eventlog err:did not meet the Windows signing level requirements
« Reply #1 on: March 18, 2023, 04:18:11 PM »
more info ...
Log Name:      Microsoft-Windows-CodeIntegrity/Operational
Source:        Microsoft-Windows-CodeIntegrity
Date:          3/18/2023 6:52:18 AM
Event ID:      3089
Task Category: (1)
Level:         Information
Keywords:     
User:          LOCAL SERVICE
Computer:      Matt-Desktop
Description:
Signature information for another event. Match using the Correlation Id.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CodeIntegrity" Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" />
    <EventID>3089</EventID>
    <Version>2</Version>
    <Level>4</Level>
    <Task>1</Task>
    <Opcode>130</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2023-03-18T13:52:18.8472863Z" />
    <EventRecordID>19247</EventRecordID>
    <Correlation ActivityID="{d5a4d083-5852-0004-9869-a5d55258d901}" />
    <Execution ProcessID="5832" ThreadID="16072" />
    <Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel>
    <Computer>Matt-Desktop</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="TotalSignatureCount">1</Data>
    <Data Name="Signature">0</Data>
    <Data Name="CacheState">25</Data>
    <Data Name="Hash Size">32</Data>
    <Data Name="Hash">0C7D12E66B896B0F76E7C442CF955E8C2F28AEF9381B6FD64FBD5163F1456470</Data>
    <Data Name="PageHash">false</Data>
    <Data Name="SignatureType">1</Data>
    <Data Name="ValidatedSigningLevel">1</Data>
    <Data Name="VerificationError">7</Data>
    <Data Name="Flags">0</Data>
    <Data Name="PolicyBits">16</Data>
    <Data Name="NotValidBefore">2022-09-16T00:00:00.0000000Z</Data>
    <Data Name="NotValidAfter">2025-09-17T23:59:59.0000000Z</Data>
    <Data Name="PublisherNameLength">21</Data>
    <Data Name="PublisherName">Avast Software s.r.o.</Data>
    <Data Name="IssuerNameLength">56</Data>
    <Data Name="IssuerName">DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1</Data>
    <Data Name="PublisherTBSHashSize">32</Data>
    <Data Name="PublisherTBSHash">E3D1D87403BA977FA1E1CC382C8475BE756E9B32AD0957C3EE0F15C4C13561F3</Data>
    <Data Name="IssuerTBSHashSize">48</Data>
    <Data Name="IssuerTBSHash">65B1D4076A89AE273F57E6EEEDECB3EAE129B4168F76FA7671914CDF461D542255C59D9B85B916AE0CA6FC0FCF7A8E64</Data>
  </EventData>
</Event>

Online polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33581
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!