Windows Kernel Driver Signing

Introduction of kernel driver signing in the 64-bit version of Windows Vista significantly improves defenses against insertion of malicious drivers or activities in the kernel. Any indication of a protected driver being altered may indicate malicious activity or a disk error and warrants investigation.

Sections on this page

SIEM Events

Detected An Invalid Page Hash Of An Image File

Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

Code Integrity Check

Event Source - Microsoft-Windows-CodeIntegrity - Event Log - Microsoft-Windows-CodeIntegrity/Operational

Failed Kernel Driver Loading

Event Source - Microsoft-Windows-Kernel-PnP - Event Log - System

AIS Managed SIEM

Last modified March 24, 2021