Windows Kernel Driver Signing

Introduction of kernel driver signing in the 64-bit version of Windows Vista significantly improves defenses against insertion of malicious drivers or activities in the kernel. Any indication of a protected driver being altered may indicate malicious activity or a disk error and warrants investigation.
AIS Managed SIEM

SIEM Events

Detected an invalid page hash of an image file

Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

Code Integrity Check

Event Source - Microsoft-Windows-CodeIntegrity - Event Log - Microsoft-Windows-CodeIntegrity/Operational

Failed Kernel Driver Loading

Event Source - Microsoft-Windows-Kernel-PnP - Event Log - System

Last modified September 14, 2021