Windows Kernel Driver Signing
Introduction of kernel driver signing in the 64-bit version of Windows Vista significantly improves defenses against insertion of malicious drivers or activities in the kernel. Any indication of a protected driver being altered may indicate malicious activity or a disk error and warrants investigation.
Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security
Event Source - Microsoft-Windows-CodeIntegrity - Event Log - Microsoft-Windows-CodeIntegrity/Operational
Event Source - Microsoft-Windows-Kernel-PnP - Event Log - System
Last modified September 14, 2021