Windows Kernel Driver Signing
Introduction of kernel driver signing in the 64-bit version of Windows Vista significantly improves defenses against insertion of malicious drivers or activities in the kernel. Any indication of a protected driver being altered may indicate malicious activity or a disk error and warrants investigation.
Related Solution
AIS Managed SIEM
SIEM Events
Detected an invalid page hash of an image file
Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security
Code Integrity Check
Event Source - Microsoft-Windows-CodeIntegrity - Event Log - Microsoft-Windows-CodeIntegrity/Operational
Failed Kernel Driver Loading
Event Source - Microsoft-Windows-Kernel-PnP - Event Log - System
Last modified
September 14, 2021