| Event Id | 3001 |
| Source | Microsoft-Windows-CodeIntegrity |
| Description | Code Integrity determined an unsigned kernel module %2 is loaded into the system. Check with the publisher to see if a signed version of the kernel module is available. |
| Event Information | According to Microsoft : Cause : This event is logged when Code Integrity determined an unsigned kernel module is loaded into the system. Resolution : Update kernel-mode driver status on an x86-based operating system When an unsigned driver is detected on x86-based computers, Code Integrity will not prevent the kernel-mode driver from loading. You should consult the manufacturer to see if a digitally-signed version of the kernel-model driver exists and update the current driver. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To update a kernel-mode driver: 1.Copy the signed kernel-mode driver to a location on the local computer. 2.Click Start, and then click Control Panel. 3.Double-click Device Manager. 4.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 5.Right-click the hardware device that needs its driver updated, and then click Update Driver Software. 6.Click Browse my computer for driver software. 7.Click Browse, select the folder where the new driver file exists, and then click Next. 8. Click Finish. Note: An unsigned kernel-mode driver can affect the ability of media applications to play some media files. Verify : You can verify that a kernel-mode driver was successfully validated and loaded by checking its driver status using the command prompt. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To verify a kernel-mode driver was successfully validated and loaded: 1.Click Start, point to All Programs, point to Accessories. 2.Right-click Command Prompt, and then click Run as administrator. 3.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 4.Type sc query type= driver, and then press ENTER. 5.In the list, find the appropriate driver and ensure that 4 RUNNING is displayed in the STATE column. Note: If you know the driver name, type ,b>sc querydriver, where driver is the name of the driver file without the extension, at the command prompt, and then press ENTER. |
| Reference Links | Event ID 3001 from Microsoft-Windows-CodeIntegrity |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.