Kick
Active Member
Hi,
An interesting and recent problem which is proving difficult to understand and resolve: The Event Viewer reports an IBM Trusteer Rapport file as failing the security audit when the computer starts. This has suddenly happened with no obvious cause.
I've already contacted IBM Trusteer but they have been unable to help. They did suggest running secpol.msc but that is only included in Windows 7 Professional and higher and not available in Windows 7 Home premium which I have. They suggested I contact Microsoft - I have done this via the Microsoft Community but so far suggestions have not worked.
The error I get is:
==================================================
Record Number : 145537
Log Type : Security
Event Type : Audit Failure
Time : 28/06/2016 18:57:39
Source : Microsoft-Windows-Security-Auditing
Category : 12290
Event ID : 6281
User Name :
Computer : Chris-PC
Event Data Length : 0
Record Length : 352
Event Description : Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys
==================================================
I have tested the hard drive by running a hard drive check using HD Tune which reported no errors. Likewise Windows ChkDsk reported no errors, sfc /scannow found and repaired a couple of corrupted but not related files (a subsequent run reporting no corrupted files). I have also run a disk cleanup of the C: partition and run CCleaner for good measure. None of these provided a resolution. A Microsoft support engineer suggested, among other things, that I temporarily disable my anti-virus software and restart the system - made no difference. I also did a repair installation of the anti-virus without success. Next I did a complete uninstall of Rapport and reinstalled it - the result after the next system start, two different Rapport files, and not the original were shown in the Event Viewer as failing the security audit. On the next restart, the two new files were no longer reported but the original was back as failing the audit and that is the current position.
As far as running the computer is concerned everything seems fine and Rapport appears to be working fully too (my bank requires me to have Rapport for on-line activity so I don't really want to ditch it). A scan with Malwarebytes and a full system scan with Avast 2016 reveal there are no threats.
Any ideas and potential solutions would be gratefully received as would any reassurances that there is nothing to get worried about.
Cheers and best regards, Kick.
An interesting and recent problem which is proving difficult to understand and resolve: The Event Viewer reports an IBM Trusteer Rapport file as failing the security audit when the computer starts. This has suddenly happened with no obvious cause.
I've already contacted IBM Trusteer but they have been unable to help. They did suggest running secpol.msc but that is only included in Windows 7 Professional and higher and not available in Windows 7 Home premium which I have. They suggested I contact Microsoft - I have done this via the Microsoft Community but so far suggestions have not worked.
The error I get is:
==================================================
Record Number : 145537
Log Type : Security
Event Type : Audit Failure
Time : 28/06/2016 18:57:39
Source : Microsoft-Windows-Security-Auditing
Category : 12290
Event ID : 6281
User Name :
Computer : Chris-PC
Event Data Length : 0
Record Length : 352
Event Description : Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys
==================================================
I have tested the hard drive by running a hard drive check using HD Tune which reported no errors. Likewise Windows ChkDsk reported no errors, sfc /scannow found and repaired a couple of corrupted but not related files (a subsequent run reporting no corrupted files). I have also run a disk cleanup of the C: partition and run CCleaner for good measure. None of these provided a resolution. A Microsoft support engineer suggested, among other things, that I temporarily disable my anti-virus software and restart the system - made no difference. I also did a repair installation of the anti-virus without success. Next I did a complete uninstall of Rapport and reinstalled it - the result after the next system start, two different Rapport files, and not the original were shown in the Event Viewer as failing the security audit. On the next restart, the two new files were no longer reported but the original was back as failing the audit and that is the current position.
As far as running the computer is concerned everything seems fine and Rapport appears to be working fully too (my bank requires me to have Rapport for on-line activity so I don't really want to ditch it). A scan with Malwarebytes and a full system scan with Avast 2016 reveal there are no threats.
Any ideas and potential solutions would be gratefully received as would any reassurances that there is nothing to get worried about.
Cheers and best regards, Kick.