none
Getting error "Code integrity determined that the image hash of a file is not valid." for file '\Device\HarddiskVolume1\Program Files\Microsoft Forefront\Forefront System\Client\AntiMalware\Drivers\mpfilter\mpfilter.sys' RRS feed

  • Question

  • After I installed VS2010 and uninstalled, my machine has been locking constantly.  The only error I see in the event viewer is:

    Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\Program Files\Microsoft Forefront\Forefront System\Client\AntiMalware\Drivers\mpfilter\mpfilter.sys

    I do see ForeFront running a lot, possible cause?


    Edward
    Thursday, August 26, 2010 4:43 AM

Answers

  • Hi,

    Thanks for the post.

    Let's perform the following steps to check if we can work it out:

    1.  Start Registry Editor. 
    2.  Locate and then right-click the following registry subkey:


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpFilter 


    3.  Point to New , and then click Key . 
    4.  Type Parameters , and then press ENTER. 
    5.  Right-click Parameters , point to New , and then click DWORD Value . 
    6.  Type ScanOnCleanup , and then press ENTER.

    The new registry entry will have a default value of 0. Do not change this value. 


    7.  Exit Registry Editor. 
    8.  Restart the FCSAM service. 

    Note: We need to backup the registry before doing any change.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, August 27, 2010 8:36 AM
    Moderator