Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows VistaWindows XPWindows MeWindows 98Windows 95Virtual PCInternet ExplorerOutlook ExpressWindows MediaSecurity
Related Topics
MS Server ProductsMS OfficePC HardwareMore Topics ...
Windows Forum / Windows Vista / Security / July 2008

Tip: Looking for answers? Try searching our database.

Event 5038, Microsoft Windows security auditing. fveapi.dll

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Peter K - 30 Jul 2008 18:03 GMT
I get this security event a lot on Vista 32-bit SP1:

"Code integrity determined that the image hash of a file is not valid.  The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name:    \Device\HarddiskVolume1\Windows\System32\fveapi.dll"

This file is located in two places on my system, and it seems the same in
both:

C:\Windows\System32\fveapi.dll
C:\Windows\SoftwareDistribution\Download\f7fd361ee72a8e86a63bf6b0eb2d2503\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll

Version: 6.0.6001.18000
Size: 173056 bytes
SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d

Can someone else verify this to be the correct file after 32-bit SP1 is
installed?

If it IS correct, why do I get an incredible pause sometimes when loading a
program that uses this DLL, followed by this audit failure event in the log,
but then apparently everything continues on as it should...?

------------------------------------------------------------------------
Peter Klavins
Reply to this Message
BillD - 30 Jul 2008 19:19 GMT
> This file is located in two places on my system, and it seems the same in
> both:
>
> C:\Windows\System32\fveapi.dll

fveapi.dll is not part of Vista. I haven't it.
Reply to this Message
Paul Montgomery - 30 Jul 2008 19:59 GMT
>> This file is located in two places on my system, and it seems the same in
>> both:
>>
>> C:\Windows\System32\fveapi.dll
>
>fveapi.dll is not part of Vista. I haven't it.

In your case, it's probably a bug.

I can't wait for your post about it.
Reply to this Message
meerkat - 30 Jul 2008 20:02 GMT
>I get this security event a lot on Vista 32-bit SP1:
>
[quoted text clipped - 24 lines]
> but then apparently everything continues on as it should...?
> .
Hi Peter K
Go here and have a read.
http://www.greatis.com/vista/DLL/f/fveapi.dll.htm

bw..
Reply to this Message
Peter K - 30 Jul 2008 22:08 GMT
> > Version: 6.0.6001.18000
> > Size: 173056 bytes
[quoted text clipped - 14 lines]
>
> bw..

Thanks for your help, meerkat, yep I did a whole lot of surfing before I
posted on this forum, but nowhere did I find these DLL reference sites
referring to the SP1 versions of the DLL's, I believe them all to still be
referring to the original Vista. If you look at the directory
C:\Windows\System32 after installing SP1, you see a whole pile of files with
the identical version number 6.0.6001.18000, one of which is fveapi.dll, and
I simply would like to know whether I have a rotten copy of it, or whether
Vista security is mis-diagnosing it for some reason and slowing things down.
By the way, if it helps, my copy has this MD5 sum:

MD5: 1acb8d567b779dc3ff09e7f31ac3f111

------------------------------------------------------------------------
Peter Klavins
Reply to this Message
Pēteris Kļaviņš - 31 Jul 2008 17:15 GMT
> I get this security event a lot on Vista 32-bit SP1:
>
[quoted text clipped - 3 lines]
>
> File Name:    \Device\HarddiskVolume1\Windows\System32\fveapi.dll"

Well, by chance in my digging I came across another tab in the Event
Viewer that showed another event related to the same problem that must
cascade into the security auditing event above:

Event ID 3002, "Code integrity determined that the image hash of a file
is not valid.  The file could be corrupt due to unauthorized
modification or the invalid hash could indicate a potential disk device
error.

File Name:    \Device\HarddiskVolume1\Windows\System32\fveapi.dll"

Putting this into Google reveals this quite informational Microsoft web
page "User-mode Protected Media Path File Validation":

http://technet2.microsoft.com/windowsserver2008/en/library/81e36ccc-e318-42ec-8a
5e-41ccb306fc211033.mspx?mfr=true

in which the fix for this problem is to do a Startup Repair.  I'll try
that this evening!

------------------------------------------------------------------------
 Peter Klavins                                  klavins@netspace.net.au
Reply to this Message
Peter Foldes - 31 Jul 2008 22:22 GMT
See the following
http://www.greatis.com/vista/DLL/f/fveapi.dll.htm
Signature

Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

>I get this security event a lot on Vista 32-bit SP1:
>
[quoted text clipped - 23 lines]
> ------------------------------------------------------------------------
> Peter Klavins
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.