Guest Peter K Posted July 30, 2008 Posted July 30, 2008 I get this security event a lot on Vista 32-bit SP1: "Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dll" This file is located in two places on my system, and it seems the same in both: C:\Windows\System32\fveapi.dll C:\Windows\SoftwareDistribution\Download\f7fd361ee72a8e86a63bf6b0eb2d2503\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll Version: 6.0.6001.18000 Size: 173056 bytes SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d Can someone else verify this to be the correct file after 32-bit SP1 is installed? If it IS correct, why do I get an incredible pause sometimes when loading a program that uses this DLL, followed by this audit failure event in the log, but then apparently everything continues on as it should...? ------------------------------------------------------------------------ Peter Klavins Quote
Guest BillD Posted July 30, 2008 Posted July 30, 2008 "Peter K" wrote: <span style="color:blue"> > This file is located in two places on my system, and it seems the same in > both: > > C:WindowsSystem32fveapi.dll</span> fveapi.dll is not part of Vista. I haven't it. Quote
Guest Paul Montgomery Posted July 30, 2008 Posted July 30, 2008 On Wed, 30 Jul 2008 11:19:00 -0700, BillD <BillD@discussions.microsoft.com> wrote: <span style="color:blue"> > > >"Peter K" wrote: ><span style="color:green"> >> This file is located in two places on my system, and it seems the same in >> both: >> >> C:WindowsSystem32fveapi.dll</span> > >fveapi.dll is not part of Vista. I haven't it.</span> In your case, it's probably a bug. I can't wait for your post about it. Quote
Guest meerkat Posted July 30, 2008 Posted July 30, 2008 "Peter K" <p.klavins@online.nospam> wrote in message news:C01FBA1D-1570-4B35-B6C3-6B7097F47A9D@microsoft.com...<span style="color:blue"> >I get this security event a lot on Vista 32-bit SP1: > > "Code integrity determined that the image hash of a file is not valid. > The > file could be corrupt due to unauthorized modification or the invalid hash > could indicate a potential disk device error. > > File Name: DeviceHarddiskVolume1WindowsSystem32fveapi.dll" > > This file is located in two places on my system, and it seems the same in > both: > > C:WindowsSystem32fveapi.dll > C:WindowsSoftwareDistributionDownloadf7fd361ee72a8e86a63bf6b0eb2d2503x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2fveapi.dll > > Version: 6.0.6001.18000 > Size: 173056 bytes > SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d > > Can someone else verify this to be the correct file after 32-bit SP1 is > installed? > > If it IS correct, why do I get an incredible pause sometimes when loading > a > program that uses this DLL, followed by this audit failure event in the > log, > but then apparently everything continues on as it should...? > .</span> Hi Peter K Go here and have a read. http://www.greatis.com/vista/DLL/f/fveapi.dll.htm bw.. Quote
Guest Peter K Posted July 30, 2008 Posted July 30, 2008 "meerkat" wrote: <span style="color:blue"><span style="color:green"> > > Version: 6.0.6001.18000 > > Size: 173056 bytes > > SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d > > > > Can someone else verify this to be the correct file after 32-bit SP1 is > > installed? > > > > If it IS correct, why do I get an incredible pause sometimes when loading > > a > > program that uses this DLL, followed by this audit failure event in the > > log, > > but then apparently everything continues on as it should...? > > .</span> > Hi Peter K > Go here and have a read. > http://www.greatis.com/vista/DLL/f/fveapi.dll.htm > > bw..</span> Thanks for your help, meerkat, yep I did a whole lot of surfing before I posted on this forum, but nowhere did I find these DLL reference sites referring to the SP1 versions of the DLL's, I believe them all to still be referring to the original Vista. If you look at the directory C:\Windows\System32 after installing SP1, you see a whole pile of files with the identical version number 6.0.6001.18000, one of which is fveapi.dll, and I simply would like to know whether I have a rotten copy of it, or whether Vista security is mis-diagnosing it for some reason and slowing things down. By the way, if it helps, my copy has this MD5 sum: MD5: 1acb8d567b779dc3ff09e7f31ac3f111 ------------------------------------------------------------------------ Peter Klavins Quote
Guest Pēteris Kļaviņš Posted July 31, 2008 Posted July 31, 2008 Peter K wrote:<span style="color:blue"> > I get this security event a lot on Vista 32-bit SP1: > > "Code integrity determined that the image hash of a file is not valid. The > file could be corrupt due to unauthorized modification or the invalid hash > could indicate a potential disk device error. > > File Name: DeviceHarddiskVolume1WindowsSystem32fveapi.dll" > </span> Well, by chance in my digging I came across another tab in the Event Viewer that showed another event related to the same problem that must cascade into the security auditing event above: Event ID 3002, "Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dll" Putting this into Google reveals this quite informational Microsoft web page "User-mode Protected Media Path File Validation": http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true in which the fix for this problem is to do a Startup Repair. I'll try that this evening! ------------------------------------------------------------------------ Peter Klavins klavins@netspace.net.au Quote
Guest Peter Foldes Posted July 31, 2008 Posted July 31, 2008 See the following http://www.greatis.com/vista/DLL/f/fveapi.dll.htm -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Peter K" <p.klavins@online.nospam> wrote in message news:C01FBA1D-1570-4B35-B6C3-6B7097F47A9D@microsoft.com...<span style="color:blue"> >I get this security event a lot on Vista 32-bit SP1: > > "Code integrity determined that the image hash of a file is not valid. The > file could be corrupt due to unauthorized modification or the invalid hash > could indicate a potential disk device error. > > File Name: DeviceHarddiskVolume1WindowsSystem32fveapi.dll" > > This file is located in two places on my system, and it seems the same in > both: > > C:WindowsSystem32fveapi.dll > C:WindowsSoftwareDistributionDownloadf7fd361ee72a8e86a63bf6b0eb2d2503x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2fveapi.dll > > Version: 6.0.6001.18000 > Size: 173056 bytes > SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d > > Can someone else verify this to be the correct file after 32-bit SP1 is > installed? > > If it IS correct, why do I get an incredible pause sometimes when loading a > program that uses this DLL, followed by this audit failure event in the log, > but then apparently everything continues on as it should...? > > ------------------------------------------------------------------------ > Peter Klavins</span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.