This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 9%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
In our network, we are receiving constant event failures in this category. Can somebody explain what may be the reason?
Date Time: 02-04-2021 10:07:16
Event Source: Microsoft-Windows-Security-Auditing
Event Category: 12290
Event Type: Information
Event ID: 6281
Event Log Name: HardwareEvents
User: N/A
Computer: xxxxxx
Description:
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\aepic.dll
Event Parameters:
\Device\HarddiskVolume3\Windows\System32\aepic.dll
%String2%
Report generated on: xxxxxxx
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Are you facing any other error (other than the log file)?
Open start and search for Command prompt and run as administrator and then type the following command:
sfc /scannow
And press enter and let it runs.
You may report this issue through the Feedback Hub app.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Here is a Microsoft reference:
Open Command Prompt as Admin and type the following:
sfc /scannow
Now hit the Enter key.
Hello @Spellbound vfx ,
You mention "event failures in this category" - does this imply that the file name in the events that you have seen differ?
If the file name is always aepic.dll or a small set of file names, it might be worth investigating what is wrong with the file(s) and how the damage may have happened. The SDK tool "signtool" can be used to examine the problem in more detail (e.g. signtool verify /a /v /ph /debug \Windows\System32\aepic.dll). If you can make the file available here (via a OneDrive, Google Drive, etc. link) then we can check it and try to determine if a targeted modification has been applied to the file.
If the filenames vary wildly, then the problem is more likely to be related to checking the certificate chains used in signing/timestamping.
Gary