Hello.
Can we just disable mp3 codec: Fraunhofer IIS MPEG Layer-3 Codec (l3codeca.acm or l3codecp.acm)? How does they used? Can windows work without it without any problems?
We have VDI on Windows Server 2012R2 + Windows 8.1 Ent x64 VMs.
I check that situation on our corporate image with soft and on clean install from official *.iso after installing updates. It's hapened when we use RDP, not local logon:
Every time, when user logon via RDP (with sound pass-throw) into VM it's start audiodg.exe process for initiation of audio components. Example: after auto-startup Lync, or if we open sound mixer and press test, or trying open microphone settings. All that operations stucking and waiting, when audiodg.exe will finish "initiation" proecess and all audio continue work. Audiodg.exe trying load audio codecs .acm. And when loading "C:\Windows\System32\l3codeca.acm" (or l3codecp.acm if we setting up it in the registry) process trying check digital sign of codec - but that codec have wrong hash or somthing and becouse of this audiodg.exe compare hash of that file with hash in .cat files in windows\catroot\ folder - ~5500 files (yeah). And it's hapend every time, when user login again, after reboot of test VM or auto-apply checkpoint of VDI VM.
It's generate alert 6281 in Security log:
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\l3codeca.acm
About embedded sign and catroot. I think it's situation but with codec and not system startup:
Having an embedded signature saves significant time during system startup because there is no need for the system loader to locate the catalog filefor the driver at system startup. A typical computer might have many different catalog files in the catalog root store (%System%\CatRoot). Locating the correct catalog file to verify the thumbprint of a driver file can require a substantial amount of time.
Sorry for bad english.
Added:
Log Name:Microsoft-Windows-CodeIntegrity/Operational
Event 3002:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.