Is this issue a typical Windows 10 phenomenon or does it happen also on Windows 7 and/or 8?
I upgraded from Win 7 Ultimate and I don’t recall having this problem.
Seeing this long lasting issue dating back to 2009 and that was being read more than 24000 times . . .
Isn’t it about time to fix this inconvenience even though it doesn’t affect CIS functionality . . .
Consider it moving it to the bug board I would say . . .
The only reason I can think is that this is a trick Comodo uses to hide a crucial file by modifying it’s signature dynamically. If they fixed it they be “ruining” this mechanism.
If I’ve read everything correctly in this topic then the issue doesn’t always happen.
It depends on OS version and on CIS version so I think the issue can be fixed.
But it may cost some (or just too much) effort to fix it . . .
Sorry my comment, but…
that error, is caused for setting erroneous in “windows administrator” or error for lack updates:
kb4474419 (64bits): http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu kb4474419 (32bits): http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows6.1-kb4474419-v3-x86_0f687d50402790f340087c576886501b3223bec6.msu=====================================================
kb3033929 (64bits): http://download.windowsupdate.com/c/msdownload/update/software/secu/2015/02/windows6.1-kb3033929-x64_5c56222b0caf43030addc9ad262633fcbddfcd41.msu
kb3033929 (32bits): http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/02/windows6.1-kb3033929-x86_927e018113fe51250c57029635d46b89bf235920.msu
It’s been happening since 2009 and was first reported on Windows 8.
Those updates are needed to get CIS installed properly in the first place. They have nothing to do with this problem. Please don’t spam topics which are obviously not related.
I’m on Win 10 and since this was merged to this thread i’m realizing this was first reported on Win 7. Whoa.
Clearly this is never going to get fixed so is this some way to disable the “auditing” feature? I see in the security permissions that there seems to be some means of doing this. Maybe this is a way out of this mess.
Thanks for telling.
This topic was merged with many other posts when I posted the question.
I finished reading all merged posts when I posted reply #53 and found out about this long lasting issue.
Hope they pick it up and fix it.
There is no workaround known to get rid of the logging.
It’s not a security issue but it looks a bit sloppy. Honestly, I forget these messages are there.
My best guess is it may never get fixed.
This issue still exists in lates Win10 version even with lates CIS beta… Noone cares.
This has been around since 2009 (just check the topic start) and CIS is still going strong. It is not a security issue but it does look sloppy.
I know, but “it does look sloppy” is a nice description of “it’s filling up eventlogs with useless trash”. For people who care about their tech stuff…it shouldn’t be excused with “it looks sloppy”, “it is not a problem” or “just ignore it” imho. Anyway, I understood that this won’t change. Thanks.
Its worked before so it’s worth a try.
Russia, we need your help.
I keep getting errors like these at regular intervals.
Date: 2020-10-27 19:09:10.5910000Z Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2020-10-27 18:56:32.9210000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2020-10-27 18:49:37.5180000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Is there going to be a fix for this?
What does the error mean?
Is this a problem?
It is not a security risk. It has been noticed first in 2009 and CIS is still going strong so I assume Comodo will not change the way it loads guard64.dll. It may look sloppy but it is not a risk security or otherwise.
There is nothing to worry about.
Hello.
in my event viewer’s security log, this event keeps appearing:
In Finnish:
Koodin eheyden tarkistustoiminto määritti, että tiedoston näköistiedoston hajautusarvo ei ole kelvollinen. Tiedosto voi olla vioittunut luvattomien muutosten vuoksi, tai levylaite voi olla viallinen.
Translated from Finnish:
the code integrity check function determined that the hash value of the file image file is not valid. the file may be corrupted due to unauthorized changes, or the disk drive may be defective. (translated from Finnish)
\Device\HarddiskVolume9\Windows\System32\guard64.dll
-
System
- Provider
[ Name] Microsoft-Windows-Security-Auditing
[ Guid] {54849625-5478-4994-a5ba-3e3b0328c30d}EventID 5038
Version 0
Level 0
Task 12290
Opcode 0
Keywords 0x8010000000000000
- TimeCreated
[ SystemTime] 2021-02-08T16:38:40.5996433Z
EventRecordID 213080
Correlation
- Execution
[ ProcessID] 4
[ ThreadID] 8732Channel Security
Computer --------
Security
-
EventData
param1 \Device\HarddiskVolume9\Windows\System32\guard64.dll
Wierd thing is, i dont have HarddiskVolume number 9, only from Volumes 0,1,2,3,4,5,6,7,8
Does windows see number 0 as 9?
Taken from DISKPART:
Volume 0 = SSD for games 465GB
Volume 1 = WINDOWS (Boot) 231GB
Volume 2 = (Hidden) 450MB
Volume 3 = (System) 99MB
Volume 4 = (Hidden) 515MB
Volume 5 = Stuff 1864GB
Volume 6 = more stuff 931GB
Volume 7 = stuff 931GB
Volume 8 = Games 1863GB
little bit of scouring around the internet i came across couple of forum posts about almost same kind of problems all about code signing certificate issues.
I’m using COMODO Firewall v. 12.2.2.7098
Tried uninstalling and reinstalling, event still appearing.
Firewall seems to be working, no other errors/events regarding this appear.
guard64.dll in my computer was created 24.12.2020
even tho i uninstalled and reinstalled COMODO Firewall yesterday (7.2.2021).
Some old leftover from older version? Code signing is from COMODO
It is nothing at all to worry about and no doubt will be fixed sometime. See this thread for the explanation . . . .
Edit: Post moved and merged to this one
Thank you for replying and setting my mind at ease. 
i had the idea it being some kind of bug, but didn’t find precise cause for it.
comodo error
EventData:param1 \Device\HarddiskVolume4\Windows\System32\guard64.dll
Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
- System
- Provider
[ Name] Microsoft-Windows-Security-Auditing
[ Guid] {54849625-5478-4994-a5ba-3e3b0328c30d}
EventID 5038
Version 0
Level 0
Task 12290
Opcode 0
Keywords 0x8010000000000000
Event logging errors increase every 10 seconds,comodo firewall diagnostic error passed, already try to reinstall cis with cisremovetool
Install comodo firewall on another pc. The first time an error occurred.
I tried SFC, DISM, and installed all VC++ 2005~2019
Event log errors stop increasing after removing the comodo firewall
- Provider
cis version v12.2.2.7098
os: win10 1909 x64