Jump to content
siliconman01

Vista- Security Audit Failure SASENUM.SYS

Recommended Posts

Running Vista Home Premium and SAS V3.9.

In the Event Viewer, I am getting the following error in the Security Audit log.

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\SASENUM.SYS

The Event ID is 5038.

What is causing this please? I did a CHKDSK /r /f and no errors are on the disk.

Share this post


Link to post
Share on other sites
Running Vista Home Premium and SAS V3.9.

In the Event Viewer, I am getting the following error in the Security Audit log.

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\SASENUM.SYS

The Event ID is 5038.

What is causing this please? I did a CHKDSK /r /f and no errors are on the disk.

Have you tried simply re-installing SUPERAntiSpyware?

Share this post


Link to post
Share on other sites

It's a hash check that should have no impact on your system.

Just out of curiosity, can you disable the UAC and see if the error occurs again?

Share this post


Link to post
Share on other sites

Try and do this..

close all the security programs that is running in the system tray next to the clock(antivirus, antispyware, firewall)..

uninstall SAS

restart your computer.

igain.. close all the security programs that is running in the system tray next to the clock...

and install SAS.

and what other security programs do you have installed.

Share this post


Link to post
Share on other sites

I have NIS 2007.3, AVG AS V7.5 (no realtime protection selected), PrevX V2.0, TrojanHunter V4.7.932. All programs, security and otherwise, were closed down at the time I uninstalled, rebooted, reinstalled SAS PRO. Error still occurs.

I am running Vista Premium as a full Administrator and UAC is disabled.

Share this post


Link to post
Share on other sites

Isnt there something about that in vista you can rigth click and then there shoul be a "Run as administrator" or something like that ?

have you tryed to install it that way..?

Share this post


Link to post
Share on other sites

This 'Event Viewer' log came up quite a bit in this thread and Seth kindly posted an explanation to these Security Audit Failure logs in post 5.

https://forums.superantispyware.com/viewtopic.php?t=731

I to have this occuring and have uninstalled/reinstalled SAS several times now, had UAC on/off etc. and it still logs this error, usually on start-up or a reboot. I also get a similar error recorded in the 'Event Viewer' for a file related KAV, again a Security Audit Failure on start-up.

As neither program seem to be having any problems I haven't over worried about it and put it down to a Vista 'quirk'.

Share this post


Link to post
Share on other sites
I am always running as a full global Administrator. So yes, SAS PRO was installed with Full Administrator.

ok, but for example with Comodo BOClean you need to rigth-click and use "Run as administrator" while you are logged in as administrator...

Share this post


Link to post
Share on other sites

I think I have found the solution to this specific issue....at least it appears to have fixed it on my system.

Let me explain.

- I do not use realtime protection in SAS PRO because of some other security programs that I have installed. Plus I am waiting for "First Chance" to be fully operational in Vista. In addition, I am behind a Zywall 2+ router.

- I have SAS PRO scheduled via the Task Scheduler to start up at 6:55 a.m. daily

- At 7:00 a.m. it runs a "check for updates" and then a full system scan.

- At 9:00 a.m. the Task Scheduler automatically closes SAS PRO down. (Yes, I check the log daily to make sure nothing was found and know that I would have to take additional steps if something was found.)

In the Task Scheduler task properties, if I set SAS PRO to "Run with Highest Privileges", there are no Security Audit Failures with SASENUM.SYS.

By setting this option in Task Scheduler, I can manually startup SAS PRO and again, there are no Audit Failures.

My conclusion from this (be it right or wrong) is that valid programs that are failing the security audit have to be installed via their installer with some type of high level privilege option at the time of installation. I suspect this is if there is a program driver or service as part of the program. But I'm no programmer or developer; therefore, my conclusion is probably way out in left field. :wink:

From the Task Scheduler Help:

If you select the checkbox labeled Run with highest privileges, Task Scheduler will run the task using an elevated privileges token rather than a least privileges (UAC) token. Only tasks that require elevated privileges to complete their actions should run with elevated privileges.

Share this post


Link to post
Share on other sites

Interesting information siliconman01.

I installed SAS by right clicking the installer and selecting 'run as administrator'. I guess that is not the same thing then as running with an 'elevated priviledges token'.

I do use the real-time monitoring in SAS Pro, so it runs at start-up and allthough I check for updates manually I do have scans scheduled from within the program itself. I have never used the Task Scheduler in Vista. Coming to think of it I never used it in XP either. (Due to my work schedule the times when my home PC is on can be quite erratic sometimes, so I tend to run the majority of tasks as and when it suits).

You have given me some 'food for thought' though. I feel another investigation into this Vista 'priviledges' business coming on! I'll figure it all out someday! :lol:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×