Event ID 3010 — Code Integrity was unable to load the FileNameBuffer catalog.

Provider: Microsoft-Windows-CodeIntegrity
Channel: Operational
Level: Warning
Collection Priority: Recommended (NSA, others)
Task: LoadCatalog
Opcode: Failed

Description

Code Integrity was unable to load the FileNameBuffer catalog. Status Status.

Message #

Code Integrity was unable to load the %2 catalog. Status %3.

Fields #

Name	Description
`FileNameLength` UInt16	—
`FileNameBuffer` UnicodeString	—
`Status` HexInt32	— NTSTATUS reference

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-CodeIntegrity",
    "guid": "4EE76BD8-3CF4-44A0-A0AC-3937643E37A3",
    "event_source_name": "",
    "event_id": 3010,
    "version": 1,
    "level": 3,
    "task": 2,
    "opcode": 100,
    "keywords": 9223372036854775808,
    "time_created": "2022-04-07T17:06:57.824463+00:00",
    "event_record_id": 22,
    "correlation": {
      "ActivityID": "DD7B0B6A-4A9E-0001-407E-7BDD9E4AD801"
    },
    "execution": {
      "process_id": 5260,
      "thread_id": 1912
    },
    "channel": "Microsoft-Windows-CodeIntegrity/Operational",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "FileNameLength": 99,
    "FileNameBuffer": "Microsoft-Windows-ServerCore-SKU-Foundation-merged-Package~31bf3856ad364e35~amd64~~10.0.20348.1.cat",
    "Status": "0xc0000034"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline