Event ID 3082 — Code Integrity determined kernel module FileNameBuffer that did not meet the WHQL requirements is loaded into the system.

Provider: Microsoft-Windows-CodeIntegrity
Channel: Operational
Collection Priority: Recommended (Yamato Security)
Task: WhqlEnforcement
Opcode: WhqlFailure

Description

Code Integrity determined kernel module FileNameBuffer that did not meet the WHQL requirements is loaded into the system. However, due to code integrity auditing policy, the image was allowed to load.

Message #

Code Integrity determined kernel module %2 that did not meet the WHQL requirements is loaded into the system. However, due to code integrity auditing policy, the image was allowed to load.

Fields #

Name	Description
`FileNameLength` UInt16	—
`FileNameBuffer` UnicodeString	—

Detection Rules #

View all rules referencing this event →

Sigma # view in reference

CodeIntegrity - Unmet WHQL Requirements For Loaded Kernel Module source high: Detects loaded kernel modules that did not meet the WHQL signing requirements.↳ also matches:Event ID 3083: Code Integrity determined kernel module FileNameBuffer that did not meet the WHQL requirements is loaded into the system.

References #

Microsoft Learn https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations