Detection rules › Sigma
CodeIntegrity - Blocked Image Load With Revoked Certificate
Detects blocked image load events with revoked certificates by code integrity.
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| CodeIntegrity | 3036 | Windows is unable to verify the integrity of the file FileNameBuffer because the signing certificate has been revoked. |