Event ID 3010 — Catalog File Validation

Applies To: Windows Server 2008

The catalog files are comprised of multiple files that store file and page hashes used to validate the integrity of  system and non-Microsoft files. Each catalog (.cat file) has a digital signature that is used to validate the integrity of the contents stored within that file. If the digital signature on a system catalog file is corrupt, all of the file and page hashes stored in that file will be considered not valid.

Note: Some Windows boot drivers have the page hash and digital signature embedded in the file itself and do not require a catalog file to validate the digital signature.

Event Details

Product: Windows Operating System
ID: 3010
Source: Microsoft-Windows-CodeIntegrity
Version: 6.0
Symbolic Name: CiInvalidCatalog
Message: Code Integrity was unable to load the %2 catalog.

Resolve

Replace catalog file

A catalog file must have a digital signature to validate page hashes that are included within it. If the digital signature does not exist or is not valid, all files signed by the hashes within that catalog file are no longer valid.

Note: All catalog files end with the extension CAT. All catalog files are stored in the  %windir%\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE folder where %windir% is the folder where Windows is installed.

If the catalog is included with the operating system, see "Replace a catalog included with the operating system."

If the catalog is included with an update to the operating system, see "Replace a catalog included with an update to Windows."

If the catalog is included with a non-Microsoft driver, see "Replace a catalog included with a non-Microsoft driver."

Replace a catalog included with the operating system

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To replace a catalog included with the operating system:

  1. Click Start, and then click Control Panel.
  2. Double-click System, and then click System Protection.
  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  4. On the System protection tab, click System Restore.
  5. In the System Restore wizard, select the Recommended Restore option to revert your computer back to the last restore point, and then click Next.
  6. Click Finish.

Note: If the Recommended Restore option does not fix the issue, you should run the System Restore wizard again, select the Choose a different restore point option, and then choose an earlier restore point.

Replace a catalog included with an update to Windows

All operating system updates are digitally-signed and validated against a security catalog file included with the update. If the security catalog is not valid, you should uninstall the update, and then install it again.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To uninstall an operating system update:

  1. Click Start, and then click Control Panel.
  2. Double-click Programs and Features, and then click View installed updates.
  3. Right-click the update that has a corrupt security catalog, and then click Uninstall.
  4. Click Yes to confirm the uninstallation.
  5. Install the update again.

Replace a catalog included with a non-Microsoft driver

Drivers that are not supplied by Microsoft might contain security catalogs. If the security catalog is not valid, you should contact the manufacturer to get the latest driver and then update it by using Device Manager. Updating the driver will update the security catalog associated with it.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To update a driver by using Device Manager:

  1. Copy the signed driver to a location on the local computer.
  2. Click Start, and then click Control Panel.
  3. Double-click Device Manager.
  4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  5. Right-click the hardware device that needs its driver updated, and then click Update Driver Software.
  6. Click Browse my computer for driver software.
  7. Click Browse, browse to the folder where the new driver file exists, and then click Next.
  8. Click Finish.

Verify

A digital signature can be verified by examining the properties of the security catalog file.

To verify that a security catalog is digitally signed and that the digital signature is valid:

  1. Click Start, and then click Computer.
  2. Navigate to the folder where the security catalog is stored. All security catalog files have a CAT extension.
  3. Right-click the security catalog, and then click Properties.
  4. Click the Digital Signatures tab.
  5. Click the digital signature, and then click Details.
  6. Click View Certificate, and then click the Certification Path tab.
  7. Ensure that Certificate Status box displays This certificate is OK.

Catalog File Validation

Core Security