Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Kernel-mode Driver Validation

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Code Integrity checks each kernel-mode driver for a digital signature when an attempt is made to load the driver into memory. If the kernel-mode driver is not signed, the operating system might not load it. Whether an unsigned driver is loaded without a digital signature depends on the platform of the operating system.

  • For x64-based computers, all kernel-mode drivers must be digitally signed.
  • For x86-based or Itanium-based computers, the following kernel-mode drivers require a digital signature: bootvid.dll, ci.dll, clfs.sys, hal.dll, kdcom.dll, ksecdd.sys, ntoskrnl.exe, pshed.dll, spldr.sys, tpm.sys, and winload.exe.

Note: If a kernel debugger is attached to the computer, Code Integrity still checks for a digital signature on every kernel-mode driver, but the operating system will load the drivers.


Event ID Source Message



Code Integrity determined an unsigned kernel module %2 is loaded into the system. Check with the publisher to see if a signed version of the kernel module is available.



Windows is unable to verify the image integrity of the file %2 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



Code Integrity is unable to verify the image integrity of the file %2 because a file hash could not be found on the system. The image is allowed to load because kernel mode debugger is attached.

Related Management Information

Code Integrity

Core Security

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft