6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.

Code Integrity is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it's loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.

This event generates due to writable shared sections being present in a file image.

There's no example of this event in this document.

Subcategory: Audit System Integrity

Event Schema:

Code integrity determined that a file does not meet the security requirements to load into a process. This could be due to the use of shared sections or other issues.

File Name:%1

Required Server Roles: None.

Minimum OS Version: Windows Server 2012 R2, Windows 8.1.

Event Versions: 0.

Security Monitoring Recommendations

  • We recommend monitoring for this event, especially on high value assets or computers, because it can be a sign of a software or configuration issue, or a malicious action.