Windows System Event: 6281

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows System Event: 6281

Event ID 6281: Code Integrity determined that the page hashes of an image file are not valid.

Description This event is generated when code Integrity determined that the page hashes of an image file are not valid.
Category System
Subcategory System integrity


  • Code Integrity is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory.
  • Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions.
  • On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.

Reasons to monitor event:

  • The file could be improperly signed without page hashes or corrupt due to unauthorized modification.
  • This event also generates when signing certificate was revoked. The invalid hashes could indicate a potential disk device error.
  • We recommend monitoring for this event, especially on high value assets or computers, because it can be a sign of a software or configuration issue, or a malicious action.

Event 6281 applies to the following operating systems:

  • Windows Server 2008 R2 and 7
  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  • Enter your email id
    Please enter a valid email id
  • Enter your phone number
  • Select demo date
  • By clicking 'Schedule a personalized demo', you agree to processing of personal data according to the Privacy Policy. You can unsubscribe from our mails at anytime.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing