Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Strange Error log entry for BDnet.sys with Win10Pro/32
74 views
Skip to first unread message
Andrew
Dec 3, 2022, 3:17:00 PM12/3/22
to
I notice this error being logged recently and Google says
it is something to with Bullguard security, but I have
never installed anything with this name.
Does anyone know what it is ?. Should I just delete Bdnet.sys ?
Andrew
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 03/12/2022 16:02:25
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ****
Description:
Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or the
invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2022-12-03T16:02:25.6725113Z" />
<EventRecordID>354687</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="2832" />
<Channel>Security</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data
Name="param1">\Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys</Data>
</EventData>
</Event>
and
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 03/12/2022 16:02:26
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ****
Description:
Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or the
invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Program Files\Avira\Endpoint
Protection SDK\drivers\firewall\Win10-Win32\BdNet.sys
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2022-12-03T16:02:26.4369285Z" />
<EventRecordID>354689</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="2320" />
<Channel>Security</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">\Device\HarddiskVolume1\Program
Files\Avira\Endpoint Protection
SDK\drivers\firewall\Win10-Win32\BdNet.sys</Data>
</EventData>
</Event>
it is something to with Bullguard security, but I have
never installed anything with this name.
Does anyone know what it is ?. Should I just delete Bdnet.sys ?
Andrew
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 03/12/2022 16:02:25
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ****
Description:
Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or the
invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2022-12-03T16:02:25.6725113Z" />
<EventRecordID>354687</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="2832" />
<Channel>Security</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data
Name="param1">\Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys</Data>
</EventData>
</Event>
and
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 03/12/2022 16:02:26
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ****
Description:
Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or the
invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Program Files\Avira\Endpoint
Protection SDK\drivers\firewall\Win10-Win32\BdNet.sys
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2022-12-03T16:02:26.4369285Z" />
<EventRecordID>354689</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="2320" />
<Channel>Security</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">\Device\HarddiskVolume1\Program
Files\Avira\Endpoint Protection
SDK\drivers\firewall\Win10-Win32\BdNet.sys</Data>
</EventData>
</Event>
Paul
Dec 3, 2022, 9:39:06 PM12/3/22
to
On 12/3/2022 3:16 PM, Andrew wrote:
> I notice this error being logged recently and Google says
> it is something to with Bullguard security, but I have
> never installed anything with this name.
>
> Does anyone know what it is ?. Should I just delete Bdnet.sys ?
>
> Andrew
>
>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 03/12/2022 16:02:25
> Event ID: 5038
> Task Category: System Integrity
> Level: Information
> Keywords: Audit Failure
>
> I notice this error being logged recently and Google says
> it is something to with Bullguard security, but I have
> never installed anything with this name.
>
> Does anyone know what it is ?. Should I just delete Bdnet.sys ?
>
> Andrew
>
>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 03/12/2022 16:02:25
> Event ID: 5038
> Task Category: System Integrity
> Level: Information
> Keywords: Audit Failure
>
> Code integrity determined that the image hash of a file is not valid.
> The file could be corrupt due to unauthorized modification or the
> invalid hash could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys
>
> The file could be corrupt due to unauthorized modification or the
> invalid hash could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys
>
> and
>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 03/12/2022 16:02:26
> Event ID: 5038
> Task Category: System Integrity
> Level: Information
> Keywords: Audit Failure
>
>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 03/12/2022 16:02:26
> Event ID: 5038
> Task Category: System Integrity
> Level: Information
> Keywords: Audit Failure
>
> Code integrity determined that the image hash of a file is not valid.
> The file could be corrupt due to unauthorized modification or the
> invalid hash could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Program Files\Avira\Endpoint Protection SDK\drivers\firewall\Win10-Win32\BdNet.sys
There has been a good deal of consolidation in the industry,
> The file could be corrupt due to unauthorized modification or the
> invalid hash could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Program Files\Avira\Endpoint Protection SDK\drivers\firewall\Win10-Win32\BdNet.sys
and Avira has acquired Bullguard.
https://www.avira.com/en/press/avira-bullguard-announcement-feb-2021-en
It might mean you have Avira installed. The installation of Avira,
presumably causes Windows Defender to be disabled.
You can upload the "BdNet.sys" file to www.Virustotal.com and
have it scanned for fun. Virustotal is owned by Google, but started
life as a South American company. If your browser is too old,
the site won't work right.
You can also use a program like "sha256sum" and compute
the checksum, and use the "Search" item on Virustotal.com web
page, and see if the sha256 signature already exists for that file.
That way of doing it, is most convenient if you have
the tool for it.
*******
Avira no longer seems to use a separate "Avira cleaner" program to remove it.
We cannot blame these leftovers, on an incomplete removal process,
like previously.
Paul
0 new messages