Y
YuriS10101
Guest
Hi all, two days ago my Windows Defender loaded new updates, and right after (i.e. 8 minutes after) I started getting errors (this is from Reliability Monitor):
Description
Faulting Application Path: C:\Windows\System32\svchost.exe
Problem signature
Problem Event Name: BEX64
Application Name: svchost.exe_LxssManager
Application Version: 10.0.19041.546
Application Timestamp: 058e175a
Fault Module Name: ucrtbase.dll
Fault Module Version: 10.0.19041.789
Fault Module Timestamp: 2bd748bf
Exception Offset: 000000000007286e
Exception Code: c0000409
Exception Data: 0000000000000007
OS Version: 10.0.19041.2.0.0.256.48
Locale ID: 1033
Additional Information 1: 3133
Additional Information 2: 3133c33d07a77e5380eb4466855ba877
Additional Information 3: a27e
Additional Information 4: a27e8094a9e9149387a666cabef0785d
Extra information about the problem
Bucket ID: 5f23db7e829af97c72132953f1caa969 (1302430157755820393)
LxssManager, as I understand, is a part of WSL, and I need WSL for my work. Right at that time WSL stopped working with error:
C:\WINDOWS\system32>wsl
The remote procedure call failed.
In the event Log I can clearly see, that every time I try to start WSL, LxssManager crashes AND I get Audit Failure:
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\aepic.dll
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>6281</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2021-02-19T03:26:19.9781773Z" />
<EventRecordID>614692</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="11840" />
<Channel>Security</Channel>
<Computer>armagedon</Computer>
<Security />
</System>
- <EventData>
<Data Name="param1">\Device\HarddiskVolume1\Windows\System32\aepic.dll</Data>
</EventData>
</Event>
So I assumed that my aepic.dll is somehow corrupted, but sfc /scannow doesn't find anything, and Dism.exe /online /cleanup-image /ScanHealth (and other dism.exe variations I found on forums) doesn't find anything corrupted.
In desperation I just tried to download latest version of aepic.dll from dll-files.com, and was going to replace it by hand (changing permissions to myself, otherwise it had TrustedInstallers owner) - but surprisingly I couldn't replace it, because the file is apparently in use by windows (trying to overwrite it Windows Explorer says it's open in another program).
Trying to somehow disable Code Integrity checks for it were unsuccessful, I couldn't find any instructions how to do that (exceptions for Code Integrity in windows defender work only for .exe files - and yes, I tried this for wsl.exe - it didn't work)
I tried to install all updates that I had pending in the update center, including Windows 20H2 update - and that had changed nothing as well.
So my question is - how can I fix this file, or maybe I can disable Code Integrity checks, or maybe just uninstall this security update (can't find how to uninstall it). I don't want to reinstall whole Windows as I will lose tons of configuration of my development environment, and I need WSL for docker-desktop and so on.
Please any suggestions are welcome as I am desperate at this point
P.S. Microsoft Windows [Version 10.0.19042.804]
Edition Windows 10 Pro
Version 20H2
Installed on 6/22/2020
OS build 19042.804
Experience Windows Feature Experience Pack 120.2212.551.0
Continue reading...
Description
Faulting Application Path: C:\Windows\System32\svchost.exe
Problem signature
Problem Event Name: BEX64
Application Name: svchost.exe_LxssManager
Application Version: 10.0.19041.546
Application Timestamp: 058e175a
Fault Module Name: ucrtbase.dll
Fault Module Version: 10.0.19041.789
Fault Module Timestamp: 2bd748bf
Exception Offset: 000000000007286e
Exception Code: c0000409
Exception Data: 0000000000000007
OS Version: 10.0.19041.2.0.0.256.48
Locale ID: 1033
Additional Information 1: 3133
Additional Information 2: 3133c33d07a77e5380eb4466855ba877
Additional Information 3: a27e
Additional Information 4: a27e8094a9e9149387a666cabef0785d
Extra information about the problem
Bucket ID: 5f23db7e829af97c72132953f1caa969 (1302430157755820393)
LxssManager, as I understand, is a part of WSL, and I need WSL for my work. Right at that time WSL stopped working with error:
C:\WINDOWS\system32>wsl
The remote procedure call failed.
In the event Log I can clearly see, that every time I try to start WSL, LxssManager crashes AND I get Audit Failure:
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\aepic.dll
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>6281</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2021-02-19T03:26:19.9781773Z" />
<EventRecordID>614692</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="11840" />
<Channel>Security</Channel>
<Computer>armagedon</Computer>
<Security />
</System>
- <EventData>
<Data Name="param1">\Device\HarddiskVolume1\Windows\System32\aepic.dll</Data>
</EventData>
</Event>
So I assumed that my aepic.dll is somehow corrupted, but sfc /scannow doesn't find anything, and Dism.exe /online /cleanup-image /ScanHealth (and other dism.exe variations I found on forums) doesn't find anything corrupted.
In desperation I just tried to download latest version of aepic.dll from dll-files.com, and was going to replace it by hand (changing permissions to myself, otherwise it had TrustedInstallers owner) - but surprisingly I couldn't replace it, because the file is apparently in use by windows (trying to overwrite it Windows Explorer says it's open in another program).
Trying to somehow disable Code Integrity checks for it were unsuccessful, I couldn't find any instructions how to do that (exceptions for Code Integrity in windows defender work only for .exe files - and yes, I tried this for wsl.exe - it didn't work)
I tried to install all updates that I had pending in the update center, including Windows 20H2 update - and that had changed nothing as well.
So my question is - how can I fix this file, or maybe I can disable Code Integrity checks, or maybe just uninstall this security update (can't find how to uninstall it). I don't want to reinstall whole Windows as I will lose tons of configuration of my development environment, and I need WSL for docker-desktop and so on.
Please any suggestions are welcome as I am desperate at this point
P.S. Microsoft Windows [Version 10.0.19042.804]
Edition Windows 10 Pro
Version 20H2
Installed on 6/22/2020
OS build 19042.804
Experience Windows Feature Experience Pack 120.2212.551.0
Continue reading...