Strange Error log entry for BDnet.sys with Win10Pro/32

I notice this error being logged recently and Google says it is something to with Bullguard security, but I have never installed anything with this name.

Does anyone know what it is ?. Should I just delete Bdnet.sys ?

Andrew

Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 03/12/2022 16:02:25 Event ID: 5038 Task Category: System Integrity Level: Information Keywords: Audit Failure User: N/A Computer: **** Description: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys Event Xml: <Event xmlns="

formatting link

"> <System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>5038</EventID> <Version>0</Version> <Level>0</Level> <Task>12290</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2022-12-03T16:02:25.6725113Z" /> <EventRecordID>354687</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="2832" /> <Channel>Security</Channel> <Computer>****</Computer> <Security /> </System> <EventData> <Data Name="param1">\Device\HarddiskVolume1\Windows\System32\drivers\BdNet.sys</Data> </EventData> </Event>

and

Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 03/12/2022 16:02:26 Event ID: 5038 Task Category: System Integrity Level: Information Keywords: Audit Failure User: N/A Computer: **** Description: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Program Files\Avira\Endpoint Protection SDK\drivers\firewall\Win10-Win32\BdNet.sys Event Xml: <Event xmlns="

formatting link

"> <System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>5038</EventID> <Version>0</Version> <Level>0</Level> <Task>12290</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2022-12-03T16:02:26.4369285Z" /> <EventRecordID>354689</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="2320" /> <Channel>Security</Channel> <Computer>****</Computer> <Security /> </System> <EventData> <Data Name="param1">\Device\HarddiskVolume1\Program Files\Avira\Endpoint Protection SDK\drivers\firewall\Win10-Win32\BdNet.sys</Data> </EventData> </Event>

There has been a good deal of consolidation in the industry, and Avira has acquired Bullguard.

formatting link

It might mean you have Avira installed. The installation of Avira, presumably causes Windows Defender to be disabled.

You can upload the "BdNet.sys" file to

formatting link

and have it scanned for fun. Virustotal is owned by Google, but started life as a South American company. If your browser is too old, the site won't work right.

You can also use a program like "sha256sum" and compute the checksum, and use the "Search" item on Virustotal.com web page, and see if the sha256 signature already exists for that file. That way of doing it, is most convenient if you have the tool for it.

*******

Avira no longer seems to use a separate "Avira cleaner" program to remove it.

We cannot blame these leftovers, on an incomplete removal process, like previously.

Paul