The purpose of this document is talk about the Event id: 3033 Code Integrity generated by Harmony EndPoint developed by Check Point Software Technologies.
QuickTip response: “That is not a problem itself, this error can be ignored, it affects to nothing, there is no security or any other impact”. Check Point Tech Support responded.
Noticed the problem when I saw that the Windows Security icon has an exclamation symbol. When investigating further the LSA protection is being reported as turned off by Microsoft Windows but in reality, it was turned on (Microsoft,1). When troubleshooting this issue by clicking on the “learn more” option and following the recommendations, a Code Integrity problem with a piece of software came out.
INTRODUCTION
Error 3033 Code Integrity is a common issue that users may encounter when using Microsoft Windows. In this excerpt, the error is related to a file called CP_aMSIpROVIDER64.DLL, which is owned by Harmony Checkpoint. In this technical report, we will discuss the causes of error 3033, the role of CP_aMSIpROVIDER64.DLL, and the steps that can be taken to resolve this issue.
In the Event Viewer you might find this similar message:
- Log Name: Microsoft/Windows/CodeIntegrity/Operational
- Event ID: 3033 Task Category: (1) Level: (2) Error
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements.
Error 3033 Code Integrity
Code Integrity is a security feature in Microsoft Windows that is designed to protect the operating system and prevent unauthorized changes to system files. Error 3033 occurs when Code Integrity is unable to verify the digital signature of a file (Microsoft,2). This can be caused by several factors, including:
- Corrupted system files
- Incorrect system settings
- Malware or virus infections
- Third-party software conflicts
If left unresolved, error 3033 can potentially lead to system crashes, data loss, and other serious problems.
CP_aMSIpROVIDER64.DLL and Harmony Checkpoint
CP_aMSIpROVIDER64.DLL is a dynamic link library (DLL) file that is used by Harmony Checkpoint (VirusTotal,3), a security software suite developed by Check Point Software Technologies. The file is responsible for providing the security functions of the software, including authentication and encryption. Harmony Checkpoint is designed to protect networks and endpoints from cyber threats, and is widely used in enterprise environments.
- There are several possible reasons why CP_aMSIpROVIDER64.DLL may cause error 3033. One possibility is that the file may be corrupted or missing. Another possibility is that there may be conflicts with other software or drivers that are installed on the system.
Resolving the Error
First things first, make sure that all your software is up to date. Then try to resolve error 3033, there are several troubleshooting steps that can be taken. These include:
- Running a full system scan for malware and viruses
- Checking for and repairing any corrupted system files
- Updating system drivers and software
- Reinstalling Harmony Checkpoint: Tech Support send me the latest client version E87.20, without success.
- Wait for the latest update of Harmony.
If the issue is related specifically to CP_aMSIpROVIDER64.DLL, there are several potential solutions that can be tried. These include:
- Replacing the file with a known-good copy from a backup or from the original software installation media
Downloading and installing the latest version of Harmony Checkpoint
Contacting Check Point Software Technologies for further assistance in which I am stuck up today when writing this document. - To prevent similar errors from occurring in the future, it is important to keep system software and drivers up to date, run regular malware scans, and avoid installing software from untrusted sources.
Conclusion
Experiencing potential vulnerabilities because a Local Security Authority protection is disabled, might be frustrating for many as is with me.
This is the response I got from Check Point Tech Support: “
“Hello Oscar,
Thank you for the update. Make sure you are searching for the specific dlls. Some of our files are not properly signed, we are working on remediating this in the next few versions. Please see the below statement in reference to this particular dll.
The process MsSense.exe that has an issue belongs to Windows Defender AV engine and it’s a PPL process (Protected Process Light). We are not monitoring such PPL processes because by default they are legitimate and can’t be abused by malware, OS applies extra protection for such processes. Our AMSI sensor library CP_AmsiProvider64.dll isn’t signed according to Microsoft requirements because it’s not designed to monitor PPL processes, such monitoring is useless in case of security. Seems like MsSense.exe process tries to load one of script engine (powershell, jscript, vbscript) and script engine automatically tries to load our AMSI sensor but because the process is PPL windows prevents such loading and blocks CP_AmsiProvider64.dll. That is not a problem itself, this error can be ignored, it affects to nothing, there is no security or any other impact.
BR,
Kevin Zhang
Technical Support Engineer (T3)
[CCES,CCSBA]”
So we can conclude based on Check Point engineers response that there is not problem at all. Thank you for reading!
Oscar Catana email me at helpdesk [at] ipthub.com
References:
1 Microsoft Learn, 2023-03-21, 12:13 PT., “Local Security Authority protection is off” with persistent restart.
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#3048msgdesc
2 Microsoft Tech Support website.
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/event-id-explanations
3 VirusTotal.com, SHA-256.
https://www.virustotal.com/gui/file/58cc31f2b0d89638f3d7adb44d36a994d25487f5c77bf662e6f173ae2f94dd40/details