5060 Verification operation failed
Written when a cryptographic verification operation fails. It indicates failures such as signature verification and captures the possibility of cryptographic faults or tampering.
Overview
The subcategory is Audit System Integrity. It is generated when a cryptographic module’s verification operation (signature verification, integrity check, etc.) fails.
How it is triggered
- When signature verification or cryptographic module integrity verification fails.
Security review points
- A verification failure can indicate a signature mismatch (tampering) or a cryptographic module fault. Together with code integrity violation 5038, check it as a sign of tampered code or data.
- Concentrations or repetition of failures should be investigated as a possible problem with cryptographic assets or an attack.
Notes for log review
- A one-off is often implementation/data-induced. Together with self-test 5056 and operation failure 5057, evaluate cryptographic health.
Key fields
| Field | Meaning |
|---|---|
| Verification target/operation | The failed verification |
Process Name | The originating process |