Hello Box Support,
I am seeing recurring Windows Security notifications on a Windows 11 system that appear to correlate with Code Integrity Event ID 3033 involving a Box Drive shell extension DLL.
Environment
- Product: Box Drive
- Box Drive version: 2.52.313.0
- BoxShellExtShim version: 2.52.313.0
- Operating System: Windows 11
- Microsoft Defender for Endpoint installed and active
- Smart App Control: Off
- Box Drive is actively used and functioning normally
Symptoms
Windows Security periodically displays notifications indicating that content has been blocked by an administrator. While investigating, I reviewed the Microsoft-Windows-CodeIntegrity/Operational log and found repeated Event ID 3033 entries.
Event Details
Event ID: 3033
Code Integrity determined that a process
\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
attempted to load
\Device\HarddiskVolume3\Program Files\Box\Box\BoxShellExtShim-2.52.313.dll
that did not meet the Windows signing level requirements.
The event is immediately followed by Event ID 3089 entries stating:
Signature information for another event. Match using the Correlation Id.
I have confirmed:
- The file exists.
- The DLL is digitally signed.
- Windows reports the signature as valid.
- Box Drive continues to operate normally.
- The issue is reproducible and generates repeated Event 3033 entries.
Additional Information
I verified the following:
Box.exe 2.52.313.0
BoxShellExtShim-2.52.313.dll 2.52.313.0
Smart App Control is disabled:
SmartAppControlState : Off
Code Integrity policy registry values currently show:
HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy
EmodePolicyRequired 0
SkuPolicyRequired 0
VerifiedAndReputablePolicyState 0
SAC_PreviousState 0xffffffff
Request
Could you please confirm:
- Whether Box is aware of any compatibility issues between Box Drive 2.52.313 and Microsoft Defender for Endpoint (
MsSense.exe) resulting in Code Integrity Event ID 3033. - Whether
BoxShellExtShim-2.52.313.dllis expected to generate these events. - Whether there is a newer shell-extension build or hotfix available.
- Whether Box has guidance for environments where Microsoft Defender for Endpoint is generating signing-level requirement failures against the Box shell extension.
I can provide additional event logs, signature details, file hashes, and system information if needed.
