Security Grades and Codes

Spectra Core performs static analysis on samples and assigns a security grade based on detected issues. Each grade code consists of a prefix and a numeric identifier:

• RC (Recovery Code): Informational codes (codes below 21001)
• WC (Warning Code): Warning-level issues that may indicate non-optimal configurations (codes 21001-30999)
• SC (Security Code): Security issues that directly impact the sample's grade (codes 31001 and above)

Depending on the security issues, the sample can get one of the following grades:

Grade	Description
A	Best security grade. The application follows the latest standards and policies.
B	Good security grade. The application has sufficient security mechanisms implemented, but does not have all the latest features enabled.
C	Minor security issues detected. The application has some security mechanisms implemented, but is not considered safe to use in all environments.
D	Major security issues detected. The application should only be executed in secured environments.
E	Major security issues detected. The application should only be executed in highly secured environments.
F	Major security issues detected. Consider the application unsafe to run.

Grade Codes

Name	Description
RC10000	Success. No error code.
RC11001	Maximum dos_header_t::e_cblp value of 512 exceeded.
RC11002	Maximum dos_header_t::e_cblp physical range exceeded. When combined with dos_header_t::e_cp the value becomes greater than the file size.
RC11003	Invalid dos_header_t::e_cparhdr power of two alignment.
RC11004	Maximum dos_header_t::e_cparhdr value exceeded. Value should be less than dos_header_t::e_lfanew.
RC11005	Maximum dos_header_t::e_ss value exceeded. Value should be in dos_header_t::e_maxalloc range.
RC11006	Maximum dos_header_t::e_sp value exceeded. Value should be in dos_header_t::e_maxalloc range.
RC11007	Maximum dos_header_t::e_ip physical range exceeded. Value should be between headers and less than dos_header_t::e_lfanew.
RC11008	Maximum dos_header_t::e_cs physical range exceeded. Value should be between headers and less than dos_header_t::e_lfanew.
RC11009	Maximum dos_header_t::e_lfarlc value exceeded. Value should be less than dos_header_t::e_lfanew.
RC11010	Maximum dos_header_t::e_lfarlc range exceeded. Relocation table should end before dos_header_t::e_lfanew.
RC11011	Invalid dos_header_t::e_maxalloc value. Value cannot be less than dos_header_t::e_minalloc.
RC11012	Invalid dos_header_t::e_lfanew alignment. When checking in strict mode, this value must be aligned to 8 bytes.
RC11013	Minimum dos_header_t::e_lfanew value expectation was not met. It is expected that this value is greater or equal to dos_header_t size. When this value is lower than its minimum, overlapping with file headers will occur.
RC12001	Invalid file_header_t::machine value. Unknown or unsupported machine type.
RC12002	Invalid file_header_t::number_of_sections value. Minimum allowed number of sections is one.
RC12003	Invalid file_header_t::number_of_sections value. When checking in strict mode, the number of sections must not exceed 96.
RC12004	Minimum file_header_t::size_of_optional_headers value not satisfied. The length of the table is less than it is expected to be.
RC12005	Maximum file_header_t::size_of_optional_headers value exceeded. The length of the table is greater than it is expected to be.
RC13001	Invalid optional_header_t::image_base value. Set library image base value is not a multiple of page granularity.
RC13002	Invalid optional_header_t::image_base value. Set executable image base value is not a multiple of page granularity.
RC13003	Unexpected optional_header_t::address_of_entry_point value. It is expected that executable files with an entry point have it reside inside the file.
RC13004	Unexpected optional_header_t::address_of_entry_point value. It is expected that executable files with an entry point have it reside inside a section.
RC13005	Unexpected optional_header_t::address_of_entry_point location. It is expected that executable code is not in a writable section.
RC13006	Unexpected optional_header_t::address_of_entry_point location. It is expected that executable files do have an entry point.
RC13007	Invalid optional_header_t::section_alignment value. When the section alignment is lesser than page granularity, it is expected that section alignment is equal to file alignment.
RC13008	Invalid optional_header_t::section_alignment power of two alignment.
RC13009	Invalid optional_header_t::file_alignment value. When the file alignment is lesser than 512, it is expected that file alignment is equal to section alignment.
RC13010	Invalid optional_header_t::file_alignment power of two alignment.
RC13011	Unexpected optional_header_t::size_of_headers value. It is expected that this value is greater than file alignment.
RC13012	Unexpected optional_header_t::size_of_headers value. It is expected that this value is no greater than the start of the lowest non-zero section.
RC13013	Invalid optional_header_t::subsystem value. Unrecognized subsystem identifier.
RC13014	Maximum optional_header_t::number_of_rva_and_sizes value exceeded. Number of data table entries is greater than defined by the full table size.
RC13015	Force integrity is enabled by optional_header_t::dll_characteristics flags but the security table is absent.
RC13150	Unexpected image_directory_t::image_directory_entry_globalptr_k table directory address. It is expected that files with global pointer data have it reside inside a section.
RC14001	Unexpected image_section_header_t::pointer_to_raw_data value. It is not expected that sections are out of order on disk.
RC14002	Unexpected image_section_header_t::pointer_to_raw_data value. It is not expected that sections map parts of the header to their own space.
RC14003	Unexpected image_section_header_t::pointer_to_raw_data value. For files that have section alignment lesser than the architecture page size, memory and disk section layouts must match.
RC14004	Unexpected image_section_header_t::pointer_to_raw_data value. When the file enforces integrity checks uninitialized data sections must point to offset zero. Such invalid files typically fail digital signature validation checks and refuse to run.
RC18050	Invalid bound import table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18051	Invalid image_delay_import_descriptor_t::module_handle address detected. It is expected that this value resides within the section part of the file.
RC18052	Invalid image_delay_import_descriptor_t::delay_import_address_table address detected. It is expected that this value resides within the section part of the file.
RC18053	Invalid image_delay_import_descriptor_t::delay_import_address_table thunk value detected. It is expected that this value points to a function within the section part of the file.
RC18054	Invalid image_delay_import_descriptor_t::unload_delay_import_table value detected. It is expected that this value resides within the section part of the file.
RC18055	Invalid image_delay_import_descriptor_t::delay_import_name_table address detected. It is expected that this value resides within the section part of the file.
RC18056	Invalid image_delay_import_descriptor_t::name library name detected. It is expected that this value is a printable string.
RC18057	Invalid image_delay_import_descriptor_t::delay_import_name_table function name detected. It is expected that this value is a printable string.
RC18058	Invalid image_delay_import_descriptor_t::delay_import_name_table ordinal value detected. It is expected that this value is within ordinal limits.
RC18059	Invalid image_delay_import_descriptor_t::attributes detected. Delay import descriptors using both relative and virtual thunks. The file is probably corrupted.
RC18100	Invalid delay import table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18101	Invalid image_import_descriptor_t::first_thunk address detected. It is expected that this value resides within the section part of the file.
RC18102	Invalid image_import_descriptor_t::original_first_thunk address detected. It is expected that this value resides within the section part of the file.
RC18103	Invalid image_import_descriptor_t::name library name detected. It is expected that this value is a printable string.
RC18104	Invalid image_import_descriptor_t::first_thunk function name detected. It is expected that this value is a printable string.
RC18105	Invalid image_import_descriptor_t::first_thunk ordinal value detected. It is expected that this value is within ordinal limits.
RC18106	Invalid image_import_descriptor_t::original_first_thunk address detected. It is expected that this address differs from image_import_descriptor_t::first_thunk.
RC18150	Invalid import table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18151	Invalid image_export_directory_t::address_of_names forwarder name detected. It is expected that this value is a printable string.
RC18152	Invalid image_export_directory_t::address_of_functions thunk value detected. It is expected that this value resides within the section part of the file.
RC18153	Invalid image_export_directory_t::address_of_names symbol name detected. It is expected that this value is a printable string.
RC18154	Invalid image_export_directory_t::address_of_functions ordinal value detected. It is expected that this value is within ordinal limits.
RC18155	Invalid image_export_directory_t::address_of_names symbol name detected. It is expected that symbols are sorted by their name. Invalid sorting may prevent some symbols from being found.
RC18156	Invalid image_export_directory_t table layout detected. It is expected that individual tables which hold name, ordinal, and code pointers do not overlap.
RC18157	Invalid image_export_directory_t::base value detected. It is expected that this value is lesser than the limit imposed by WindowsAPI::GetProcAddress.
RC18200	Invalid export table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18201	Invalid image_tls_directory_t::callback address detected. It is expected that this value resides within the section part of the file.
RC18202	Invalid image_tls_directory_t::address_of_index address detected. It is expected that this value resides within the section part of the file.
RC18203	Invalid image_tls_directory_t::address_of_index address detected. It is expected that this value is always non-empty and set to a value within the section part of the file.
RC18204	Invalid image_tls_directory_t::start_address_of_raw_data address detected. It is expected that this value is always lesser than image_tls_director_t::end_address_of_raw_data.
RC18205	Invalid image_tls_directory_t::start_address_of_raw_data address detected. When this value is set, it is expected that it resides within the section part of the file.
RC18206	Invalid image_tls_directory_t::address_of_callbacks address detected. It is expected that this value resides within the section part of the file.
RC18207	Invalid image_tls_directory_t::address_of_callbacks address detected. When this value is set, it is expected that it resides within the section part of the file.
RC18250	Invalid tls table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18251	Invalid image_resource_data_entry_t language detected. It is not expected that language node is named.
RC18252	Invalid image_resource_data_entry_t content detected. It is expected that resource data is located within the section part of the file.
RC18253	Invalid image_resource_data_entry_t::id detected. It is expected that resource language is supported by the operating system.
RC18254	Invalid image_resource_data_entry_t::id detected. It is expected that resource sub-language is supported by the operating system.
RC18255	Invalid image_resource_data_entry_t::code_page detected. It is expected that resource codepage is supported by the operating system.
RC18256	Invalid image_resource_data_entry_t node name detected. It is expected that named resources precede the ordinal ones.
RC18257	Invalid image_resource_data_entry_t node name detected. It is expected that resources are sorted by their name. Invalid sorting may prevent some resources from being found.
RC18258	Invalid image_resource_data_entry_t entry detected. It is not expected that resource nodes contain duplicate language entries. Entry duplication may prevent some resources from being found.
RC18300	Invalid resource table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18301	Unsupported image_runtime_unwind_info_t::version detected. It is expected that this value is no greater than unwind_version_k.
RC18302	Invalid image_*_function_entry*_t::begin_address address detected. It is expected that this value resides within the section part of the file.
RC18303	Invalid image_*_function_entry*_t::exception_handler or image_runtime_function_entry64_t::unwind_info_address address detected. It is expected that this value resides within the section part of the file.
RC18304	Invalid image_*_function_entry*_t::end_address address detected. It is expected that this value resides within the section part of the file.
RC18305	Invalid image_*_function_entry*_t::end_address address detected. It is expected that this address is greater than the one specified by image_*_function_entry*_t::begin_address field.
RC18306	Invalid image_*_function_entry*_t chained address detected. It is expected that all unwind information refers to addresses which reside within the section part of the file.
RC18307	Invalid image_runtime_unwind_info_t::frame_register value detected. It is expected that the maximum register count is no greater than R15.
RC18308	Invalid image_runtime_unwind_info_t::frame_offset value detected. It is expected that the maximum frame offset is no greater than 240.
RC18309	Invalid image_runtime_unwind_info_t address detected. It is expected that this value is dword-aligned.
RC18310	Invalid image_runtime_handler_entry_t extra compiler data address detected. It is expected that this value resides within the section part of the file.
RC18311	Invalid image_runtime_unwind_code_t::unwind_code detected. It is expected that the maximum supported opcode is no greater than unwind_push_machine_frame_k.
RC18312	Invalid image_runtime_unwind_code_t::unwind_code detected. It is expected that the value unwind_reserved_k is unused.
RC18313	Invalid image_runtime_unwind_code_t::prolog_offset detected. It is expected that offset is within the area covered by the exception.
RC18314	Invalid image_runtime_unwind_code_t::prolog_offset detected. It is expected that the defined function prologue holds all unwind operations.
RC18315	Invalid image_runtime_unwind_code_t::unwind_code count detected. It is expected that the number of unwind_epilog_k codes is not odd.
RC18316	Invalid image_runtime_unwind_code_t::unwind_code position detected. It is expected that all unwind_epilog_k codes are present at the beginning of the unwind code list.
RC18317	Invalid image_*_function_entry*_t::begin_address address detected. It is expected that exceptions are sorted by their address. Invalid sorting may prevent some exception handlers from being found.
RC18318	Invalid image_*_function_entry*_t chained address detected. Unwind exception chain does not terminate at a non-chained entry.
RC18319	Invalid image_*_function_entry*_t chained address detected. Unwind exception chain creates an immediate self-reference. Structure is an infinite chain of the first order.
RC18320	Invalid image_*_function_entry*_t chained address detected. Unwind exception chain references an entry already visited in this unwind chain. Structure is an infinite chain of the second order.
RC18350	Invalid exception table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18351	Invalid image_base_relocation_entry_t::entry address. It is expected that this value resides within the section part of the file.
RC18352	Invalid image_base_relocation_entry_t::entry range. It is expected that the relocation target range resides within the section part of the file.
RC18353	Invalid image_base_relocation_entry_t::entry type. It is expected that this value is not larger than image_rel_based_high3adj_k.
RC18354	Invalid image_base_relocation_t::size_of_block value. It is expected that this value at its largest covers every consecutive smallest possible relocation for that page.
RC18355	Invalid image_base_relocation_entry_t::entry type. It is expected that this value is not equal to image_rel_based_reserved_k.
RC18356	Invalid image_base_relocation_entry_t::entry type. It is expected that the relocation type matches with the platform selected by file_header_t::machine value.
RC18357	One or more target addresses required to be relocated are not covered by the relocation table. Such addresses include load config, TLS, exception and delay import table elements. This will cause the file to be loaded in invalid state.
RC18400	Invalid relocation table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18451	Invalid image_load_config_directory*_t::lock_prefix_table entry value. It is expected that this value resides within the section part of the file.
RC18452	Invalid image_load_config_directory*_t::se_handler_table entry value. It is expected that this value resides within the section part of the file.
RC18453	Invalid image_load_config_directory*_t::guard_eh_continuation_table entry value. It is expected that this value resides within the section part of the file.
RC18454	Invalid image_load_config_directory*_t::cfg_function_table entry value. It is expected that this value resides within the section part of the file.
RC18455	Invalid image_load_config_directory*_t::guard_long_jump_target_table entry value. It is expected that this value resides within the section part of the file.
RC18456	Invalid image_load_config_directory*_t::guard_taken_iat_entry_table entry value. It is expected that this value resides within the section part of the file.
RC18457	Invalid image_load_config_directory*_t table layout detected. It is expected that individual tables which hold data pointers do not overlap.
RC18458	Unexpected image_load_config_directory*_t::lock_prefix_table entry count. Declared and detected number of table entries mismatch.
RC18459	Unexpected image_load_config_directory*_t::se_handler_table entry count. Declared and detected number of table entries mismatch.
RC18460	Unexpected image_load_config_directory*_t::guard_eh_continuation_count entry count. Declared and detected number of table entries mismatch.
RC18461	Unexpected image_load_config_directory*_t::cfg_function_table entry count. Declared and detected number of table entries mismatch.
RC18462	Unexpected image_load_config_directory*_t::guard_long_jump_target_table entry count. Declared and detected number of table entries mismatch.
RC18463	Unexpected image_load_config_directory*_t::guard_taken_iat_entry_table entry count. Declared and detected number of table entries mismatch.
RC18464	Invalid image_load_config_directory*_t::cfg_check_function_pointer address. It is expected that this value resides within the section part of the file.
RC18465	Invalid image_load_config_directory*_t::cfg_dispatch_function_pointer address. It is expected that this value resides within the section part of the file.
RC18466	Invalid image_load_config_directory*_t::xfg_check_function_pointer address. It is expected that this value resides within the section part of the file.
RC18467	Invalid image_load_config_directory*_t::xfg_dispatch_function_pointer address. It is expected that this value resides within the section part of the file.
RC18468	Invalid image_load_config_directory*_t::xfg_dispatch_table_function_pointer address. It is expected that this value resides within the section part of the file.
RC18469	Invalid image_load_config_directory*_t::rfg_failure_routine address. It is expected that this value resides within the section part of the file.
RC18470	Invalid image_load_config_directory*_t::rfg_failure_function_pointer address. It is expected that this value resides within the section part of the file.
RC18471	Invalid image_load_config_directory*_t::rfg_verify_stack_function_pointer address. It is expected that this value resides within the section part of the file.
RC18472	Invalid image_load_config_directory*_t::cast_guard_os_determined_failure_mode address. It is expected that this value resides within the section part of the file.
RC18473	Invalid image_load_config_directory*_t::guard_memcpy_function_pointer address. It is expected that this value resides within the section part of the file.
RC18474	Unexpected image_load_config_directory*_t::cfg_check_function_function_pointer value detected. Files that are control flow guard instrumented are expected to have related function pointers.
RC18475	Unexpected image_load_config_directory*_t::cfg_check_function_function_pointer value detected. Files that use dynamic value relocation table to mark addresses as protected by control flow guard expect this funtion to exist.
RC18476	Unexpected image_load_config_directory*_t::xfg_check_function_function_pointer value detected. Files that are extreme control flow guard instrumented are expected to have related function pointers.
RC18477	Unexpected image_load_config_directory*_t::rfg_verify_stack_function_pointer value detected. Files that are return flow guard instrumented are expected to have related function pointers.
RC18478	Unexpected image_load_config_directory*_t::cast_guard_os_determined_failure_mode value detected. Files that are cast guard instrumented are expected to have related function pointers.
RC18479	Unexpected image_load_config_directory*_t::guard_memcpy_function_pointer value detected. Files that are cast guard instrumented are expected to have related function pointers.
RC18480	Invalid image_load_config_directory*_t::edit_list value. This field is reserved by the system and should be set to zero.
RC18481	Invalid image_load_config_directory*_t::security_cookie value. It is expected that this value resides within the section part of the file.
RC18482	Invalid image_load_config_directory*_t::hybrid_metadata_pointer value. It is expected that this value resides within the section part of the file.
RC18483	Invalid image_load_config_directory*_t::dynamic_value_reloc_table value. It is expected that this value resides within the section part of the file.
RC18484	Invalid image_load_config_directory*_t::enclave_table value. It is expected that this value resides within the section part of the file.
RC18485	Unsupported image_dynamic_relocation_header_t::version detected. It is expected that this value is no greater than dynamic_version_k.
RC18486	Invalid image_dynamic_relocation*_t::entry address. It is expected that this value resides within the section part of the file.
RC18487	Invalid image_dynamic_relocation*_t::entry range. It is expected that the relocation target range resides within the section part of the file.
RC18488	Invalid image_dynamic_relocation*_t::entry type. It is expected that this value is not larger than image_rel_based_high3adj_k.
RC18489	Invalid image_dynamic_relocation*_t::size_of_block value. It is expected that this value at its largest covers every consecutive smallest possible relocation for that page.
RC18490	Invalid image_epilogue_dynamic_relocation_header_t::branch_count entry value. The number of return flow guard bitmap indexes must match the number of dynamic relocation entries for the symbol.
RC18491	Invalid image_epilogue_intel_relocation_entry_t::total_size entry value. It is expected that intel instructions have a minimum length of one.
RC18492	Invalid image_epilogue_intel_relocation_entry_t::total_size entry value. It is expected that intel instructions have a maximum length of sixteen.
RC18493	Invalid image_epilogue_intel_relocation_entry_t::delta_base entry value. It is expected that the instruction displacement start is lesser than instruction length.
RC18494	Invalid image_epilogue_intel_relocation_entry_t::delta_size entry value. It is expected that the instruction displacement size is lesser than instruction length.
RC18495	Invalid return flow guard intel instruction displacement range. It is expected that the instruction displacement combined start and size is lesser than instruction length.
RC18496	Data duplication detected within different dynamic relocation entry lists. It is expected that a single address relocates to a single new value.
RC18497	Invalid image_chpe_metadata_x86_t::wowa64_exception_handler_function_pointer address. It is expected that this value resides within the section part of the file.
RC18498	Invalid image_chpe_metadata_x86_t::wowa64_dispatch_call_function_pointer address. It is expected that this value resides within the section part of the file.
RC18499	Invalid image_chpe_metadata_x86_t::wowa64_dispatch_icall_function_pointer address. It is expected that this value resides within the section part of the file.
RC18500	Invalid image_chpe_metadata_x86_t::wowa64_dispatch_icall_cfg_function_pointer address. It is expected that this value resides within the section part of the file.
RC18501	Invalid image_chpe_metadata_x86_t::wowa64_dispatch_ret_function_pointer address. It is expected that this value resides within the section part of the file.
RC18502	Invalid image_chpe_metadata_x86_t::wowa64_dispatch_ret_leaf_function_pointer address. It is expected that this value resides within the section part of the file.
RC18503	Invalid image_chpe_metadata_x86_t::wowa64_dispatch_jump_function_pointer address. It is expected that this value resides within the section part of the file.
RC18504	Invalid image_chpe_metadata_x86_t::wowa64_auxiliary_import_address_table address. It is expected that this value resides within the section part of the file.
RC18505	Invalid image_chpe_range_entry_t code region detected. It is expected that this region resides within the section part of the file.
RC18506	No image_chpe_range_entry_t code regions have been detected. It is expected that a compiled hybrid file has defined code regions.
RC18507	Unexpected image_chpe_range_entry_t code regions detected. It is expected that a compiled hybrid file has more than one code region type. Currently it is expected that both Intel and ARM regions are present within the code.
RC18508	Invalid image_chpe_range_entry_t table layout detected. It is expected that individual tables which define code regions do not overlap.
RC18509	Invalid image_chpe_metadata_x86_t::wowa64_auxiliary_import_address_table thunk value. It is expected that this value resides within the defined hybrid code ranges of the file.
RC18510	Invalid image_chpe_metadata_x86_t::wowa64_auxiliary_import_address_table thunk value. It is expected that this value resides within the section part of the file.
RC18511	Unexpected image_chpe_metadata_x86_t::wowa64_auxiliary_import_address_table entry value. It is not expected that this table is present in files which do not have an import table.
RC18512	Unexpected image_chpe_metadata_x86_t::wowa64_auxiliary_import_address_table entry value. It is not expected that this table is present in files which do not have an import address table.
RC18513	Invalid image_enclave_import_t::import_name library name detected. It is expected that this value is a printable string.
RC18514	Unexpected image_enclave_import_t::import_name library name detected. It is expected that libraries imported by the enclave are defined in either import or delay import table.
RC18515	Content of both family and image identifications in image_enclave_config*_t is blank. Secure enclave image cannot be uniquely identified without this information.
RC18516	Invalid image_load_config_directory*_t::volatile_metadata_pointer value. It is expected that this value resides within the section part of the file.
RC18517	Invalid image_volatile_access_entry_t code address detected. It is expected that addresses reside within the section part of the file.
RC18518	Invalid image_volatile_range_entry_t code range detected. It is expected that code ranges reside within the section part of the file.
RC18519	Invalid image_volatile_metadata_t::maximum_version value detected. It is expected that maximum supported version is lesser than the minimum required one.
RC18520	Invalid image_volatile_range_entry_t table layout detected. It is expected that individual ranges which define code regions do not overlap.
RC18521	Invalid image_load_config_directory*_t::cfg_function_table content detected. Function table must include entry point address or else the operating system will not be able to pass control to the program.
RC18522	Invalid image_load_config_directory*_t::cfg_function_table entry value. It is expected that export suppressed addresses are aligned to a 16 byte boundary.
RC18523	Invalid image_load_config_directory*_t::cfg_guard_flags value detected. Flag image_guard_retpoline_present_k is not enabled. Presence of image_*_dynamic_relocation_t branch or transfer information within the file indicates that the flag must be set.
RC18524	Unexpected image_import_control_transfer_dynamic_relocation_t entry value. Files without an import address table should not have import transfer relocations.
RC18525	Invalid image_import_control_transfer_dynamic_relocation_t::iat_thunk_index entry value. Thunk index value exceeds the declared import address table boundaries.
RC18550	Invalid load config table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18601	Invalid image_debug_directory_t::type entry value. It is expected that this value is not greater than image_debug_type_dll_extended_k.
RC18602	Invalid image_debug_directory_t::pointer_to_raw_data offset. It is expected that this value resides within the physical limits of the file.
RC18603	Invalid image_debug_directory_t::address_of_raw_data range. It is expected that this value resides within the part of the file that maps into memory.
RC18604	Invalid image_debug_directory_t::time_date_stamp values. It is expected that this value is set, since debuggers rely on it for debug symbol versioning.
RC18605	Invalid image_debug_directory_t codeview path detected. It is expected that this value is a printable string.
RC18606	Detected that frame_pointer_data_t is present on non-Intel x86 architecture. It is expected that the frame omissions are present only on supported platforms.
RC18607	Invalid frame_pointer_data_t::frame_type entry value. It is expected that this value is not greater than frame_non_fpo_k.
RC18608	Invalid frame_pointer_data_t::function_start address detected. It is expected that this value resides within the section part of the file.
RC18609	Invalid frame_pointer_data_t::function_length entry value. It is expected that the function is at least one byte long.
RC18610	Invalid frame_pointer_data_t::prolog_length entry value. It is expected that if the prologue exists, it does not represent the total length of the function.
RC18611	Invalid frame_pointer_data_t function region detected. It is expected that this region resides within the section part of the file.
RC18612	Detected that the omitted frame uses Intel x86 EBP register while not having a prologue that could have saved the register value.
RC18613	Detected that the omitted frame uses Intel x86 EBP register while not having it preserved in its saved registers list.
RC18614	Detected that the omitted frame uses structured exception handling. This flag is incompatible with optional_header_t::dll_characteristics flag image_dllcharacteristics_no_seh_k which is also set.
RC18615	Invalid image_debug_misc_data_t executable path detected. It is expected that this value is a printable string.
RC18616	Invalid image_debug_fixup_data_t::entry target. It is expected that this value resides within the section part of the file.
RC18617	Invalid image_debug_fixup_data_t::entry range. It is expected that the fixup target range resides within the section part of the file.
RC18618	Invalid image_debug_fixup_data_t::entry source. It is expected that the fixup adjust address is referring to data which is physically available within the file.
RC18619	Invalid image_debug_fixup_data_t::entry type. It is expected that the relocation type matches with the platform selected by file_header_t::machine value.
RC18620	Invalid vc_feature_data_t::sdl_count value detected. It is implied that the SDL process also enables the buffer overrun mitigation. However, that mitigation option has been detected as disabled.
RC18621	Invalid vc_feature_data_t::guard_count value detected. It is expected that there are no guarded objects for files that have disabled control flow guard mitigation.
RC18622	Invalid ltcg_section_data_t section name detected. Name contains unprintable characters.
RC18623	Invalid ltcg_section_data_t section range detected. It is expected that this region resides within the section part of the file.
RC18624	Invalid mpx_feature_data_t signature detected. It is expected that the magic signature for this feature is jrbp_signature_k.
RC18625	Invalid mpdb_embedded_data_t signature detected. It is expected that the magic signature for this feature is mpdb_signature_k.
RC18626	Unexpected mpdb_embedded_data_t compression filter detected. It is expected that the portable PDB files are compressed with zlib.
RC18627	Invalid mpdb_embedded_data_t compressed data detected. It is expected that the compression ratio is lesser than 100 percent. Compressed data appears to be larger than the decompressed.
RC18628	Invalid mpdb_embedded_data_t compressed data detected. It is expected that the compressed data has size greater than zero.
RC18629	Invalid image_debug_type_spgo_k logging path detected. It is expected that this value is a printable string.
RC18630	Invalid image_debug_directory_t::address_of_raw_data value. It is expected that this value and image_debug_directory_t::pointer_to_raw_data point to the same data.
RC18631	Invalid image_debug_directory_t::pointer_to_raw_data value. It is expected that this offset points to the data within the overlay part of the file.
RC18700	Invalid debug table content detected. One or more of its elements refer to data that is not physically available within the file.
RC18701	Declared security table length does not match the estimated one. Size mismatch can cause digital signature validation failure.
RC18702	Detected data appended after security directory. This appendix can cause certificate validation issues. Such files typically fail digital signature validation checks.
RC18703	Invalid security table base address detected. It is expected that this table starts at a qword-aligned physical offset. Invalid security table alignment can cause digital signature validation failure.
RC18704	Invalid security table length detected. It is expected that the size of this table is qword-aligned. Invalid security table length can cause digital signature validation failure.
RC18800	Invalid security table content detected. One or more of its elements refer to data that is not physically available within the file.
RC19501	Unexpected rich header entry count. Enforced enumeration limit has been reached. Partial data table processing might cause unexpected validation errors.
RC19502	Unexpected section table entry count. Enforced enumeration limit has been reached. Partial data table processing might cause unexpected validation errors.
RC19503	Unexpected bound import table entry count. Enforced enumeration limit has been reached.
RC19504	Unexpected delay import table entry count. Enforced enumeration limit has been reached.
RC19505	Unexpected import table entry count. Enforced enumeration limit has been reached.
RC19506	Unexpected export table entry count. Enforced enumeration limit has been reached.
RC19507	Unexpected tls table entry count. Enforced enumeration limit has been reached.
RC19508	Unexpected resource table entry count. Enforced enumeration limit has been reached.
RC19509	Unexpected exception table entry count. Enforced enumeration limit has been reached. Partial data table processing might cause unexpected validation errors.
RC19510	Unexpected relocation table entry count. Enforced enumeration limit has been reached. Partial data table processing might cause unexpected validation errors.
RC19511	Unexpected load config table entry count. Enforced enumeration limit has been reached. Partial data table processing might cause unexpected validation errors.
RC19512	Unexpected debug table entry count. Enforced enumeration limit has been reached. Partial data table processing might cause unexpected validation errors.
RC19513	Unexpected security table entry count. Enforced enumeration limit has been reached.
WC21051	Detected that image_rich_header_t::product list includes a reference to an unknown product identifier.
WC21052	Detected that image_rich_header_t::product list includes a reference to import records while import table is not present in the file.
WC21053	Detected that image_rich_header_t::product with alias tooling_imp_k has an unexpected version ID. It is expected that this tool does not have version information set.
WC21054	Detected that image_rich_header_t::product list includes a reference to export records while export table is not present in the file.
WC21055	Detected that image_rich_header_t::product with alias tooling_exp_k has an unexpected use count. It is expected that this tool is used exactly once.
WC21056	Detected that image_rich_header_t::product list includes a reference to a resource compiler while resource table is not present in the file.
WC21057	Detected that image_rich_header_t::product with alias tooling_res_k has an unexpected use count. It is expected that this tool is used exactly once.
WC21058	Detected that image_rich_header_t::product list includes a reference to a managed code compiler while com descriptor table is not present in the file.
WC21059	Detected that image_rich_header_t::product with alias tooling_exp_k has duplicate entries. It is expected that this product is listed exactly once.
WC21060	Detected that image_rich_header_t::product list includes no references to linker used to generate object files.
WC21061	Detected that image_rich_header_t::product list includes no references to C++ objects while implementing cast guard protection.
WC21062	Data duplication detected within product identifier list.
WC22001	Detected that file_header_t::time_date_stamp was not set. This may indicate intentional compile time omission.
WC22002	Invalid file_header_t::pointer_to_symbol_table value. It is expected that an image file will have this value set to zero if image_file_local_symbols_stripped_k flag is set.
WC22003	Invalid file_header_t::number_of_symbols value. It is expected that an image file will have this value set to zero if image_file_local_symbols_stripped_k flag is set.
WC22004	Unused file_header_t::characteristics flag image_file_16bit_machine_k is set.
WC22005	Unused file_header_t::characteristics flag image_file_bytes_reversed_lo_k is set.
WC22006	Unused file_header_t::characteristics flag image_file_bytes_reversed_hi_k is set.
WC22007	Unused file_header_t::characteristics flag image_file_aggressive_ws_trim_k is set.
WC22008	Unexpected file_header_t::characteristics flag image_file_line_numbers_stripped_k is set while debug table is present in the data directory table. Line numbers are a deprecated debugging symbol type.
WC22009	Unexpected file_header_t::characteristics flag image_file_local_symbols_stripped_k is set while debug table is present in the data directory table. Local symbols are a deprecated debugging symbol type.
WC22010	Unexpected file_header_t::characteristics flag image_file_debug_stripped_k is set while debug table is present in the data directory table.
WC22011	Unexpected file_header_t::characteristics flag image_file_relocs_stripped_k is set while relocation table is present in the data directory table.
WC22012	Detected that file_header_t::characteristics flag image_file_relocs_stripped_k is omitted while relocation table is absent from the data directory table.
WC23001	Unexpected optional_header_t::section_alignment value. The value exceeded the allocation granularity.
WC23002	Unexpected optional_header_t::*_linker_version value. No version information has been provided by the linker.
WC23003	Unexpected optional_header_t::base_of_code value. It is expected that this value is set to the first code section start.
WC23004	Unexpected optional_header_t::size_of_code value. It is expected that this value is set to the sum of all sections that contain code.
WC23005	Unexpected optional_header_t::size_of_initialized_data value. It is expected that this value is set to the sum of all sections that contain initialized data.
WC23006	Unexpected optional_header_t::size_of_uninitialized_data value. It is expected that this value is set to the sum of all sections that contain uninitialized data.
WC23007	Unexpected optional_header_t::address_of_entry_point value. It is expected that this value is greater than optional_header_t::base_of_code.
WC23008	Unexpected optional_header_t::address_of_entry_point value. It is expected that this value is within the bounds defined by optional_header_t::base_of_code and optional_header_t::size_of_code.
WC23009	Unexpected optional_header_t::*_os_version value. Current GUI or CUI application operating system minimum is set to 3.10.
WC23010	Unexpected optional_header_t::*_os_version value. Current GUI or CUI application operating system maximum is set to 10.0.
WC23011	Unexpected optional_header_t::*_subsystem_version value. For Intel x86 Windows driver model files, this value is expected to be minimally set to 1.0.
WC23012	Unexpected optional_header_t::*_subsystem_version value. For Intel x86 non Windows driver model files, this value is expected to be minimally set to 3.10.
WC23013	Unexpected optional_header_t::*_subsystem_version value. For Intel x64 Windows driver model files, this value is expected to be minimally set to 1.1.
WC23014	Unexpected optional_header_t::*_subsystem_version value. For Intel x64 non Windows driver model files, this value is expected to be minimally set to 5.2.
WC23015	Unexpected optional_header_t::*_subsystem_version value. For ARM Windows driver model files, this value is expected to be minimally set to 1.0.
WC23016	Unexpected optional_header_t::*_subsystem_version value. For ARM non Windows driver model files, this value is expected to be minimally set to 6.2.
WC23017	Unexpected optional_header_t::*_subsystem_version value. For Posix files, this value is expected to be minimally set to 1.0.
WC23018	Unexpected optional_header_t::*_subsystem_version value. For 32bit GUI or CUI files, this value is expected to be minimally set to 3.10.
WC23019	Unexpected optional_header_t::*_subsystem_version value. For 64bit GUI or CUI files, this value is expected to be minimally set to 5.2.
WC23020	Unexpected optional_header_t::*_subsystem_version value. For 32bit UEFI or Boot files, this value is expected to be minimally set to 1.0.
WC23021	Unexpected optional_header_t::*_subsystem_version value. For 64bit UEFI or Boot files, this value is expected to be minimally set to 1.0.
WC23022	Unexpected optional_header_t::*_subsystem_version value. For Intel x86 Windows driver model files, this value is expected to be maximally set to 1.0.
WC23023	Unexpected optional_header_t::*_subsystem_version value. For Intel x86 non Windows driver model files, this value is expected to be maximally set to 10.0.
WC23024	Unexpected optional_header_t::*_subsystem_version value. For Intel x64 Windows driver model files, this value is expected to be maximally set to 1.1.
WC23025	Unexpected optional_header_t::*_subsystem_version value. For Intel x64 non Windows driver model files, this value is expected to be maximally set to 10.0.
WC23026	Unexpected optional_header_t::*_subsystem_version value. For ARM Windows driver model files, this value is expected to be maximally set to 1.0.
WC23027	Unexpected optional_header_t::*_subsystem_version value. For ARM non Windows driver model files, this value is expected to be maximally set to 10.0.
WC23028	Unexpected optional_header_t::*_subsystem_version value. For Posix files, this value is expected to be maximally set to 19.90.
WC23029	Unexpected optional_header_t::*_subsystem_version value. For 32bit GUI or CUI files, this value is expected to be maximally set to 10.0.
WC23030	Unexpected optional_header_t::*_subsystem_version value. For 64bit GUI or CUI files, this value is expected to be maximally set to 10.0.
WC23031	Unexpected optional_header_t::*_subsystem_version value. For 32bit UEFI or Boot files, this value is expected to be maximally set to 1.0.
WC23032	Unexpected optional_header_t::*_subsystem_version value. For 64bit UEFI or Boot files, this value is expected to be maximally set to 1.0.
WC23033	Unexpected optional_header_t::win32_version_value value. This field is reserved and should be set to zero for now.
WC23034	Unexpected optional_header_t::size_of_image value. It is expected that this value is a multiple of section alignment.
WC23035	Unexpected optional_header_t::size_of_headers alignment. It is expected that header size is aligned by file alignment.
WC23036	Unused optional_header_t::dll_characteristics flag image_library_thread_init_k is set.
WC23037	Unused optional_header_t::dll_characteristics flag image_library_thread_term_k is set.
WC23038	Unused optional_header_t::dll_characteristics flag image_library_process_init_k is set.
WC23039	Unused optional_header_t::dll_characteristics flag image_library_process_term_k is set.
WC23040	Unused optional_header_t::dll_characteristics flag image_dllcharacteristics_high_entropy_k is set. This flag can only be used on Intel x64 architecture.
WC23041	Unused optional_header_t::dll_characteristics flag image_dllcharacteristics_dynamic_base_k is set. This flag implicitly disables image binding. Bound table will not be used.
WC23042	Binding is disallowed by optional_header_t::dll_characteristics flags but bound table is present.
WC23043	Exceptions are disabled by optional_header_t::dll_characteristics flags but exception table is present.
WC23044	Unexpected optional_header_t::size_of_stack_reserve value. It is expected to be greater than size_of_stack_commit and page aligned.
WC23045	Unexpected optional_header_t::size_of_stack_commit value. It is expected to be lesser than size_of_stack_reserve and page aligned.
WC23046	Unexpected optional_header_t::size_of_heap_reserve value. It is expected to be greater than size_of_heap_commit and page aligned.
WC23047	Unexpected optional_header_t::size_of_heap_commit value. It is expected to be lesser than size_of_heap_reserve and page aligned.
WC23048	Unexpected optional_header_t::loader_flags value. It is expected that the loader flag image_loader_flags_winmd_library_k is only used for managed code.
WC23049	Unexpected optional_header_t::loader_flags value. It is expected to be lesser than image_loader_flags_debug_on_load_k.
WC23050	Unexpected optional_header_t::loader_flags value. This field is reserved and should be set to zero for now.
WC23051	Unexpected optional_header_t::number_of_rva_and_sizes value. The value is lesser than the default. Typically linkers leave this value at its default and leave the directories empty.
WC23101	Unexpected image_directory_t::image_directory_entry_reserved_k table directory data. This field is reserved and should be set to zero for now.
WC23102	Unexpected image_directory_t::image_directory_entry_arhitecture_k table directory data. This field is reserved and should be set to zero for now.
WC23103	Unexpected image_directory_t::image_directory_entry_globalptr_k table directory data. This field is unused by the image target platform and should be set to zero.
WC23104	Unexpected image_directory_t::image_directory_entry_globalptr_k table directory size. This field is unused by the image target platform and should be set to zero.
WC24001	Invalid image_section_header_t::name detected. Name contains unprintable characters.
WC24002	Unexpected image_section_header_t::name detected. Name contains special characters indicating that the section should not be present in the executable image.
WC24003	Deprecated image_section_header_t::pointer_to_line_numbers value is set.
WC24004	Deprecated image_section_header_t::number_of_line_numbers value is set.
WC24005	Unused image_section_header_t::pointer_to_relocations value is set.
WC24006	Unused image_section_header_t::number_of_relocations value is set.
WC24007	Detected unnecessary alignment padding at the end of a section with executable attributes.
WC24008	Detected image_scn_mem_discardable_k marked section which cannot be removed due to not being at the end of the section list.
WC24009	Section physical base will be automatically rounded down by file alignment value.
WC24010	Section physical size will be automatically rounded up by file alignment value.
WC24011	Section physical size will be truncated and only partially loaded in memory because virtual size is lesser than physical.
WC24012	Section physical size will be truncated because the specified size is greater than the total size of the file.
WC24013	Section virtual size will be automatically recalculated based on the physical size of the section.
WC24014	Section virtual size will be automatically rounded up by section alignment value.
WC24015	Unused image_section_header_t::characteristics flag image_scn_type_dsect_k is set.
WC24016	Unused image_section_header_t::characteristics flag image_scn_type_noload_k is set.
WC24017	Unused image_section_header_t::characteristics flag image_scn_type_group_k is set.
WC24018	Unused image_section_header_t::characteristics flag image_scn_type_no_pad_k is set.
WC24019	Unused image_section_header_t::characteristics flag image_scn_type_copy_k is set.
WC24020	Unused image_section_header_t::characteristics flag image_scn_lnk_other_k is set.
WC24021	Unused image_section_header_t::characteristics flag image_scn_lnk_info_k is set.
WC24022	Unused image_section_header_t::characteristics flag image_scn_type_over_k is set.
WC24023	Unused image_section_header_t::characteristics flag image_scn_lnk_remove_k is set.
WC24024	Unused image_section_header_t::characteristics flag image_scn_lnk_comdata_k is set.
WC24025	Unused image_section_header_t::characteristics flag image_scn_lnk_nreloc_ovfl_k is set.
WC24026	Unused image_section_header_t::characteristics flag image_scn_no_defer_spec_exc_k is set.
WC24027	Unused image_section_header_t::characteristics flag image_scn_mem_16bit_k is set.
WC24028	Unused image_section_header_t::characteristics flag image_scn_mem_locked_k is set.
WC24029	Unused image_section_header_t::characteristics flag image_scn_mem_preload_k is set.
WC24030	Unused image_section_header_t::characteristics flag image_scn_mem_not_cached_k is set.
WC24031	Unused image_section_header_t::characteristics flag image_scn_align_XXX_k is set.
WC24032	Unused image_section_header_t::characteristics flag image_scn_gprel_k is set.
WC24033	Detected that image_section_header_t::characteristics is missing common attributes. One or more sections found to be missing image_scn_cnt_code_k for sections marked with image_scn_mem_execute_k.
WC24034	Detected that image_section_header_t::characteristics combines unlikely attributes. One or more sections found to combine image_scn_mem_write_k and image_scn_mem_execute_k.
WC24035	Detected that image_section_header_t::characteristics combines unlikely attributes. One or more sections found to combine image_scn_mem_write_k and image_scn_cnt_code_k.
WC24036	Detected that image_section_header_t::characteristics combines unlikely attributes. One or more sections found to combine image_scn_mem_write_k and image_scn_mem_discardable_k.
WC24037	Detected that image_section_header_t::characteristics combines unlikely attributes. One or more sections found to combine image_scn_mem_execute_k and image_scn_mem_discardable_k.
WC24038	Detected that image_section_header_t::characteristics combines unlikely attributes. One or more sections found to combine image_scn_mem_shared_k and image_scn_mem_discardable_k.
WC24039	Detected that image_section_header_t::characteristics combines unlikely attributes. One or more sections found to combine image_scn_mem_execute_k and image_scn_mem_shared_k.
WC24040	No image_section_header_t::characteristics memory access flags are set. The loader will implicitly consider the section as read-only.
WC28001	Empty timestamp detected for a bound import table entry.
WC28002	Invalid bound library file path detected.
WC28003	Invalid bound forward file path detected.
WC28004	Data duplication detected within bound library list.
WC28005	Data duplication detected within bound forward list.
WC28050	Declared bound import table length does not match the estimated one.
WC28051	Empty timestamp detected for a delay bound table entry.
WC28052	Empty external address detected for a delay bound table entry. It is expected that the bound address resides within the module.
WC28053	Unexpected delay import table thunk alignment detected.
WC28054	Unexpected delay import table loader alignment detected.
WC28055	Data duplication detected within delay import library list.
WC28056	Data overlapping detected within delay import element list.
WC28057	Unexpected delay import table thunk section attributes detected. It is expected that the image_scn_cnt_initialized_data_k attribute is set.
WC28058	Unexpected delay import table thunk layout detected. Thunks seem to be scattered across different sections.
WC28059	Empty delay import element list detected. Library required by this element list will not be loaded.
WC28060	Detected that a delay import table is being used without an import table present to provide module loading support.
WC28100	Declared delay import table length does not match the estimated one.
WC28101	Unexpected import table thunk alignment detected.
WC28102	Unexpected original import table thunk alignment detected.
WC28103	Old style import table binding was detected while no bound table was present in the file.
WC28104	New style import table binding was detected while no bound table was present in the file.
WC28105	Data duplication detected within import library list.
WC28106	Data overlapping detected within import element list.
WC28107	Unexpected import table thunk section attributes detected. It is expected that the image_scn_cnt_initialized_data_k attribute is set.
WC28108	Unexpected import table thunk layout detected. Thunks seem to be scattered across different sections.
WC28109	Empty import element list detected. Library required by this element list will not be loaded.
WC28110	Detected bound import entries that are not linked with the import table.
WC28111	Detected mismatch between the number of first and original first thunks.
WC28150	Declared import table length does not match the estimated one.
WC28151	Detected possible export forwarder infinite recursion.
WC28152	Data duplication detected within export forward list.
WC28153	Data duplication detected within export symbol list.
WC28154	Data duplication detected within export ordinal list.
WC28155	Data duplication detected within export address list.
WC28156	Data overlapping detected within export element list.
WC28157	Unexpected export table thunk section attributes detected. It is expected that the image_scn_cnt_initialized_data_k attribute is set.
WC28158	Unexpected export function table thunk layout detected. Thunks seem to be scattered across different sections.
WC28159	Unexpected export ordinal name table thunk layout detected. Thunks seem to be scattered across different sections.
WC28160	Detected empty export module file name string. Compilers usually set this value to file name which is produced during compilation.
WC28161	Detected invalid export module file name string. It is expected that this value is a printable string and a valid file path.
WC28162	Detected that the export table address is exporting all symbols by ordinal numbers.
WC28163	Detected empty export address table. It is unusual for export table to be present with no symbols being provided to other modules.
WC28164	Detected that the image_export_directory_t::characteristics value is set. This field is currently reserved and its value should be set to zero.
WC28200	Declared export table length does not match the estimated one.
WC28201	Data duplication detected within TLS callback list.
WC28202	Unexpected TLS index section attributes detected. It is expected that image_scn_mem_write_k attribute is set.
WC28203	Unexpected TLS index section attributes detected. It is expected that image_scn_cnt_initialized_data_k attribute is set.
WC28204	Unexpected raw TLS start section attributes detected. It is expected that image_scn_cnt_initialized_data_k attribute is set.
WC28205	Unexpected raw TLS start address detected. It is expected that this value resides within the section part of the file.
WC28206	Unexpected TLS callback section attributes detected. It is expected that image_scn_cnt_initialized_data_k attribute is set.
WC28207	TLS callback element list has at least one valid address present. However, since import table is not present within the file, the operating system will never call these functions.
WC28208	Empty TLS callback element list detected. No functions will be executed prior to entry point or during program termination.
WC28250	Declared TLS table length does not match the estimated one.
WC28251	Unexpected image_resource_data_entry_t entry depth detected. It is expected that resource data is located on the language node.
WC28252	Unexpected image_resource_data_entry_t type detected. It is not expected that the RT_DLGINCLUDE resource is present within the compiled file.
WC28253	Unexpected RT_MANIFEST language node name detected. It is not expected that language node ordinal is lesser than MINIMUM_RESERVED_MANIFEST_RESOURCE_ID.
WC28254	Detected unexpected presence of CREATE_PROCESS_MANIFEST_ID resource. It is expected that this resource entry is present only within applications.
WC28255	Unexpected RT_MANIFEST language node name detected. It is not expected that language node ordinal is within ISOLATION_AWARE_NONSTATIC_ID and MAXIMUM_RESERVED_MANIFEST_RESOURCE_ID range.
WC28256	Data duplication detected within resource entry list.
WC28257	Unexpected resource table entry layout detected. Entries seem to be scattered across different sections or not ordered linearly.
WC28258	Detected that the image_resource_directory_t::characteristics field has a value. It is expected that this field is reserved and set to zero.
WC28259	Data overlapping detected within resource entry list.
WC28260	Resource type RT_GROUP_ICON has been detected but no RT_ICON or RT_ANIICON entries are present.
WC28261	Resource type RT_GROUP_CURSOR has been detected but no RT_CURSOR or RT_ANICURSOR entries are present.
WC28262	Detected that the image requires isolation while simultaneously providing an application manifest. This will cause the operating system to ignore RT_MANIFEST during image load.
WC28263	Unexpected resource table entry layout detected. Lowest and highest found resource data entries are not within the same section.
WC28264	Unexpected resource table entry layout detected. RT_CURSOR entries seem to be scattered across different sections or not ordered linearly.
WC28265	Unexpected resource table entry layout detected. RT_BITMAP entries seem to be scattered across different sections or not ordered linearly.
WC28266	Unexpected resource table entry layout detected. RT_ICON entries seem to be scattered across different sections or not ordered linearly.
WC28267	Unexpected resource table entry layout detected. RT_MENU entries seem to be scattered across different sections or not ordered linearly.
WC28268	Unexpected resource table entry layout detected. RT_DIALOG entries seem to be scattered across different sections or not ordered linearly.
WC28269	Unexpected resource table entry layout detected. RT_STRING entries seem to be scattered across different sections or not ordered linearly.
WC28270	Unexpected resource table entry layout detected. RT_FONTDIR entries seem to be scattered across different sections or not ordered linearly.
WC28271	Unexpected resource table entry layout detected. RT_FONT entries seem to be scattered across different sections or not ordered linearly.
WC28272	Unexpected resource table entry layout detected. RT_ACCELERATOR entries seem to be scattered across different sections or not ordered linearly.
WC28273	Unexpected resource table entry layout detected. RT_RCDATA entries seem to be scattered across different sections or not ordered linearly.
WC28274	Unexpected resource table entry layout detected. RT_MESSAGETABLE entries seem to be scattered across different sections or not ordered linearly.
WC28275	Unexpected resource table entry layout detected. RT_GROUP_CURSOR entries seem to be scattered across different sections or not ordered linearly.
WC28276	Unexpected resource table entry layout detected. RT_GROUP_ICON entries seem to be scattered across different sections or not ordered linearly.
WC28277	Unexpected resource table entry layout detected. RT_VERSION entries seem to be scattered across different sections or not ordered linearly.
WC28278	Unexpected resource table entry layout detected. RT_DLGINCLUDE entries seem to be scattered across different sections or not ordered linearly.
WC28279	Unexpected resource table entry layout detected. RT_PLUGPLAY entries seem to be scattered across different sections or not ordered linearly.
WC28280	Unexpected resource table entry layout detected. RT_VXD entries seem to be scattered across different sections or not ordered linearly.
WC28281	Unexpected resource table entry layout detected. RT_ANICURSOR entries seem to be scattered across different sections or not ordered linearly.
WC28282	Unexpected resource table entry layout detected. RT_ANIICON entries seem to be scattered across different sections or not ordered linearly.
WC28283	Unexpected resource table entry layout detected. RT_HTML entries seem to be scattered across different sections or not ordered linearly.
WC28284	Unexpected resource table entry layout detected. RT_MANIFEST entries seem to be scattered across different sections or not ordered linearly.
WC28285	Unexpected resource table entry layout detected. Named or custom ordinal entries seem to be scattered across different sections or not ordered linearly.
WC28286	Detected the presence a resource node that has no data entries.
WC28300	Declared resource table length does not match the estimated one.
WC28301	Detected that the file is using more than one version of unwind structure.
WC28302	Detected that an image_runtime_function_entry64_t assigned to a leaf function. It is not necessary to cover these functions with exception handling information.
WC28303	Unexpected unwind code offset layout detected. Entries do not seem to be ordered linearly.
WC28304	Detected that multiple image_runtime_unwind_info_t structures have the same content. This data duplication overhead can be eliminated by reusing an existing image_runtime_unwind_info_t entry.
WC28305	Detected that the same x64 register has been saved multiple times within a single unwind code stream.
WC28306	Detected that the same XMM register has been saved multiple times within a single unwind code stream.
WC28307	Unexpected exception table handler data section attributes detected. It is expected that the image_scn_cnt_initialized_data_k attribute is set.
WC28308	Detected that the exception table is present with no language-specific exception handling routines.
WC28309	Detected that the exception table is present with no valid unwind information entries.
WC28350	Declared exception table length does not match the estimated one.
WC28351	Unexpected relocation table page layout detected. Entries do not seem to be ordered linearly.
WC28352	Data duplication detected within relocation entry list.
WC28353	Data overlapping detected within relocation entry list. The same address within the file is affected by more than one relocation.
WC28354	Data overlapping detected within relocation entry list. Relocation table is being affected by relocations.
WC28355	One or more empty relocation blocks detected. No relocation will be applied to those memory regions.
WC28356	Detected relocation block with incorrectly used padding entries. Absolute entries should only be used at the end of the block for padding purposes.
WC28400	Declared relocation table length does not match the estimated one.
WC28401	Detected that import address table start does not match the lowest found import thunk value.
WC28402	Detected that import address table end does not match the highest found import thunk value.
WC28451	Unexpected image_load_config_encoded_t::field flag value. It is expected that the maximum flag value is image_guard_flag_function_signature_k.
WC28452	Unexpected image_load_config_encoded_t::field flag value. It is expected that this flag is not set for image_load_config_directory*_t::guard_eh_continuation_table entries.
WC28453	Unexpected image_load_config_encoded_t::field flag value. It is expected that this flag is not set for image_load_config_directory*_t::guard_long_jump_target_table entries.
WC28454	Unexpected image_load_config_encoded_t::field flag value. It is expected that this flag is not set for image_load_config_directory*_t::guard_taken_iat_entry_table entries.
WC28455	Detected an empty image_load_config_directory*_t::se_handler_table entry list.
WC28456	Data duplication detected within image_load_config_directory*_t::lock_prefix_table entry list.
WC28457	Data duplication detected within image_load_config_directory*_t::se_handler_table entry list.
WC28458	Data duplication detected within image_load_config_directory*_t::guard_eh_continuation_table entry list.
WC28459	Data duplication detected within image_load_config_directory*_t::cfg_function_table entry list.
WC28460	Data duplication detected within image_load_config_directory*_t::guard_long_jump_target_table entry list.
WC28461	Data duplication detected within image_load_config_directory*_t::guard_taken_iat_entry_table entry list.
WC28462	Unexpected image_load_config_directory*_t::lock_prefix_table address detected. It is expected that lock prefixes are sorted by their address.
WC28463	Unexpected image_load_config_directory*_t::se_handler_table address detected. It is expected that exceptions are sorted by their address. Invalid sorting may prevent some exception handlers from being found.
WC28464	Unexpected image_load_config_directory*_t::guard_eh_continuation_table address detected. It is expected that guarded exceptions are sorted by their address.
WC28465	Unexpected image_load_config_directory*_t::cfg_function_table address detected. It is expected that guarded function targets are sorted by their address.
WC28466	Unexpected image_load_config_directory*_t::guard_long_jump_target_table address detected. It is expected that guarded long jumps are sorted by their address.
WC28467	Unexpected image_load_config_directory*_t::guard_taken_iat_entry_table address detected. It is expected that guarded imports are sorted by their address.
WC28468	Detected that the set value for image_load_config_directory*_t::critical_section_timeout is greater than the system default. Increasing the timeout value is not recommended.
WC28469	Detected that the same flags are being both set and unset in image_load_config_directory*_t::global_flags_set and image_load_config_directory*_t::global_flags_clear.
WC28470	Detected that the flag flg_user_stack_trace_db_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28471	Detected that the flag flg_heap_disable_coalescing_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28472	Detected that the flag flg_disable_stack_extension_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the stability of the application and therefore it should only be used for debugging purposes.
WC28473	Detected that the flag flg_critsec_event_creation_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the stability of the application and therefore it should only be used for debugging purposes.
WC28474	Detected that the flag flg_application_verifier_k is set in image_load_config_directory*_t::global_flags_set. Using this flag enables system features that are used for user-mode application testing, such as page heap verification, lock checks, and handle checks. This feature impacts performance and should be used only if necessary.
WC28475	Detected that the flag flg_heap_enable_tail_check_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28476	Detected that the flag flg_heap_enable_free_check_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28477	Detected that the flag flg_heap_validate_parameters_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28478	Detected that the flag flg_heap_validate_all_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28479	Detected that the flag flg_heap_enable_tagging_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28480	Detected that the flag flg_heap_enable_tag_by_dll_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28481	Detected that the flag flg_heap_page_allocs_k is set in image_load_config_directory*_t::global_flags_set. Using this flag may impact the performance of the application and therefore it should only be used for debugging purposes.
WC28482	Detected that the flag flg_enable_system_crit_breaks_k is set in image_load_config_directory*_t::global_flags_set. Using this flag enables better use of the system debugger and therefore it should only be used in debug builds.
WC28483	Detected that the flag flg_show_ldr_snaps_k is set in image_load_config_directory*_t::global_flags_set. Using this flag enables better use of the system debugger and therefore it should only be used in debug builds.
WC28484	Detected that the flag flg_disable_protdlls_k is set in image_load_config_directory*_t::global_flags_set. Using this flag has no effect on the system.
WC28485	Detected that the flag flg_stop_on_exception_k is set in image_load_config_directory*_t::global_flags_set. Using this flag enables better use of the system debugger and therefore it should only be used in debug builds.
WC28486	Detected that the flag flg_stop_on_exception_k is set in image_load_config_directory*_t::global_flags_set. This flag is incompatible with optional_header_t::dll_characteristics flag image_dllcharacteristics_no_seh_k which is also set.
WC28487	Detected that the flag flg_stop_on_unhandled_exception_k is set in image_load_config_directory*_t::global_flags_set. This flag is incompatible with optional_header_t::dll_characteristics flag image_dllcharacteristics_no_seh_k which is also set.
WC28488	Detected that the flag flg_stop_on_unhandled_exception_k is set in image_load_config_directory*_t::global_flags_set. Using this flag enables better use of the system debugger and therefore it should only be used in debug builds.
WC28489	Detected that the flag image_guard_rf_enable_k is set in image_load_config_directory*_t::cfg_guard_flags. Using this flag has no effect on the system. The feature is deprecated.
WC28490	Detected that the flag image_guard_rf_instrumented_k is set in image_load_config_directory*_t::cfg_guard_flags. Using this flag has no effect on the system. The feature is deprecated.
WC28491	Detected that the flag image_guard_rf_strict_k is set in image_load_config_directory*_t::cfg_guard_flags. Using this flag has no effect on the system. The feature is deprecated.
WC28492	Detected that the flag image_guard_eh_deprecated_flag_value_k is set in image_load_config_directory*_t::cfg_guard_flags. Using this flag has no effect on the system. The feature is deprecated.
WC28493	Detected that the flag image_guard_retpoline_present_k is set in image_load_config_directory*_t::cfg_guard_flags. Using this flag has no effect on the system. There is no image_*_dynamic_relocation_t branch or transfer information within the file.
WC28494	Unexpected image_enclave_config*_t::enclave_flags flag value. It is expected that the maximum flag value is image_enclave_flag_primary_image_k.
WC28495	Unexpected image_enclave_config*_t::policy_flags flag value. It is expected that the maximum flag value is image_enclave_policy_debuggable_k.
WC28496	Detected that the set value for image_enclave_config*_t::thread_count is greater than the recommended system maximum. Increasing this value beyond 2048 is not recommended.
WC28497	Unexpected image_enclave_config*_t::enclave_size value. This value is expected to be page aligned.
WC28498	Detected that the flag image_guard_cf_enable_export_suppression_k is set in image_load_config_directory*_t::cfg_guard_flags while the import table is not present. This option will be ignored.
WC28499	Detected that the flag image_guard_cf_enable_export_suppression_k is set in a library image. This feature is only available for executable files. This option will be ignored.
WC28500	Detected that the flag image_guard_flag_export_suppressed_k is used for one or more guard table entries while the export table is not present. This option will be ignored.
WC28501	Detected that the flag image_guard_cf_export_suppression_info_present_k is set in image_load_config_directory*_t::cfg_guard_flags while the export table is not present. This indicates that the image can be safely loaded by an export suppressed process.
WC28502	Detected that the flag image_guard_cf_export_suppression_info_present_k is not set in image_load_config_directory*_t::cfg_guard_flags while the export table is present. This reduces the effectiveness of control flow guard for executables that import this library.
WC28503	Detected that the flag image_guard_cf_protect_delayload_iat_k is set in image_load_config_directory*_t::cfg_guard_flags while the delay import table is not present. This option will be ignored.
WC28504	Detected that the flag image_guard_delayload_iat_in_its_own_section_k is set in image_load_config_directory*_t::cfg_guard_flags while the delay import table is not present. This option will be ignored.
WC28505	Detected that the flag image_guard_eh_continuation_table_present_k is used for one or more guard table entries while the exception table is not present. This option will be ignored.
WC28506	Detected that the flag image_guard_flag_language_handling_k is used for one or more guard table entries while the exception table is not present. This option will be ignored.
WC28507	Detected that the image_load_config_directory*_t::cfg_function_table address is not properly aligned.
WC28508	Detected that image_load_config_directory*_t::hybrid_metadata_pointer is present on non-Hybrid Intel-ARM architecture. This option will be ignored.
WC28509	Detected that image_load_config_directory*_t::enclave_table is present on non-Intel architecture. This option will be ignored, as this is an SGX-specific feature.
WC28510	Detected that image_load_config_directory*_t::se_handler_table is present on non-Intel architecture. This will be ignored, as exception handling is table-based for this system.
WC28511	Detected that image_load_config_directory*_t::se_handler_table is present on Intel x64 architecture. This will be ignored, as exception handling is table-based for this system.
WC28512	Detected that image_*_dynamic_relocation_t branch or transfer is present on Intel x86 architecture. This will be ignored, as retpoline mitigations are not available for this system.
WC28513	Detected that an unknown flag is set within image_dynamic_relocation*_t::flags.
WC28514	The value of image_dynamic_relocation*_t::symbol is not a previously known symbol and group name combination.
WC28515	Detected that the value of image_dynamic_relocation*_t::symbol matches return flow guard prologue. The feature is deprecated.
WC28516	Detected that the value of image_dynamic_relocation*_t::symbol matches return flow guard epilogue. The feature is deprecated.
WC28517	Detected the presence of unexpected header data following the image_dynamic_relocation*_t structure.
WC28518	Detected that a known kernel symbol and group name combination is being used by a non-system image.
WC28519	Unexpected image_dynamic_relocation*_t::entry type detected. It is expected that the only relocation type used for dynamic relocations is image_rel_based_absoulute_k.
WC28520	Unexpected image_dynamic_relocation*_t::slot count detected. It is expected that dynamic relocations only use one slot for all symbol relocations.
WC28521	Detected dynamic relocation block with incorrectly used padding entries. Absolute entries should only be used at the end of the block for padding purposes.
WC28522	Unexpected image_switchtable_branch_dynamic_relocation_t::register_number value detected. Switch tables are not expected to utilize stack pointer.
WC28523	Unexpected image_switchtable_branch_dynamic_relocation_t::register_number value detected. Switch tables are not expected to utilize base pointer.
WC28524	Unexpected hybrid range table layout detected. Entries do not seem to be ordered linearly.
WC28525	Unexpected dynamic relocation table page layout detected. Entries do not seem to be ordered linearly.
WC28526	Unexpected volatile access table page layout detected. Entries do not seem to be ordered linearly.
WC28527	Unexpected volatile range table page layout detected. Entries do not seem to be ordered linearly.
WC28528	Detected that enclave module unique identification property is used for matching, but that its content is empty.
WC28529	Detected that enclave module author identification property is used for matching, but that its content is empty.
WC28530	Detected that enclave module image identification property is used for matching, but that its content is empty.
WC28531	Detected that enclave module family identification property is used for matching, but that its content is empty.
WC28532	Detected that enclave module family identification property is referring to the enclave itself. This causes function redirection from external dependency to internal module code.
WC28533	Data duplication detected within the dynamic relocation symbol and group name combination list.
WC28534	Data duplication detected within the same dynamic relocation entry list.
WC28535	Data duplication detected within the auxiliary import table function list.
WC28536	Data duplication detected within the security enclave imported module list.
WC28537	Data duplication detected within the security enclave image identity list.
WC28538	Data duplication detected within the volatile access table list.
WC28600	Declared load config table length does not match the estimated one.
WC28601	Detected that the image_debug_directory_t::characteristics value is set. This field is currently reserved and its value should be set to zero.
WC28602	Detected image_debug_directory_t::type entry image_debug_type_unknown_k which will be skipped by debuggers. This entry is redundant and can be removed safely.
WC28603	Detected image_debug_directory_t::type entry image_debug_type_exception_k. This entry is not expected within the executable image, as it is commonly found with the file that contains debug symbols.
WC28604	Detected image_debug_directory_t::type entry image_debug_type_omap_to_src_k. This entry is not expected within the executable image, as it is commonly found with the file that contains debug symbols.
WC28605	Detected image_debug_directory_t::type entry image_debug_type_omap_from_src_k. This entry is not expected within the executable image, as it is commonly found with the file that contains debug symbols.
WC28606	Detected image_debug_directory_t::type entry image_debug_type_clsid_k. This entry is not expected within the executable image, as it is commonly found with the file that contains debug symbols.
WC28607	Detected image_debug_directory_t::type entry image_debug_type_iltcg_k. This entry is informative and indicates that the image was built using incremental linking. It can be removed to save space.
WC28608	Detected image_debug_directory_t::type entry image_debug_type_repro_k. This entry indicates that timestamps are set to a predetermined value and thus cannot be used to determine the accurate age of the file.
WC28609	Detected image_debug_directory_t::type entry image_debug_type_coff_k. This entry is unexpected because file_header_t::characteristics flag image_file_line_numbers_stripped_k has been set.
WC28610	Detected image_debug_directory_t::type entry image_debug_type_coff_k. This entry is unexpected because file_header_t::characteristics flag image_file_local_symbols_stripped_k has been set.
WC28611	Detected image_debug_directory_t::type entry image_debug_type_exception_k. This entry is unexpected because exception table is not present within the file.
WC28612	Detected image_debug_directory_t::type entry image_debug_type_exception_k. This entry is unexpected because optional_header_t::dll_characteristics flag image_dllcharacteristics_no_seh_k has been set.
WC28613	Detected image_debug_directory_t::type entry image_debug_type_pdb_checksum_k. This entry is unexpected because neither image_debug_type_codeview_k nor image_debug_type_pdb_embedded_k debug entries are present.
WC28614	Detected image_debug_type_codeview_k directory with the version schema that indicates the linked file is stored in the new portable PDB format.
WC28615	Unexpected rsds_directory_t::revision value detected. It is expected that the value of this field is set to one due to specified debug directory version schema.
WC28616	Unexpected nb10_directory_t::creation value detected. It is expected that the creation timestamp matches the one within the debug directory.
WC28617	Detected that the codeview symbols are located within a file that doesn't have the expected PDB file extension.
WC28618	Detected that the executable is using an outdated version of codeview symbols. This might be a legacy application or this may be an artifact of an outdated toolchain.
WC28619	Detected that the rsds_directory_t::revison is not set. It is expected that the revision tracking starts with this field value set to one.
WC28620	Detected that the rsds_directory_t::guid value is not cryptographically secure. Private information such as compile time and MAC address of the machine the file was built on are present within the GUID. This may be an artifact of an outdated toolchain.
WC28621	Detected that the rsds_directory_t::guid value was made using a weak cryptography algorithm. Detected algorithm is MD5 which should be superseded by a random value implementation. Private information such as fully qualified domain name of the machine on which the file was built were hashed by an insecure algorithm.
WC28622	Detected that the rsds_directory_t::guid value was made using a weak cryptography algorithm. Detected algorithm is SHA1 which should be superseded by a random value implementation. Private information such as fully qualified domain name of the machine on which the file was built were hashed by an insecure algorithm.
WC28623	Detected frame_pointer_data_t::frame_type that indicates the presence of a trap frame. These types of stack frames are not expected in user mode applications.
WC28624	Detected frame_pointer_data_t::frame_type that indicates the presence of a TSS frame. These types of stack frames are not expected in user mode applications.
WC28625	Unexpected frame_pointer_data_t::function_start address detected. It is expected that omitted frame pointers are sorted by their address.
WC28626	Unexpected image_debug_misc_data_t debug symbol file path detected. It is expected that this structure points to a file with the DBG extension.
WC28627	Detected that the image was modified post linking with special compiled code optimization tools. This may impair some static analysis tools, as the application code might be rearranged for smaller memory footprint.
WC28628	Unexpected image_debug_type_pogo_k signature found. It is expected that the data signature identifies already known profile guided optimization technologies.
WC28629	Unexpected ltcg_section_data_t range address detected. It is expected that linker ranges are sorted by their base address.
WC28630	Unexpected vc_feature_data_t structure size detected. The structure contains trailing elements that were left encoded during parsing. It is possible that the file was linked with a newer or unsupported linker version.
WC28631	Unexpected vc_feature_data_t::cpp_count value detected. It is not expected that debug type image_debug_type_vc_feature_k is present for files that do not have any C++ objects.
WC28632	Detected that the image was not built with the latest buffer overrun protection.
WC28633	Detected that the image was built with buffer overrun protection. However, there are no protected stack objects, which effectively disables the mitigation effects.
WC28634	Unexpected vc_feature_data_t::stack_count value detected. It is expected that the number of protected stack objects is lesser than the number of C++ objects.
WC28635	Detected that the number of SDL protected objects is zero. It is not expected that vc_feature_data_t::sdl_count value is zero for files that do have C++ objects present.
WC28636	Unexpected vc_feature_data_t::sdl_count value detected. It is expected that the number of SDL protected objects is lesser than the number of C++ objects.
WC28637	Detected that the image was built with enabled control flow guard. However, there are no guarded objects, which effectively disables the mitigation effects.
WC28638	Detected that the number of guarded objects is zero. It is not expected that vc_feature_data_t::guard_count value is zero for files that do have C++ objects present.
WC28639	Unexpected vc_feature_data_t::guard_count value detected. It is expected that the number of guarded objects is lesser than the number of C++ objects.
WC28640	Detected that the image was built with the Intel memory protection extension turned on. This feature is deprecated and will not be used as a security mitigation.
WC28641	Detected that the image was built with the Intel memory protection extension turned on. Non-default protection options have been set. This is unexpected, as the available toolchain configuration uses hardcoded values.
WC28642	Unexpected image_debug_type_pdb_embedded_k directory version detected. It is expected that the debug directory minor version is set to 0x100.
WC28643	Detected image_debug_directory_t::type entry with the value image_debug_type_pdb_embedded_k. It is recommended that embedded PDB files are removed from the image before release.
WC28644	Detected that the portable PDB integrity is verified via MD5 hash. This algorithm is considered insecure and should be replaced with SHA256 that is the default for integrity validation for this data.
WC28645	Detected that the portable PDB integrity is verified via SHA1 hash. This algorithm is considered insecure and should be replaced with SHA256 that is the default for integrity validation for this data.
WC28646	Unexpected image_debug_type_pdb_checksum_k directory version detected. It is expected that the debug directory major and minor version combination is set to 1.0.
WC28647	Detected that the image was built with extended characteristic flags. Its value exceeds the expected maximum flag value of image_dllcharacteristics_ex_cet_dynamic_apis_allow_in_proc_k.
WC28648	Detected presence of debug data within section region. This is not memory-efficient, as debug data is loaded in memory each time the application starts. This data should either be stripped or moved to file overlay.
WC28649	Detected presence of a non-empty image_debug_type_iltcg_k debug directory. This is unexpected, as this directory is typically only informative and normally has no data.
WC28650	Detected presence of a non-empty image_debug_type_repro_k debug directory. This is unexpected, as this directory is typically only informative and normally has no data.
WC28651	Unexpected image_debug_directory_t::type entry image_debug_type_coff_k placement detected. It is expected that old style debug symbols are placed in file overlay to conserve memory while the image is loaded.
WC28652	Unexpected image_debug_directory_t::type entry image_debug_type_fpo_k placement detected. It is expected that frame pointer omissions are placed in file overlay to conserve memory while the image is loaded.
WC28653	Unexpected image_debug_directory_t::type entry image_debug_type_misc_k placement detected. It is expected that old style debug symbols are placed in file overlay to conserve memory while the image is loaded.
WC28654	Data physical range overlapping detected within debug entry list.
WC28655	Data virtual memory overlapping detected within debug entry list.
WC28656	Data overlapping detected within linker section list.
WC28657	Data duplication detected within debug entry list.
WC28700	Declared debug table length does not match the estimated one.
WC28701	Detected an outdated image_certificate_directory_t version. It is recommended that the file is re-signed to update the digital signature.
WC28702	Detected a presence of an empty image_certificate_directory_t entry. Such empty table elements can safely be removed.
WC28703	Detected that the file is digitally signed more than twice. While dual-signing is common, having more than two signers might indicate issues in digital signing process.
SC31001	Invalid dos_header_t::e_lfanew value. When this value is lower than its minimum, overlapping with file headers will occur. Lowers grade to F.
SC31501	Detected that image_rich_header_t::product list includes a reference to an older toolchain version. This outdated compiler version lacks built-in protection from integer based overflow attacks while dynamically allocation memory buffers. Lowers grade to D.
SC31502	Detected that image_rich_header_t::product list includes a reference to an older toolchain version. This can cause compatiblity issues with the image enabled buffer overrun protection option, and result in partial vulnerability mitigation coverage. Lowers grade to C.
SC31503	Detected that image_rich_header_t::product list includes a reference to an older toolchain version. This can cause compatiblity issues with the image enabled safe exception handling option, and result in partial vulnerability mitigation coverage. Lowers grade to C.
SC31504	Detected that image_rich_header_t::product list includes a reference to an older toolchain version. This can cause compatiblity issues when the image is compiled with SDL protection enabled, and result in partial vulnerability mitigation coverage. Lowers grade to C.
SC31505	Detected that image_rich_header_t::product list includes a reference to an older toolchain version. This can cause compatiblity issues with the image enabled control flow guard protection, and result in partial vulnerability mitigation coverage. Lowers grade to B.
SC31506	Detected that image_rich_header_t::product list includes a reference to an older toolchain version. This can cause compatiblity issues with the cast guard protection, and result in partial vulnerability mitigation coverage. Lowers grade to B.
SC32001	Invalid file_header_t::number_of_sections value. When file has no sections, the headers gain RWE attributes and any code can change them in memory. Lowers grade to F.
SC32002	Invalid file_header_t::size_of_optional_headers value. When this value is lower than its minimum, overlapping with data directories or sections may occur. Lowers grade to C.
SC32003	Invalid file_header_t::size_of_optional_headers value. When this value is greater than its maximum, overlapping with first section may occur. Lowers grade to F.
SC32004	Non-optimal file_header_t::characteristics value. File has relocations stripped, which eliminates the possibility of ASLR being used. Lowers grade to C.
SC32005	Non-optimal file_header_t::characteristics value. File isn't large address aware, which reduces the maximum effectiveness of the ASLR option. Lowers grade to B.
SC32006	Non-optimal file_header_t::characteristics value. File has relocations stripped while requesting ASLR support. For Intel x86 images relocations are required for ASLR mitigation to be enabled. Lowers grade to D.
SC32007	Non-optimal file_header_t::characteristics value. File contains relocation information without requesting the opt-in ASLR support. Some operating system configurations might still use relocations for ASLR enforcement. Lowers grade to B.
SC33001	Unexpected optional_header_t::image_base value. Invalid image base value will force executable file to always relocate. Unset image base can force predicable relocation to first granularity base. Lowers grade to D.
SC33002	Unexpected optional_header_t::image_base value. Default image base value is in the range reserved for the operating system. High image base value can force predicable relocation to first granularity base. Lowers grade to D.
SC33003	Unexpected optional_header_t::image_base value. Default image base value is lower than 4GB. For 64bit images this triggers ASLR compatibility mode, which reduces the maximum effectiveness of the mitigation option. Lowers grade to B.
SC33004	Unexpected optional_header_t::address_of_entry_point value. The entry point resides in headers, which causes data and code to overlap. Lowers grade to F.
SC33005	Unexpected optional_header_t::address_of_entry_point value. The entry point resides in a writable section, which makes it possible to change code while executing. Lowers grade to F.
SC33006	Unexpected optional_header_t::address_of_entry_point value. The driver entry point resides in a writable section, which makes it possible to change code while executing. Lowers grade to D.
SC33007	Unexpected optional_header_t::address_of_entry_point value. The entry point for executable images must exist or else a piece of header will be evaluated as code. Lowers grade to F.
SC33008	Unexpected optional_header_t::section_alignment value. Overlap between headers and first section has been detected. In case the first section has RWE attributes, the headers will need to have the same access. Lowers grade to F.
SC33009	Unexpected optional_header_t::file_alignment value. Overlap between headers and first section has been detected. In case the first section has RWE attributes, the headers will need to have the same access. Lowers grade to F.
SC33010	Unexpected optional_header_t::size_of_headers value. Minimalization of raw headers can lead to unintended consequences, such as overlap with the first section or partial section load in memory. Lowers grade to F.
SC33011	Unexpected optional_header_t::size_of_headers value. Maximization of raw headers can lead to unintended consequences, such as overlap with the first section or partial section load in memory. In a special case, headers and first section can overlap in such a way the headers read from disk are not equal to those in memory. Lowers grade to F.
SC33012	Detected security mitigation policy issue in optional_header_t::dll_characteristics. Data execution prevention feature flag is not set. Lowers grade to D.
SC33013	Detected security mitigation policy issue in optional_header_t::dll_characteristics. Control flow guard feature flag is not set. Lowers grade to B.
SC33014	Detected security mitigation policy issue in optional_header_t::dll_characteristics. Address space layout randomization feature flag is not set. Lowers grade to C.
SC33015	Detected security mitigation policy issue in optional_header_t::dll_characteristics. No isolation protection feature flag is set. This may cause unintended libraries to be dynamically loaded by the system. Lowers grade to C.
SC33016	Detected security mitigation policy issue in optional_header_t::dll_characteristics. High entropy flag is not enabled. This reduces the address space layer randomization effectivness for 64bit images. Lowers grade to B.
SC33017	Detected security mitigation policy issue in optional_header_t::dll_characteristics. Data execution prevention feature flag is set. However, since all file sections have execute access, its effect is negated for static variables. Lowers grade to D.
SC33018	Detected security mitigation policy issue in optional_header_t::dll_characteristics. Force integrity feature flag is set. However, since the file is not digitally signed the application will refuse to run. Lowers grade to F.
SC34001	Detected that all file sections have execute access. This action violates the data and code separation rules. Lowers grade to D.
SC34002	Unexpected image_section_header_t::pointer_to_raw_data value. Sections are mapping header information to their own address space, which may lead to misuse of header information. Lowers grade to F.
SC34003	Unsafe image_section_header_t::characteristics flag detected. Detected a BSS region with executable attributes. This action violates the data and code separation rules. Lowers grade to D.
SC34004	Unsafe image_section_header_t::characteristics flag detected. Sections are sharing their uninitialized RW access content with other active processes with the same name. This can cause uninitialized data to obtain unexpected values when a process copy is created. Lowers grade to F.
SC38000	Detected that different data tables overlap with each other and/or with file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38001	Detected binding to library from a remote file location. The library that the file is bound to is on a remote server, which can lead to library hijacking or unintended files being loaded. Lowers grade to F.
SC38051	Detected writing delay function pointers to file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38052	Detected loading a delay library from a remote file location. The library that the file is bound to is on a remote server, which can lead to library hijacking or unintended files being loaded. Lowers grade to F.
SC38053	Detected that delay import thunk are present in a segment with writable access. This exposes the delay load functions to risks of pointer hijacking. Lowers grade to C.
SC38054	Detected an attempt to delay load a library which has no assigned thunks. This can lead to improper data table validation by third-party tools. Lowers grade to F.
SC38101	Detected writing import function pointers to file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38102	Detected loading an import library from a remote file location. The library that the file is bound to is on a remote server, which can lead to library hijacking or unintended files being loaded. Lowers grade to F.
SC38103	Detected that import thunk are present in a segment with writable access. This exposes the imported functions to risks of pointer hijacking. Lowers grade to D.
SC38104	Detected an attempt to load a library which has no assigned thunks. This can lead to improper data table validation by third-party tools. Lowers grade to F.
SC38151	Detected exporting symbol pointer to an address within file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38152	Detected that export symbol pointers are present in a segment with writable access. This exposes the exported symbols to risks of pointer hijacking. Lowers grade to D.
SC38201	Detected callback address registered within file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38202	Detected TLS index address registered within file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38203	Detected raw TLS start address registered within file headers. This action causes the loader to copy parts of the header to memory each time the thread is started. Lowers grade to F.
SC38204	Detected writable TLS callback section attributes. Code could modify the callback table at runtime and change application behavior. Lowers grade to D.
SC38251	Detected that resource entries are present in a segment with executable access. This action violates the data and code separation rules. Lowers grade to F.
SC38252	Detected that resource entries are present in a segment with writable access. This exposes the resource table and entries to risks of content modification. Lowers grade to C.
SC38253	Detected that resource manifest is present in a image that requests not to be isolated. This may cause the operating system to load an unexpected library dependency version. Lowers grade to C.
SC38301	Detected that exception entries are present in a segment with writable access. This exposes the exception table and entries to risks of content modification. Lowers grade to C.
SC38351	Detected relocation entry that affects the headers. This action violates the data and code separation rules. Lowers grade to F.
SC38352	Detected duplication within relocation entries. This action can cause local code and data pointers to refer to memory that resides outside the image. Lowers grade to F.
SC38353	Detected relocation that affects other relocation entries. This action directly changes the relocation table while the table is being processed. Lowers grade to F.
SC38451	Detected lock prefix configuration entry that affects the headers. This action violates the data and code separation rules. Lowers grade to F.
SC38452	Detected SEH table configuration entry that resides within the headers. This action violates the data and code separation rules. Lowers grade to F.
SC38453	Detected exception handler continuation table configuration entry that resides within the headers. This action violates the data and code separation rules. Lowers grade to F.
SC38454	Detected control flow guard configuration entry that resides within the headers. This action violates the data and code separation rules. Lowers grade to F.
SC38455	Detected long jump table entry returning to file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38456	Detected writing import function pointers to file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38457	Detected execution of control flow guard check function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38458	Detected execution of control flow guard dispatch function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38459	Detected execution of extreme control flow guard check function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38460	Detected execution of extreme control flow guard dispatch function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38461	Detected execution of extreme control flow guard dispatch table function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38462	Detected execution of return flow guard failure function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38463	Detected execution of return flow guard failure pointer function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38464	Detected execution of return flow guard stack verify function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38465	Detected execution of cast guard failure function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38466	Detected execution of memory copy guard function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38467	Detected improperly aligned image_load_config_directory*_t::cfg_function_table address. If the first instruction of the function is not aligned to 16 bytes, the guarded area is expanded to surrounding code. Lowers grade to C.
SC38468	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Control flow guard is not enabled. Lowers grade to B.
SC38469	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Extreme control flow guard is not enabled. No impact to the final grade at this time.
SC38470	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Export suppression is not enabled. No impact to the final grade at this time.
SC38471	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Export suppression information is not present even though the library contains exports. This is highly recommended, as executables might not load this library correctly. Lowers grade to B.
SC38472	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Security cookie is not enabled. Lowers grade to C.
SC38473	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Security cookie is enabled but not present. Lowers grade to C.
SC38474	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Long jump target protection is not enabled. Lowers grade to B.
SC38475	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Cast guard protection is not enabled. No impact to the final grade at this time.
SC38476	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Memory copy protection is not enabled. No impact to the final grade at this time.
SC38477	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Delayed import load protection is not enabled. Lowers grade to B.
SC38478	Detected security mitigation policy issue in image_load_config_directory*_t::cfg_guard_flags. Exception handler continuation guard is not enabled. No impact to the final grade at this time.
SC38479	Detected security mitigation policy issue in image_load_config_directory*_t::process_heap_flags. Default process heap has RWE attributes. This negates any data execution prevention mitigation that might be set. Lowers grade to D.
SC38480	Detected that the image was not compiled with safe exception target list. SafeSEH is a recommended security mitigation protection for all Intel x86 images. Lowers grade to C.
SC38481	Detected that debugging is permitted by the security enclave. This action lowers the overall security of the enclave. This option should only be used during development. Lowers grade to D.
SC38482	Detected dynamic relocation entry that affects the headers. This action violates the data and code separation rules. Lowers grade to F.
SC38483	Detected writing WowA64 exception handler function pointer to file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38484	Detected writing WowA64 dispatch call function pointer to file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38485	Detected writing WowA64 dispatch indirect call function pointer to file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38486	Detected writing WowA64 dispatch indirect CFG checked call function pointer to file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38487	Detected writing WowA64 dispatch return function pointer to file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38488	Detected writing WowA64 dispatch leaf return function pointer to file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38489	Detected writing WowA64 dispatch jump function pointer to file headers. This action causes the loader to unexpectedly change the header content during file load. Lowers grade to F.
SC38490	Detected execution of auxiliary import function from file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38491	Detected loading an enclave import library from a remote file location. The library that the file is bound to is on a remote server, which can lead to library hijacking or unintended files being loaded. Lowers grade to F.
SC38492	Detected lock prefix table presence in a segment with writable access. This exposes data table entries to risks of pointer hijacking. Lowers grade to D.
SC38493	Detected safe exception target table presence in a segment with writable access. This exposes data table entries to risks of pointer hijacking. Lowers grade to D.
SC38494	Detected exception handler continuation table presence in a segment with writable access. This exposes data table entries to risks of pointer hijacking. Lowers grade to D.
SC38495	Detected control flow guard table presence in a segment with writable access. This exposes data table entries to risks of pointer hijacking. Lowers grade to D.
SC38496	Detected long jump guard table presence in a segment with writable access. This exposes data table entries to risks of pointer hijacking. Lowers grade to D.
SC38497	Detected taken import address table presence in a segment with writable access. This exposes data table entries to risks of pointer hijacking. Lowers grade to D.
SC38601	Detected loading debug symbols from a remote file location. The bound file containing debug symbols is on a remote server, which can lead to database hijacking or unintended files being loaded. Lowers grade to F.
SC38602	Detected an omitted stack frame registered within file headers. This action violates the data and code separation rules. Lowers grade to F.
SC38603	Detected fixup entry that affects the headers. This action violates the data and code separation rules. Lowers grade to F.
SC38604	Detected that buffer overrun mitigation is ineffective. The executable image is responsible for its own security cookie value initialization. The operating system is more likely to compute a better randomly generated value. Lowers grade to B.
SC38605	Detected that buffer overrun mitigation is ineffective. It is unlikely that the compiled file has no functions that need to be protected with the enabled mitigation option. Lowers grade to C.
SC38606	Detected security mitigation policy issue in vc_feature_data_t::sdl_count. Its value indicates that the file was compiled without following the recommended SDL process. Lowers grade to C.
SC38607	Detected that control flow guard mitigation is ineffective. It is unlikely that the compiled file has no functions that need to be protected with the enabled mitigation option. Lowers grade to C.
SC38608	Detected security mitigation policy issue in vc_feature_data_t::guard_count. Its value indicates that the file has no control flow guard protections enabled. Lowers grade to C.
SC38609	Detected that portable PDB integrity is verified with an insecure hash algorithm. The selected algorithm is considered less secure than the default SHA256 option. Lowers grade to C.
SC38610	Detected security mitigation policy issue in dll_extended_data_t::flags. The image is not compatible with Intel Control Flow Enforcement Technology. No impact to the final grade at this time.
SC38611	Detected security mitigation policy issue in dll_extended_data_t::flags. Enabling relaxed context instruction pointer checks reduces Intel Control Flow Enforcement Technology protection level. Lowers grade to B.
SC38612	Detected security mitigation policy issue in dll_extended_data_t::flags. Enabling dynamic APIs to be executed in process reduces Intel Control Flow Enforcement Technology protection level. Lowers grade to B.
SC38613	Detected security mitigation policy issue in dll_extended_data_t::flags. Image is configured to downgrade Intel Control Flow Enforcement Technology protection level. Lowers grade to B.
SC39000	Detected that the image was compiled with the intent to follow the SDL best practices. The use of banned functions indicates that the SDL process could be further improved. Lowers grade to B.
SC39100	Detected the use of SDLC banned function kernel32.CopyMemory. Using this function may lead to unintended memory blocks being overwritten. Lowers grade to C.
SC39101	Detected the use of SDLC banned function ntdll.RtlCopyMemory. Using this function may lead to unintended memory blocks being overwritten. Lowers grade to C.
SC39102	Detected the use of SDLC banned function msvcrt.memcpy. Using this function may lead to unintended memory blocks being overwritten. Lowers grade to D.
SC39103	Detected the use of SDLC banned function msvcrt.wmemcpy. Using this function may lead to unintended memory blocks being overwritten. Lowers grade to D.
SC39104	Detected the use of SDLC banned function msvcrt.alloca. Use of this function is considered unsafe because it's an unbound stack allocation operation. Lowers grade to D.
SC39105	Detected the use of SDLC banned function msvcrt._alloca. Use of this function is considered unsafe because it's an unbound stack allocation operation. Lowers grade to D.
SC39106	Detected the use of SDLC banned function kernel32.IsBadWritePtr. Using this function may lead to logic errors being suppressed. Lowers grade to D.
SC39107	Detected the use of SDLC banned function kernel32.IsBadHugeWritePtr. Using this function may lead to logic errors being suppressed. Lowers grade to D.
SC39108	Detected the use of SDLC banned function kernel32.IsBadReadPtr. Using this function may lead to logic errors being suppressed. Lowers grade to D.
SC39109	Detected the use of SDLC banned function kernel32.IsBadHugeReadPtr. Using this function may lead to logic errors being suppressed. Lowers grade to D.
SC39110	Detected the use of SDLC banned function kernel32.IsBadCodePtr. Using this function may lead to logic errors being suppressed. Lowers grade to D.
SC39111	Detected the use of SDLC banned function kernel32.IsBadStringPtr. Using this function may lead to logic errors being suppressed. Lowers grade to D.
SC39112	Detected the use of SDLC banned function user32.CharToOemA. Using this function incorrectly can compromise the security of your application. Lowers grade to D.
SC39113	Detected the use of SDLC banned function user32.CharToOemW. Using this function incorrectly can compromise the security of your application. Lowers grade to D.
SC39114	Detected the use of SDLC banned function user32.OemToCharA. Using this function incorrectly can compromise the security of your application. Lowers grade to D.
SC39115	Detected the use of SDLC banned function user32.OemToCharW. Using this function incorrectly can compromise the security of your application. Lowers grade to D.
SC39116	Detected the use of SDLC banned function user32.CharToOemBuffA. Using this function incorrectly can compromise the security of your application. Lowers grade to D.
SC39117	Detected the use of SDLC banned function user32.CharToOemBuffW. Using this function incorrectly can compromise the security of your application. Lowers grade to D.
SC39118	Detected the use of SDLC banned function user32.ChangeWindowMessageFilter. Use of this function is not recommended, as it has process-wide scope. Consider using user32.ChangeWindowMessageFilterEx instead. Lowers grade to D.
SC39119	Detected the use of SDLC banned function msvcrt._mbscpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39120	Detected the use of SDLC banned function msvcrt._mbccpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39121	Detected the use of SDLC banned function msvcrt._mbscat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39122	Detected the use of SDLC banned function msvcrt._mbccat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39123	Detected the use of SDLC banned function msvcrt._tccpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39124	Detected the use of SDLC banned function msvcrt._tcscpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39125	Detected the use of SDLC banned function msvcrt._tccat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39126	Detected the use of SDLC banned function msvcrt._ftcscpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39127	Detected the use of SDLC banned function msvcrt._ftcscat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39128	Detected the use of SDLC banned function msvcrt._mbsncpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39129	Detected the use of SDLC banned function msvcrt._mbsncat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39130	Detected the use of SDLC banned function msvcrt._mbsnbcpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39131	Detected the use of SDLC banned function msvcrt._mbsnbcat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39132	Detected the use of SDLC banned function msvcrt._tcsncpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39133	Detected the use of SDLC banned function msvcrt._tcsncat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39134	Detected the use of SDLC banned function msvcrt.strcpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39135	Detected the use of SDLC banned function msvcrt.strcat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39136	Detected the use of SDLC banned function msvcrt.wcscpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39137	Detected the use of SDLC banned function msvcrt.wcscat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39138	Detected the use of SDLC banned function msvcrt.strncpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39139	Detected the use of SDLC banned function msvcrt.strncat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39140	Detected the use of SDLC banned function msvcrt.wcsncpy. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39141	Detected the use of SDLC banned function msvcrt.wcsncat. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39142	Detected the use of SDLC banned function msvcrt.gets. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39143	Detected the use of SDLC banned function msvcrt._getts. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39144	Detected the use of SDLC banned function msvcrt._gettws. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39145	Detected the use of SDLC banned function msvcrt.sprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39146	Detected the use of SDLC banned function msvcrt.swprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39147	Detected the use of SDLC banned function msvcrt._stprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39148	Detected the use of SDLC banned function msvcrt.vsprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39149	Detected the use of SDLC banned function msvcrt.vswprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39150	Detected the use of SDLC banned function msvcrt._vstprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39151	Detected the use of SDLC banned function msvcrt.strtok. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39152	Detected the use of SDLC banned function msvcrt.wcstok. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39153	Detected the use of SDLC banned function msvcrt._mbstok. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39154	Detected the use of SDLC banned function msvcrt._tcstok. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39155	Detected the use of SDLC banned function msvcrt.makepath. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39156	Detected the use of SDLC banned function msvcrt._makepath. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39157	Detected the use of SDLC banned function msvcrt._wmakepath. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39158	Detected the use of SDLC banned function msvcrt._tmakepath. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39159	Detected the use of SDLC banned function msvcrt._splitpath. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39160	Detected the use of SDLC banned function msvcrt._tsplitpath. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39161	Detected the use of SDLC banned function msvcrt._wsplitpath. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39162	Detected the use of SDLC banned function msvcrt._snprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39163	Detected the use of SDLC banned function msvcrt._snwprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39164	Detected the use of SDLC banned function msvcrt._sntprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39165	Detected the use of SDLC banned function msvcrt.vsnprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39166	Detected the use of SDLC banned function msvcrt._vsnprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39167	Detected the use of SDLC banned function msvcrt._vsnwprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39168	Detected the use of SDLC banned function msvcrt._vsntprintf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39169	Detected the use of SDLC banned function msvcrt.scanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39170	Detected the use of SDLC banned function msvcrt.sscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39171	Detected the use of SDLC banned function msvcrt.wscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39172	Detected the use of SDLC banned function msvcrt.swscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39173	Detected the use of SDLC banned function msvcrt.snscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39174	Detected the use of SDLC banned function msvcrt.snwscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39175	Detected the use of SDLC banned function msvcrt._tscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39176	Detected the use of SDLC banned function msvcrt._stscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39177	Detected the use of SDLC banned function msvcrt._sntscanf. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39178	Detected the use of SDLC banned function msvcrt._itoa. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39179	Detected the use of SDLC banned function msvcrt._itow. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39180	Detected the use of SDLC banned function msvcrt._i64toa. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39181	Detected the use of SDLC banned function msvcrt._i64tow. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39182	Detected the use of SDLC banned function msvcrt._ui64toa. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39183	Detected the use of SDLC banned function msvcrt._ui64tot. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39184	Detected the use of SDLC banned function msvcrt._ui64tow. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39185	Detected the use of SDLC banned function msvcrt._ultoa. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39186	Detected the use of SDLC banned function msvcrt._ultot. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39187	Detected the use of SDLC banned function msvcrt._ultow. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39188	Detected the use of SDLC banned function msvcrt.strlen. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39189	Detected the use of SDLC banned function msvcrt.wcslen. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39190	Detected the use of SDLC banned function msvcrt._mbslen. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39191	Detected the use of SDLC banned function msvcrt._mbstrlen. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39192	Detected the use of SDLC banned function kernel32.lstrcpyA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39193	Detected the use of SDLC banned function kernel32.lstrcpyW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39194	Detected the use of SDLC banned function kernel32.lstrcpynA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39195	Detected the use of SDLC banned function kernel32.lstrcpynW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39196	Detected the use of SDLC banned function kernel32.lstrcatA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39197	Detected the use of SDLC banned function kernel32.lstrcatW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39198	Detected the use of SDLC banned function kernel32.lstrcatnA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39199	Detected the use of SDLC banned function kernel32.lstrcatnW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39200	Detected the use of SDLC banned function user32.wsprintfA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39201	Detected the use of SDLC banned function user32.wsprintfW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39202	Detected the use of SDLC banned function shlwapi.wvsprintfA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39203	Detected the use of SDLC banned function shlwapi.wvsprintfW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39204	Detected the use of SDLC banned function shlwapi.wnsprintfA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39205	Detected the use of SDLC banned function shlwapi.wnsprintfW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39206	Detected the use of SDLC banned function shlwapi.wvnsprintfA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39207	Detected the use of SDLC banned function shlwapi.wvnsprintfW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39208	Detected the use of SDLC banned function shlwapi.StrCpyA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39209	Detected the use of SDLC banned function shlwapi.StrCpyW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39210	Detected the use of SDLC banned function shlwapi.StrCpyNA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39211	Detected the use of SDLC banned function shlwapi.StrCpyNW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39212	Detected the use of SDLC banned function shlwapi.StrNCpyA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39213	Detected the use of SDLC banned function shlwapi.StrNCpyW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39214	Detected the use of SDLC banned function shlwapi.StrCatA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39215	Detected the use of SDLC banned function shlwapi.StrCatW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39216	Detected the use of SDLC banned function shlwapi.StrCatNA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39217	Detected the use of SDLC banned function shlwapi.StrCatNW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39218	Detected the use of SDLC banned function shlwapi.StrNCatA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39219	Detected the use of SDLC banned function shlwapi.StrNCatW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to C.
SC39220	Detected the use of SDLC banned function shlwapi.StrCatBuffA. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39221	Detected the use of SDLC banned function shlwapi.StrCatBuffW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.
SC39222	Detected the use of SDLC banned function shlwapi.StrCatChainW. Use of this function is considered unsafe because it's an unbound string operation. Lowers grade to D.