On the VDA's Windows Event Log error entries with a description starting with “Windows is unable to verify the image integrity of the file MfApHook64.dll” are added to the Code Integrity operational log (in Applications and Services Logs > Microsoft > Windows > CodeIntegrity).
Event Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Citrix\System32\MfApHook64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Event ID: 3004
Level: Error
Channel: Microsoft-Windows-CodeIntegrity/Operational

Solution 1
If additional LSA protection is configured, you must upgrade the VDA to the following versions:

• Single-session desktop OS
  • Explicit and FAS authentication: Virtual Apps and Desktops 7 1906 and later
  • Smart Card Authentication: Virtual Apps and Desktops 7 1912 and later
• Multi-session server OS: Virtual Apps and Desktops 7 1912 and later

Solution 2
If additional LSA protection is not configured, these events can be safely ignored because they do not adversely affect functionality of any Citrix component. This issue has been investigated and it was determined to not be a Citrix issue. The MfApHook64 DLL is signed correctly.

The validity of the MfApHook64 DLL signature can be verified on the VDA by using Windows Explorer, navigating to ‘C:\Program Files\Citrix\System32’ (on a single-session desktop OS VDA) or ‘C:\Program Files (x86)\Citrix\System32 (on a multi-session server OS VDA), selecting the MfApHook64.dll file, right-clicking and choosing Properties and selecting the Digital Signatures tab.