ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > Finished Programs

DONE: Tool that lists digitally signed files from a folder/disk

<< < (11/18) > >>

skwire:
Hi, telealex, and welcome to the DonationCoder site.  I'm on holiday this week but I'll try to take a closer look at your post when I get back.

telealex:
Hi, telealex, and welcome to the DonationCoder site.  I'm on holiday this week but I'll try to take a closer look at your post when I get back.
-skwire (June 22, 2015, 07:59 PM)
--- End quote ---
many thanks

neverlight:
@skwire, There's also a new version of Sigcheck as of March 10, 2015.  ;)

reveal/hide changelogThis release of Sigcheck, a command-line tool that reports file version, code signing, and hash information, introduces import-hash reporting and support for files larger than 4 GB.


Kind regards,
Marius

pstein:
I started newest SigCheck GUI for all running processes and found some with a blue question mark.
Among them some important prcoesses like lsass.exe, csrss.exe and spoolsv.exe

What does a blue question mark mean?

They are not checked in Virustotal. Why not?

I cannot open the file location: Why not?

How can I verify otherwise that they are the correct/correctly signed original binaries from Microsoft?

Peter

skwire:
What does a blue question mark mean?-pstein (August 10, 2015, 11:50 PM)
--- End quote ---

In the Verified column, you should see some text.  "Signed" gets a green check mark; "Unsigned" gets red exclamation point; "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." gets a yellow exclamation point.  Any other text in there gets a blue question mark.  One example I've seen is, "The timestamp signature and/or certificate could not be verified or is malformed."

They are not checked in Virustotal. Why not?-pstein (August 10, 2015, 11:50 PM)
--- End quote ---

Are you saying that none of your files have VirusTotal URLs listed?  If so, do you have the appropriate option checked in the Options tab?  FWIW, the VirusTotal URLs appear to be working fine for me under W7/64.  Which OS are you using? 

I cannot open the file location: Why not?-pstein (August 10, 2015, 11:50 PM)
--- End quote ---

This took some research but should be fixed in the latest version.  In a nutshell, on 64-bit versions of Windows, 32-bit applications such as AutoHotkey run inside WOW64 so calls to certain 64-bit files were getting automatically redirected to the c:\Windows\SysWOW\64 folder.   :-\ :-\ :-\

How can I verify otherwise that they are the correct/correctly signed original binaries from Microsoft?-pstein (August 10, 2015, 11:50 PM)
--- End quote ---

Again, things appear to be working fine for me.  Which OS are you using?  Please note that I develop and test on Win7/64.  I sometimes test on XP if necessary.  I do not have W8 or W10.

Website | Download
v1.1.0 - 2015-08-11
    ! "Open file location" did not work properly for certain 64-bit files.
      (Thanks, pstein)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version