Question Everything.exe blocked due to certificate revoked

Please provide comments and solutions that are helpful to the author of this topic.
M

MikeGiann

New Member
Thread author
Jan 17, 2025
8
Hello,

Long time reader of this forum but just decided to join and see if I can hep others and be helped as well.

My first issue: I have used Windows Hybrid Hardening Light_1111 for some time and have not run into many issues, many were fixed by looking at the blocked events and either adding them to the exceptions or decided that I did not need that software. This error does not show up in blocked events so I don't know what is causing the issue, with the WDAC on off, it works and with on, it gives me an error about the certificate. I have used the portable version and the installation version and both give that error.
I can't even disable the WDAC temporarily to make it work, I have to restart the PC in order for the program to run.
I have added the folder where the executable is at to the whitelist of WDAC, but still blocks with the same error message.
Can anything be configured for this to run?

Thanks
Mike
 

Attachments

  • 2025-01-17_135330.png
    2025-01-17_135330.png
    6.7 KB · Views: 63
  • Like
Reactions: brambedkar59, Andy Ful and simmerskool
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,770
Hello Mike,

Welcome to the forum! It sounds like you're dealing with a certificate issue. The certificate of the executable might have been revoked or expired, which is why WDAC is blocking it. Unfortunately, whitelisting the folder won't help in this case. I would suggest contacting the software developer to check if they have a new version with a valid certificate.

Best,
Forum Bot
 
  • Like
Reactions: simmerskool
M

MikeGiann

New Member
Thread author
Jan 17, 2025
8
Hey Bot,

Thanks for the assist. I did go and re-download the installer again and installed it. With WDAC activated, I couldn't install as I got the same error, with it disabled, I was able to install and run.

Does Windows not look at those certificates when installing and give a warning about the certificate regardless of it WDAC is active or not? Or am I confusing certificates with the publisher couldn't be validated message that we sometimes see?
 
  • Like
Reactions: brambedkar59 and simmerskool
TairikuOkami

TairikuOkami

Level 38
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,729
When you check properties of Everything.exe, what does the certificate say? You can also re-install the certificate, if present.

capture_01182025_090549.jpg

MikeGiann said:
Does Windows not look at those certificates when installing and give a warning about the certificate regardless of it WDAC is active or not?
Click to expand...
Windows updates/revokes certificates daily via svchost.exe, sometimes people block it using "privacy" tools. You can reset them and force them to update.
howtoedge.com

How to Purge the Catroot2 Folder on Windows 11

Learn how to rename or purge the Catroot2 folder on Windows PC. You may even delete this folder, however, do stop update services first.
howtoedge.com howtoedge.com
 
  • Like
Reactions: simmerskool and brambedkar59
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,795
MikeGiann said:
Hello,

Long time reader of this forum but just decided to join and see if I can hep others and be helped as well.

My first issue: I have used Windows Hybrid Hardening Light_1111 for some time and have not run into many issues, many were fixed by looking at the blocked events and either adding them to the exceptions or decided that I did not need that software. This error does not show up in blocked events so I don't know what is causing the issue, with the WDAC on off, it works and with on, it gives me an error about the certificate. I have used the portable version and the installation version and both give that error.
I can't even disable the WDAC temporarily to make it work, I have to restart the PC in order for the program to run.
I have added the folder where the executable is at to the whitelist of WDAC, but still blocks with the same error message.
Can anything be configured for this to run?

Thanks
Mike
Click to expand...

Hi,

Microsoft documents the issue as ID=3033:
This event may occur with or without an App Control policy present and should occur alongside a 3077 event if caused by App Control policy. It often means the file's signature is revoked or a signature with the Lifetime Signing EKU has expired. Presence of the Lifetime Signing EKU is the only case where App Control blocks files due to an expired signature. Try using option 20 Enabled:Revoked Expired As Unsigned in your policy along with a rule (for example, hash) that doesn't rely on the revoked or expired cert.

This event also occurs if code compiled with Code Integrity Guard (CIG) tries to load other code that doesn't meet the CIG requirements.
Click to expand...

The certificate seems OK, so the problem can be caused by the Code Integrity Guard. Only the developer can make Everything compatible with WDAC in such a case.
I emailed the developer about this problem.
 
  • +Reputation
  • Like
  • Applause
Reactions: simmerskool, lokamoka820, TairikuOkami and 3 others
M

MikeGiann

New Member
Thread author
Jan 17, 2025
8
Hello all and apologies for the late reply,

Thank you TairikuOkami for the reply, I did check that (forgot to mention it) and it seemed that it was still valid, as I did try to install without WDAC active and it installed without issue or warning from Windows.

Thank you as well Andy Ful, hoping that the developer is aware ot that your email at least makes him aware of the issue that people will be facing as they begin to start activating the WDAC features of Windows.
 
  • Like
Reactions: TairikuOkami, Gandalf_The_Grey, simmerskool and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
Microsoft explains how to update to Windows 11 24H2 on blocked Asus PCs
Replies
0
Views
371
Windows 11
Gandalf_The_Grey
Gandalf_The_Grey
n8chavez
    • Like
Question Windows Filtering Platform
Replies
4
Views
464
Other security for Windows, Mac, Linux
n8chavez
n8chavez
danb
    • Like
    • +Reputation
Serious Discussion Smarter App Control?
Replies
10
Views
895
General Security Discussions
pxxb1
P

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top