Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Glasswire's SHA-256 hash doesn't match the one listed on their website
Message
<blockquote data-quote="Freki123" data-source="post: 1035000" data-attributes="member: 11229"><p>I can't answer that part. I can only tell you that I have some files (e.g game installer) that were counted as signed and after I applied the "registry fix" the "digital signatures" tab was gone. So before the "tweak" windows treated them as signed and afterwards they were not signed anymore for windows.</p><p></p><p>[SPOILER="MS sec advisor"][URL unfurl="true"]https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2014/2915720?redirectedfrom=MSDN[/URL][/SPOILER]</p><p>Quotes from it:</p><p>However, as we worked with customers to adapt to this change, <strong>we determined that the impact to existing software could be high</strong>. Therefore, Microsoft no longer plans to enforce the stricter verification behavior as a default requirement. The underlying functionality for stricter verification remains in place, however, and can be enabled at customer discretion.</p><p></p><p>Is there any possibility of a signature being recognized as<strong> non-compliant </strong>with the stricter verification process if I sign using non-Microsoft-provided signing tools?</p><p>Yes. <strong>For customers opting to enable the stricter verification behavior, signing binaries with non-Microsoft-provided signing tools runs the risk of signatures being recognized as non-compliant with the stricter verification behavior.</strong> Using Microsoft products, or signature tools Microsoft provides, such as signtool.exe, helps to ensure that signatures are recognized as compliant.</p><p></p><p>Tldr: My guess is the check is quite strict and some publisher never followed the recommendations to pass that strict checks.</p></blockquote><p></p>
[QUOTE="Freki123, post: 1035000, member: 11229"] I can't answer that part. I can only tell you that I have some files (e.g game installer) that were counted as signed and after I applied the "registry fix" the "digital signatures" tab was gone. So before the "tweak" windows treated them as signed and afterwards they were not signed anymore for windows. [SPOILER="MS sec advisor"][URL unfurl="true"]https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2014/2915720?redirectedfrom=MSDN[/URL][/SPOILER] Quotes from it: However, as we worked with customers to adapt to this change, [B]we determined that the impact to existing software could be high[/B]. Therefore, Microsoft no longer plans to enforce the stricter verification behavior as a default requirement. The underlying functionality for stricter verification remains in place, however, and can be enabled at customer discretion. Is there any possibility of a signature being recognized as[B] non-compliant [/B]with the stricter verification process if I sign using non-Microsoft-provided signing tools? Yes. [B]For customers opting to enable the stricter verification behavior, signing binaries with non-Microsoft-provided signing tools runs the risk of signatures being recognized as non-compliant with the stricter verification behavior.[/B] Using Microsoft products, or signature tools Microsoft provides, such as signtool.exe, helps to ensure that signatures are recognized as compliant. Tldr: My guess is the check is quite strict and some publisher never followed the recommendations to pass that strict checks. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
