- Apr 16, 2017
- 2,445
I saw that Windows Firewall Control blocked outgoing file \system32\MoUsoCoreWorker.exe hash= 1641BC777962A0522E6C75641DBD2A0E72D84DCC3FC734B609ED51D5D027E1F7
VT reports it clean, published by MS but not signed. MS Update Session Orchestrator. I vaguely understood that older MS files were signed a different way, but this is supposedly a relatively recent MS file, so I would expect analysis to see it as digitally signed with valid signature. I did an internet search but did not find anything helpful to explain this. Does anyone have an explanation for this, and perhaps a link to an source for more info.
thanks.
VT reports it clean, published by MS but not signed. MS Update Session Orchestrator. I vaguely understood that older MS files were signed a different way, but this is supposedly a relatively recent MS file, so I would expect analysis to see it as digitally signed with valid signature. I did an internet search but did not find anything helpful to explain this. Does anyone have an explanation for this, and perhaps a link to an source for more info.
thanks.