security problem

Mr.NoName

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
163
since i use some product i will not say it's name because i win it ...
i have problem with it!!
the problem is that when i start some new app that don't have dig sig the software don't give it a signal so i can block it if it is a virus or malware at all so do you have some advice on how to make my own dig sig checker or some info what is inside of it i saw a few tuts about it but they ware wrong
 
  • Like
Reactions: Logethica
W

Wave

Agreed with @Logethica since UAC is really useful but gets underrated by so many people.:eek:

Logethica said:
@Mr.NoName ....
What OS are you using?.....Both SmartScreen and UAC will give a prompt before an app with an unverified signature is allowed to run.
Click to expand...
Sadly he won't be able to use SmartScreen on the system as a whole on W7 but he can on IE-only. If he tries to run a program as admin he'll also be able to see the Publisher and he can check if it's Unknown or not (as long as he enables UAC..). :)
 
  • Like
Reactions: ravi prakash saini, Deleted Member 3a5v73x, frogboy and 2 others
Mr.NoName

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
163
done it's the same just the program is junk !!! ... so if you or else have some wiki info or PDF send it the program is tested in a lot of versions of windows so nothing happens
 
  • Like
Reactions: Logethica
W

Wave

Mr.NoName said:
done it's the same just the program is junk !!! ... so if you or else have some wiki info or PDF send it the program is tested in a lot of versions of windows so nothing happens
Click to expand...
UAC is actually really good & useful but only if you understand how to use it. Some people don't know how to use it properly and believe it's bad because they thought it was meant to auto-protect them from malware or something. The point is to prevent programs from running as admin so the program can't do things it wouldn't normally be allowed to do without the user granting permission, but if you disable UAC then any program can be elevated and do things which can be bad without you knowing.. A lot of malware can't even function without admin rights! Better? :)
 
  • Like
Reactions: Deleted Member 3a5v73x, DardiM, frogboy and 2 others
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
UAC at the maximum level should serve the good safety indicator that even unsigned signature will undergo for approval.

Ransomware based strands are highly known to bypass UAC even you click no.

It is not necessarily mean useless, of course majority of threats all the time can prevent running because of UAC pending request.
 
  • Like
Reactions: ravi prakash saini, Wave, Deleted Member 3a5v73x and 3 others
Mr.NoName

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
163
done with the uac but the same i think the program it self need to have good protection and monitoring because it's 60 US Dollars so i don't think i should do anything on windows settings .... and yes i take you advice's but still the same so any idea how to get program digital signature ? or you are going to explain me what else to do because i don't think anything that you will write will do the job
 
  • Like
Reactions: Logethica
DardiM

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Mr.NoName said:
since i use some product i will not say it's name because i win it ...
i have problem with it!!
the problem is that when i start some new app that don't have dig sig the software don't give it a signal so i can block it if it is a virus or malware at all so do you have some advice on how to make my own dig sig checker or some info what is inside of it i saw a few tuts about it but they ware wrong
Click to expand...
Give us the name, pls, it could be helpfull (first letter is a K ?)
 
  • Like
Reactions: ravi prakash saini, Andytay70, Deleted Member 3a5v73x and 1 other person
Logethica

Logethica

Level 13
Verified
Top Poster
Well-known
Jun 24, 2016
636
@Mr.NoName ..

Check for dangerous or unsigned Certificates using SigCheck

Check for Unsigned Certificates using SigCheck
Sigcheck can show the file version number, timestamp information, and digital signature details, including certificate chains. Additionally, the latest version now lets you upload a file for scanning, as well as check a file’s status on VirusTotal, which uses 40 antivirus engines.

To use SigCheck to scan your Windows computer for dangerous & unsafe Certificates, download it from Microsoft and extract the contents of the folder. Now to run the tool, press Shift+Right-click inside the folder. You will see an Open a command window here entry. Click on it.

The tool offers several parameters that you can use. As an example, in the Command Prompt window, you may type the following command for instance and hit Enter:

sigcheck64 -vt
If you are using a 64-bit system, use sigcheck64, else sigcheck.

When you run this command, the tool downloads a list of Trusted Certificates from Microsoft. It then compares your Certificates with this list and then lists those that are not present in the Trusted Certificates list.

If you do find any certificates, you may want to investigate further. If you feel they are dangerous, you may want to remove them. This post will show you how to manage Root Certificates. The Certificate Manager or certmgr.msc in Windows lets you see details about your certificates, export, import, modify, delete or request new certificates. You may also check details about the program which has installed it, and if you can do without the program, you could also consider uninstalling that software.

Use SigCheck to scan folder for unsigned files with VirusTotal

To scan all the files in a folder for unsigned files, you could, for example, use the following command:

sigcheck -u -e c:\windows\system32\
To see the entire list of parameters and the functions they perform, and to download SigCheck, visit Microsoft.
 
  • Like
Reactions: Mr.NoName, Jack, frogboy and 2 others
W

Wave

You might like AppLocker as it has the ability to block unsigned programs from running.. :)

This rule prevents unsigned applications from running. Before implementing this rule, ensure that all of the files that you want to run in your organization are digitally signed. If any applications are not signed, consider implementing an internal signing process to sign unsigned applications with an internal signing key.
Click to expand...

Allowing Only Signed Application to Run
 
  • Like
Reactions: Deleted Member 3a5v73x, Mr.NoName, Logethica and 1 other person
H

hjlbx

Mr.NoName said:
since i use some product i will not say it's name because i win it ...
i have problem with it!!
the problem is that when i start some new app that don't have dig sig the software don't give it a signal so i can block it if it is a virus or malware at all so do you have some advice on how to make my own dig sig checker or some info what is inside of it i saw a few tuts about it but they ware wrong
Click to expand...

Sorry, it is unclear what you want to do, but I will give it my best shot...

You are looking for a utility to verify a file's digital signature ? IF yes, try SysInternals sigcheck:

Sigcheck

You are looking for a way to verify a file is safe (remember, undetected does NOT necessarily = SAFE) ? IF yes, try VirusTotal Uploader or PhrozenSoft Winja:

VirusTotal Windows Uploader - VirusTotal

Phrozen Software™ - Official Website

For a more definitive file evaluation, you can try Malwr Cuckoo Sandbox, Hybrid-Analysis Cuckoo Sandbox or COMODO Valkyrie. All are free online services.

However, those require at least intermediate - if not advanced - knowledge to interpret the emulation test reports.

You can use Shadow Defender, HDS Rx products, Sandboxie, Voodooshield (built-in Cuckoo Sandbox submission and Artificial Intelligence scoring) or a virtual machine to execute unknown\untrusted files and observe their behavior.

There is no simple, straight-forward way to manually analyze a sample to determine whether or not it is safe.

That being said, the last group is the most simple in terms of ease-of-use. Shadow Defender and HDS Reboot Restore Rx are easy to use. Reboot Restore Rx is freeware, Shadow Defender is paid.
 
Last edited by a moderator:
  • Like
Reactions: Mr.NoName, Logethica, Deleted Member 3a5v73x and 1 other person
Mr.NoName

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
163
davisd said:
Unless you are doing some illegal activities with "cracks/patches" involved @Mr.NoName, i see no reason for you to not disclose the information what files/program you want to get "signed".
Click to expand...
i want to get only the windows exe files nothing else so i can make some little program to tell me if there is something like rouge or unwanted software to be run on my system !
 
  • Like
Reactions: Logethica and DardiM
Mr.NoName

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
163
Logethica said:
@Mr.NoName ..

Check for dangerous or unsigned Certificates using SigCheck

Check for Unsigned Certificates using SigCheck
Sigcheck can show the file version number, timestamp information, and digital signature details, including certificate chains. Additionally, the latest version now lets you upload a file for scanning, as well as check a file’s status on VirusTotal, which uses 40 antivirus engines.

To use SigCheck to scan your Windows computer for dangerous & unsafe Certificates, download it from Microsoft and extract the contents of the folder. Now to run the tool, press Shift+Right-click inside the folder. You will see an Open a command window here entry. Click on it.

The tool offers several parameters that you can use. As an example, in the Command Prompt window, you may type the following command for instance and hit Enter:

sigcheck64 -vt
If you are using a 64-bit system, use sigcheck64, else sigcheck.

When you run this command, the tool downloads a list of Trusted Certificates from Microsoft. It then compares your Certificates with this list and then lists those that are not present in the Trusted Certificates list.

If you do find any certificates, you may want to investigate further. If you feel they are dangerous, you may want to remove them. This post will show you how to manage Root Certificates. The Certificate Manager or certmgr.msc in Windows lets you see details about your certificates, export, import, modify, delete or request new certificates. You may also check details about the program which has installed it, and if you can do without the program, you could also consider uninstalling that software.

Use SigCheck to scan folder for unsigned files with VirusTotal

To scan all the files in a folder for unsigned files, you could, for example, use the following command:

sigcheck -u -e c:\windows\system32\
To see the entire list of parameters and the functions they perform, and to download SigCheck, visit Microsoft.
Click to expand...
thanks for the help and you are welcome !!!
 
  • Like
Reactions: Logethica and DardiM
You must log in or register to reply here.

Similar threads

G
Serious Discussion Trustd Mobile Security any good?
Replies
6
Views
418
General Security Discussions
Trident
Trident
danb
    • Like
    • +Reputation
Serious Discussion WDAC vs Kernel Mode Drivers
Replies
19
Views
1,040
General Security Discussions
danb
danb
Gandalf_The_Grey
    • Like
Hot Take OneDrive trap: Some folder names can prevent synchronization
Replies
1
Views
175
Cloud storage, file sharing and encryption
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top