logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: CERT_TRUST_IS_NOT_TIME_VALID causing blocks for signed files

App Control: CERT_TRUST_IS_NOT_TIME_VALID causing blocks for signed files

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions

Symptoms

The Agent is enforcing Execution Blocks due to CERT_TRUST_IS_NOT_TIME_VALID or Time Validity with messages similar to: 
File 'c:\program files (x86)\some vendor\file.dll' [a85a...f0dc] was blocked because it was unapproved. 
Publisher[Some Vendor, LLC (IneligibleForApproval: ChainIdx[0] CertId[29] Time Validity 
ValidFrom[11/13/2019 9:40:35 PM] ValidTo[2/11/2021 9:40:35 PM] SignatureTime[10/20/2023 3:00:32 AM])]

 

Cause

The vendor signed the file while using a certificate that had already expired. This can be confirmed by comparing the ValidTo and SignatureTime details in the Description of the Block Event: 
ValidFrom[11/13/2019 9:40:35 PM] ValidTo[2/11/2021 9:40:35 PM] SignatureTime[10/20/2023 3:00:32 AM])]

Resolution

This is a type of Validation Failure that will prevent Publisher Approvals from working for this file. An alternative Approval Method (Global Approval, Local Approval, Custom Rule, etc) will be required to allow the execution until the vendor is able to provide an updated file that has been signed correctly.

Additional Notes

  • Expired certificates are allowed by default; however, the file must be signed during the Validation Time Frame of the certificate used. If not, this could be an invalid/falsely signed file.
  • Certificate details can also be viewed/confirmed with the PowerShell command: 
    Get-AuthenticodeSignature -FilePath "C:\Path\To\File.dll" | Format-List

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-08-2020
Views:
2915
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.