Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

'Execution block' events with SignatureError '0x800B0101'

'Execution block' events with SignatureError '0x800B0101'

Version
All


Issue

Receiving 'Execution block' events with SignatureError '0x800B0101'

Symptoms

Example of 'Description' from 'Execution block (unapproved file)' event:

File 'c:\programdata\mcafee\common framework\current\eepc\install\0000\mfeeepc64.msi' [50f861bc64b5776f5944f3a4ffd9532fd350268820bfe54897d15f81f078bdef] was blocked because it was unapproved. Publisher[McAfee, Inc. (IneligibleForAppoval: SignatureError[0x800B0101])]


Cause
An expired or missing certificate in the signature chain is the likely cause of the 'IneligibleForAppoval: SignatureError[0x800B0101]' message.

Solution

The certificate chain of the file(s) from the 'Execution block' events can be checked by performing following steps:

1) Log on to the source machine, open command line window with elevated privileges (right-mouse-> Run as Administrator).

2) cd to the "C:\Program Files\Bit9\Parity Agent" directory.

3) Run following commands:

a. dascli password <CLI password here>

b. dascli file <full path}\{filename}>

c. dascli certinfo <full path}\{filename}>

Example:

dascli password DCBA-HGFE-LKJI-PONM

dascli find "C:\programdata\mcafee\common framework\current\eepc\install\0000\mfeeepc64.msi"

dascli certinfo "C:\programdata\mcafee\common framework\current\eepc\install\0000\mfeeepc64.msi"

Labels (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-17-2017
Views:
1184
Contributors