Access official resources from Carbon Black experts
Version
All
Issue
Receiving 'Execution block' events with SignatureError '0x800B0101'
Symptoms
Example of 'Description' from 'Execution block (unapproved file)' event:
File 'c:\programdata\mcafee\common framework\current\eepc\install\0000\mfeeepc64.msi' [50f861bc64b5776f5944f3a4ffd9532fd350268820bfe54897d15f81f078bdef] was blocked because it was unapproved. Publisher[McAfee, Inc. (IneligibleForAppoval: SignatureError[0x800B0101])]
Cause
An expired or missing certificate in the signature chain is the likely cause of the 'IneligibleForAppoval: SignatureError[0x800B0101]' message.
Solution
The certificate chain of the file(s) from the 'Execution block' events can be checked by performing following steps:
1) Log on to the source machine, open command line window with elevated privileges (right-mouse-> Run as Administrator).
2) cd to the "C:\Program Files\Bit9\Parity Agent" directory.
3) Run following commands:
a. dascli password <CLI password here>
b. dascli file <full path}\{filename}>
c. dascli certinfo <full path}\{filename}>
Example:
dascli password DCBA-HGFE-LKJI-PONM
dascli find "C:\programdata\mcafee\common framework\current\eepc\install\0000\mfeeepc64.msi"
dascli certinfo "C:\programdata\mcafee\common framework\current\eepc\install\0000\mfeeepc64.msi"
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.