Access official resources from Carbon Black experts
Version
All.
Issue
You have designated some vendor as a Trusted Publisher, for example Microsoft. Some files from this publisher are not being approved. Parity does not detect that the files have a digital signature; and it displays the "Publisher" as "(None)" in the "File Details" you can view from the Parity administration console. Also, if in Windows Explorer you right-click on the file and choose "Properties," you will not see any "Digital Signature" tab. However, other 3rd-party tools such Microsoft's "sigcheck" and "signtool"
do show the file as having a signature.
Solution
Microsoft offers two different ways to sign a file. One involves placing a digital signature in the header of the file itself. This method is commonly used by vendors outside of Microsoft. The other is to place a hash of the file in the Windows "file security catalog." This method is most commonly used by Microsoft itself, especially with operating system files.
Parity currently does not support the second method, files signed via the security catalog. Our product team is tracking this issue, and may provide expanded functionality in a future release.
Note that Windows operating system files are typically approved in Parity by other means, such as the "Windows Update" trusted updater, or by the initialization process that occurs when Parity Agent is first installed on a machine. If you are having problems with operating system file not being approved, you may want to contact Bit9 Support & Services about a review of you policies and configuration.
Please see https://community.bit9.com/docs/DOC-1446 for other related information
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.