Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Parity does not detect file as digitally signed, but other tools such as "sigcheck" do

Parity does not detect file as digitally signed, but other tools such as "sigcheck" do

Version

All.

Issue

You have designated some vendor as a Trusted Publisher, for example Microsoft.  Some files from this publisher are not being approved.  Parity does not detect that the files have a digital signature; and it displays the "Publisher" as "(None)" in the "File Details" you can view from the Parity administration console.  Also, if in Windows Explorer you right-click on the file and choose "Properties," you will not see any "Digital Signature" tab.  However, other 3rd-party tools such Microsoft's "sigcheck" and "signtool"

do show the file as having a signature.

Solution

Microsoft offers two different ways to sign a file.  One involves placing a digital signature in the header of the file itself.  This method is commonly used by vendors outside of Microsoft.  The other is to place a hash of the file in the Windows "file security catalog."  This method is most commonly used by Microsoft itself, especially with operating system files.

Parity currently does not support the second method, files signed via the security catalog.  Our product team is tracking this issue, and may provide expanded functionality in a future release.

Note that Windows operating system files are typically approved in Parity by other means, such as the "Windows Update" trusted updater, or by the initialization process that occurs when Parity Agent is first installed on a machine.  If you are having problems with operating system file not being approved, you may want to contact Bit9 Support & Services about a review of you policies and configuration.

Please see https://community.bit9.com/docs/DOC-1446 for other related information

                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-17-2015
Views:
821
Contributors