You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation of VM-Assert-Signature uses Get-AuthenticodeSignature status. Reading Microsoft documentation, I understand that this only checks that the file has a syntactically syntactically valid signature, I think we should instead verify the signing authority, for example using signtool.exe:
This works well for Google Chrome, Sysinternals and Metasplot, but not for RegCool. I suggest using hashes again in RegCool. Should we also replace it in the configuration by total-registry to avoid that updates break the tool leaving FLARE-VM without a registry tool?
The text was updated successfully, but these errors were encountered:
Details
The current implementation of
VM-Assert-Signature
usesGet-AuthenticodeSignature
status. Reading Microsoft documentation, I understand that this only checks that the file has a syntactically syntactically valid signature, I think we should instead verify the signing authority, for example usingsigntool.exe
:This works well for Google Chrome, Sysinternals and Metasplot, but not for RegCool. I suggest using hashes again in RegCool. Should we also replace it in the configuration by total-registry to avoid that updates break the tool leaving FLARE-VM without a registry tool?
The text was updated successfully, but these errors were encountered: