Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should the Digital Certificates tab appear in Properties for core system files?


  • Please log in to reply
5 replies to this topic

#1 matt_au

matt_au

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:31 PM

Posted 30 October 2015 - 02:41 AM

Does anyone know if the Digital Certificates tab should appear in right-click > Properties for Windows system files, such as the ones I've listed below (all from Windows/System32)?

 

Some of the dll/exe/sys files in my System32 folder show a Digital Certificates tab, but I don't see this tab for many files that I would consider to be "core system files".  I've checked on the Microsoft site, but I can't find anything other than very broad general statements (that to me imply yes this tab should be visible).

 

Some example files from Windows/System32:

 

rundll.exe
csrss.exe
conhost.exe
win32.sys
wininit.dll
wininit.exe
winhttp.dll
mshtml.dll



BC AdBot (Login to Remove)

 


#2 matt_au

matt_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:31 PM

Posted 30 October 2015 - 03:40 AM

"Digital Certificates" should of course read "Digital Signatures".  (sorry, I'm tired)



#3 matt_au

matt_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:31 PM

Posted 30 October 2015 - 05:37 AM

I'm adding a poll to this question.  I'm curious to know what other people see in their Windows 7 installs.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 AM

Posted 30 October 2015 - 06:57 AM

You got me curious on that one so I compared the files on both my Windows 7 SP1 x64, Windows 10 Pro x64 and a Windows SP1 x64 VM to see what I could find. First, here's the actual list of files:

rundll32.exe
csrss.exe
conhost.exe
win32k.sys
wininet.dll
wininit.exe
winhttp.dll
mshtml.dll

On my Windows 7 (both the laptop and the VM), none of them have the Digital Signatures tab, however on my Windows 10, csrss.exe and another one (can't remember which one right now I'll post it tonight) have the tab. So I would say that it's normal for these files to not have that tab under Windows 7, and that in Windows 10, two of them does. Maybe they are also there in Windows 8/8.1, I would have to check.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 matt_au

matt_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:31 PM

Posted 30 October 2015 - 07:37 AM

Thank you for the response.  Any thoughts on this? To me it seems strange that I can't verify the integrity of core system files.  I feel like I'm asking "Is Windows secure?" and the answer would seem to be "no idea"!?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 AM

Posted 30 October 2015 - 08:28 AM

The integrity of core system files is handled automatically by Windows via a process that would take way too long for me to explain right now :P You don't have to check for digital signature on the files since there's another way to check if your system files are legitimate or not but it's quite an advanced method.

To sum it up, I wouldn't worry about it. If you think that some of your system files have been compromised, you can run SFC /scannow to scan them and it'll report those that needs to be fixed (if it cannot fix them automatically).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users