none
Application certificate intergrity bypass RRS feed

  • Question

  • I know that programs signed with certificats will prevent programs from modification from a 3rd party. I did notice that when I modifies proccess explorer and ran the file as an administrator, the certficate was shown and the app was genuine.

    Is this normal behavior or is this an exploit?

    Thanks!

    Wednesday, January 17, 2018 12:03 AM

Answers

  • Your understanding is almost right.

    Code signing is used on Windows to authenticate software on first run, ensuring that the software has not been maliciously tampered with by a third-party distributor or download site.

    Current phenomenon should be normal, don’t worry.

    Regards

     


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by NT_pro Saturday, January 20, 2018 4:05 AM
    Thursday, January 18, 2018 2:31 AM
    Moderator