SQ14137
Detected Windows executable files that enforce image integrity while missing a digital signature.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
fail | high | low | 3 | None |
About the issueโ
Enforced image integrity checking ensures that Windows executable files are only allowed to run after their digital signatures are verified. This security mechanism ensures that the tampered and corrupted applications are prohibited from running. Additionally, access to certain operating system functions may require applications to enable enforced integrity checks. This requirement reduces harm that the malicious code may cause once executed. It is common to find operating system code and kernel drivers that use enforced integrity checks for security purposes.
How to resolve the issueโ
- To confirm detection accuracy, check for presence of any security catalogues that may be used as the software component signatures.
- With Microsoft SignTool, re-sign the software component or create a security catalogue that acts as its signature.
Recommended readingโ
- Digital certificates (External resource - Microsoft)
- /INTEGRITYCHECK (Require signature check) (External resource - Microsoft)