Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.

uberAgent

uberAgent 6.1 Preview: Authenticode Signature Verification

  • by Helge Klein
  • April 12, 2021

While we’re finalizing version 6.1 of our user experience monitoring & endpoint security analytics products uberAgent UXM and uberAgent ESA, let’s take a look at yet another cool new feature: Authenticode signature verification.

What Is Authenticode Signature Verification?

Authenticode signature verification is uberAgent’s new capability to check if executables have valid code signatures.

What Is Authenticode?

Authenticode is Microsoft’s code-signing technology for PE image files like executables, DLLs, or drivers. Authenticode makes use of digital certificates issued by certificate authorities (CAs). A file’s digital signature often has a chain of certificates, leading up to a root certificate that needs to be in the operating system’s root certificate store in order to be trusted.

Code-signed executables allow anyone to verify publisher identity and code integrity, thus making it possible to ensure binaries have not been tampered with.

How Does uberAgent Verify Authenticode Signatures?

uberAgent verifies the digital signature of each EXE/DLL that is executed or loaded into memory. uberAgent checks many properties of the signature, including the full chain of certificates. The results of uberAgent’s checks help answer the following questions:

  • Is an executable digitally signed?
  • Is the signature valid?
  • Is an executable signed by Microsoft?
  • What is the publisher name of the executable?

Please see the Authenticode signature verification documentation for details.

Requirements

Authenticode signature verification is a feature of uberAgent ESA, vast limits’ endpoint security analytics product. For details, please see the documentation on uberAgent UXM and uberAgent ESA.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Comments

Your email address will not be published. Required fields are marked *