uberAgent 6.1 Preview: Authenticode Signature Verification
While we’re finalizing version 6.1 of our user experience monitoring & endpoint security analytics products uberAgent UXM and uberAgent ESA, let’s take a look at yet another cool new feature: Authenticode signature verification.
Authenticode signature verification is uberAgent’s new capability to check if executables have valid code signatures.
Authenticode is Microsoft’s code-signing technology for PE image files like executables, DLLs, or drivers. Authenticode makes use of digital certificates issued by certificate authorities (CAs). A file’s digital signature often has a chain of certificates, leading up to a root certificate that needs to be in the operating system’s root certificate store in order to be trusted.
Code-signed executables allow anyone to verify publisher identity and code integrity, thus making it possible to ensure binaries have not been tampered with.
uberAgent verifies the digital signature of each EXE/DLL that is executed or loaded into memory. uberAgent checks many properties of the signature, including the full chain of certificates. The results of uberAgent’s checks help answer the following questions:
- Is an executable digitally signed?
- Is the signature valid?
- Is an executable signed by Microsoft?
- What is the publisher name of the executable?
Please see the Authenticode signature verification documentation for details.
Authenticode signature verification is a feature of uberAgent ESA, vast limits’ endpoint security analytics product. For details, please see the documentation on uberAgent UXM and uberAgent ESA.
uberAgent is an innovative Windows and macOS user experience monitoring (UXM) and endpoint security analytics (ESA) product.
uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.
uberAgent ESA excels with a sophisticated activity monitoring engine, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.
About vast limits
vast limits GmbH is the company behind uberAgent, the innovative user experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.