Blog

uberAgent 6.1 Preview: Authenticode Signature Verification

While we’re finalizing version 6.1 of our user experience monitoring & endpoint security analytics products uberAgent UXM and uberAgent ESA, let’s take a look at yet another cool new feature: Authenticode signature verification.

What Is Authenticode Signature Verification?

Authenticode signature verification is uberAgent’s new capability to check if executables have valid code signatures.

What Is Authenticode?

Authenticode is Microsoft’s code-signing technology for PE image files like executables, DLLs, or drivers. Authenticode makes use of digital certificates issued by certificate authorities (CAs). A file’s digital signature often has a chain of certificates, leading up to a root certificate that needs to be in the operating system’s root certificate store in order to be trusted.

Code-signed executables allow anyone to verify publisher identity and code integrity, thus making it possible to ensure binaries have not been tampered with.

How Does uberAgent Verify Authenticode Signatures?

uberAgent verifies the digital signature of each EXE/DLL that is executed or loaded into memory. uberAgent checks many properties of the signature, including the full chain of certificates. The results of uberAgent’s checks help answer the following questions:

  • Is an executable digitally signed?
  • Is the signature valid?
  • Is an executable signed by Microsoft?
  • What is the publisher name of the executable?

Please see the Authenticode signature verification documentation for details.

Requirements

Authenticode signature verification is a feature of uberAgent ESA, vast limits’ endpoint security analytics product. For details, please see the documentation on uberAgent UXM and uberAgent ESA.

About uberAgent

uberAgent is an innovative Windows and macOS user experience monitoring and endpoint security analytics product. Its highlights include detailed information about boot and logon duration (showing why and when boots/logons are slow), application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance per website, and remoting protocol insights.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative user experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *