Digitally signed NVIDIA files not whitelisted?

Sheepolina · December 8, 2015, 10:05am

The files are all signed with “NVIDIA Corporation PE Sign v2014” digital signature and yet they aren’t whitelisted. Why not? The reason why I’m asking here is because I’ve asked about this in the whitelisting thread and it got ignored in a mass of other posts.

I’ve also attached one such file…

[attachment deleted by admin]

lugo_58 · December 8, 2015, 10:19am

It looks the digital sign is broken… or not valid.

http://i.hizliresim.com/P6GzAQ.jpg

Lets submit it for whitelisting, maybe they will handle it.

Sheepolina · December 8, 2015, 1:07pm

It’s still a certificate only used by NVIDIA…

qmarius · December 8, 2015, 1:29pm

[code=“sigcheck”]
nvumdshimx.dll:
Verified: A certificate chain could not be built to a trusted root authority.
Link date: 8:06 PM 11/24/2015
Publisher: NVIDIA Corporation PE Sign v2014
Description: NVIDIA D3D Shim Driver, Version 359.06
Product: NVIDIA D3D shim drivers
Prod version: 10.18.13.5906
File version: 10.18.13.5906
MachineType: 64-bit
Binary Version: 10.18.13.5906
Original Name: nvumdshim.dll
Internal Name: nvumdshim
Copyright: (C) 2015 NVIDIA Corporation. All rights reserved.
Comments: n/a
Entropy: 6.033

Sheepolina · December 8, 2015, 3:45pm

Which just means its a signature issued by NVIDIA and NVIDIA only but wasn’t verified by a certificate authority. Which doesn’t make it any less valid considering you can extract files with such signature from any drive downloaded from official NVIDIA webpage.

Citizen_K · December 8, 2015, 4:24pm

Self signed signatures are not secure by definition. They should only be used on local networks. It is beyond my understanding why NVIDIA hangs on to this deprecated practice.

Moving to D+ Help board.

freshhh · December 9, 2015, 8:30pm

I’m not able anymore to update my NVIDIA drivers if Comodo is running !
Please do something about it ASAP.

jebuchanan · December 9, 2015, 8:42pm

To install Nvidia drivers,
Someone suggested disabling ‘Enable File Source Tracking’ under Auto Sandbox.
I haven’t had another update to test this yet, so please give it a try and report back.

Citizen_K · December 10, 2015, 3:51am

You can add that signature to your Trusted Software Vendor List. CIS is a very customisable tool.

qmarius · December 10, 2015, 9:50am

Only if it’s a valid signature. And if it’s PE file, currently.

Citizen_K · December 10, 2015, 4:43pm

Oops and thank you. I overlooked that not unimportant detail.

Sheepolina · December 12, 2015, 6:05pm

That’s stupid. Why can’t I add ANY signature if I desire so to make things easier for me? No, instead I’m blocked even there by the CIS itself.

Citizen_K · December 12, 2015, 7:34pm

Are you talking about just the problem with this specific executable or has your problem changed to a more generic one?

You can always white list the individual files that come with this signature.

aim4it · December 14, 2015, 1:52am

Because signature spoofing, self signed malware, etc.