![]() If a dll that is a part of a process requests elevation the signature of the exe is used for the UAC prompt as that is the process that is running, not the dll. You can see some examples in this How To Geek article.Īuthenticode signatures enforce identity, determine what appears in a UAC prompt and help ensure that a file is not tampered with. Rundll32.exe is used to run dlls that have functionality that is needed but do not have exes to run them. Ok, so why would Microsoft not sign this file? I think that the answer is found in rundll32.exe's purpose. Clean copies of Windows 10 (different builds) have different versions and time stamps so it appears that Microsoft does update this file. I do have several different versions of this file (going back 8 years). I have checked several of my computers and VMs and found that this file is not Authenticode signed, at least not in anyway that I recognize. I could not find an official Microsoft answer, but I have a theory as to why this program (and others like it) are not directly signed. ![]() ![]() I am leaving this answer here because I believe that my argument as to whey the files are not individually signed with Authenticode (what VirusTotal reports on) is still valid. Edit 1: See great answer for how Microsoft has signed a bundle of these executables. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |