SAPIEN,
One of my coworkers had the following SAPIEN executables quarantined by Symantec Endpoint Protection version 14.0.2349.0100:
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
The above files are from Primal Script 2017 version 7.3.106 64bit and PowerShell Studio 2017 version 5.4.143 64bit, both running on Windows 10.0.15063 (1703). I wanted to be sure they are valid files that are just seen as false-positives by Symantec? And ask why the executables aren’t digitally signed?
When you view the properties of the files, there is no Digital Signatures tab. And using SysInternals “sigcheck -i” command, it reports they are unsigned.
However, the versions that I’m running, SAPIEN Primal Script 2017 version 7.3.105 64bit and PowerShell Studio 2017 version 5.4.141 64bit, both running on Windows 10.0.15063 (1703), do have executables that are digitally signed and have not been quarantined on my system.
Thanks,
Tom.
SAPIEN executables quarantined and not digitally signed
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- Alexander Riedel
- Posts: 8478
- Last visit: Tue Mar 26, 2024 8:52 am
- Been upvoted: 37 times
Re: SAPIEN executables quarantined and not digitally signed
These executable files are templates for creating powershell executables. They must not be signed, otherwise you cannot sign the executable you create with either product.
They were previously signed by accident. The installer build tool we use is a bit overzealous sometimes
As for the false positives, yes, most likely. We scan everything all the time, but we do not know what happens on your machine, so you should always submit detected files to your antivirus vendor.
They were previously signed by accident. The installer build tool we use is a bit overzealous sometimes
As for the false positives, yes, most likely. We scan everything all the time, but we do not know what happens on your machine, so you should always submit detected files to your antivirus vendor.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.
Re: SAPIEN executables quarantined and not digitally signed
Thank you Alexander. If I understand you correctly, the previous SAPIEN version executables I site above were accidentally digitally signed by SAPIEN. The newer version executables I site above were not digitally signed; and it sounds like this is your standard.
Out antivirus flagged the newer SAPIEN executables probably because they were a newer version and not recognized; not because they were not digitally signed.
Alright, thanks for your help!
Tom.
Out antivirus flagged the newer SAPIEN executables probably because they were a newer version and not recognized; not because they were not digitally signed.
Alright, thanks for your help!
Tom.