SAPIEN executables quarantined and not digitally signed

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 6 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
thromada
Posts: 5
Last visit: Mon Jul 12, 2021 1:11 pm

SAPIEN executables quarantined and not digitally signed

Post by thromada »

SAPIEN,

One of my coworkers had the following SAPIEN executables quarantined by Symantec Endpoint Protection version 14.0.2349.0100:
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”

The above files are from Primal Script 2017 version 7.3.106 64bit and PowerShell Studio 2017 version 5.4.143 64bit, both running on Windows 10.0.15063 (1703). I wanted to be sure they are valid files that are just seen as false-positives by Symantec? And ask why the executables aren’t digitally signed?

When you view the properties of the files, there is no Digital Signatures tab. And using SysInternals “sigcheck -i” command, it reports they are unsigned.

However, the versions that I’m running, SAPIEN Primal Script 2017 version 7.3.105 64bit and PowerShell Studio 2017 version 5.4.141 64bit, both running on Windows 10.0.15063 (1703), do have executables that are digitally signed and have not been quarantined on my system.

Thanks,
Tom.
User avatar
Alexander Riedel
Posts: 8478
Last visit: Tue Mar 26, 2024 8:52 am
Answers: 19
Been upvoted: 37 times

Re: SAPIEN executables quarantined and not digitally signed

Post by Alexander Riedel »

These executable files are templates for creating powershell executables. They must not be signed, otherwise you cannot sign the executable you create with either product.
They were previously signed by accident. The installer build tool we use is a bit overzealous sometimes :D
As for the false positives, yes, most likely. We scan everything all the time, but we do not know what happens on your machine, so you should always submit detected files to your antivirus vendor.
Alexander Riedel
SAPIEN Technologies, Inc.
User avatar
thromada
Posts: 5
Last visit: Mon Jul 12, 2021 1:11 pm

Re: SAPIEN executables quarantined and not digitally signed

Post by thromada »

Thank you Alexander. If I understand you correctly, the previous SAPIEN version executables I site above were accidentally digitally signed by SAPIEN. The newer version executables I site above were not digitally signed; and it sounds like this is your standard.

Out antivirus flagged the newer SAPIEN executables probably because they were a newer version and not recognized; not because they were not digitally signed.

Alright, thanks for your help!
Tom.
This topic is 6 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.