Jump to content

Failed to verify the digital signature for \?\C:\Windows\system32\igfxsrvc.exe


Recommended Posts

I'm using MBAM (Premium) v2.0.2.1012 on Windows 8 x64. I have been checking my event logs for MBAM activity because of a problem I've been having since I upgraded and while it may not be related I've seen quite a few notices that say my intel graphics device service cannot be verified:

 

Failed to verify the digital signature for \??\C:\Windows\system32\igfxsrvc.exe 
or:
Failed to verify the digital signature for \Device\HarddiskVolume4\WINDOWS\SYSTEM32\IGFXSRVC.EXE 

 

 
I checked the signature in explorer and it passes. However I then used Sysinternals' sigcheck program which seems to imply that the signature is in a catalog file. I don't know what's happening here but maybe if a program's digital signature is in the file, but then there is also a digital signature for that file in a catalog file, one supersedes the other? Here is the sigcheck output:
sigcheck -a -i -r -e IGFXSRVC.EXESigcheck v2.1 - File version and signature viewerCopyright (C) 2004-2014 Mark RussinovichSysinternals - www.sysinternals.comC:\Users\Owner\Desktop\igfxsrvc.exe:        Verified:       Signed        Catalog:        C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.cat        Signers:           Microsoft Windows Hardware Compatibility Publisher                Status:         A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.                Valid Usage:    Code Signing, WHQL Crypto                Serial Number:  33 00 00 00 08 52 00 A3 24 4E                                11 9A 5B 00 01 00 00 00 08                Thumbprint:     D94345C032D23404231DD3902F22AB1C2100341E                Algorithm:      SHA1                Valid from:     7:20 PM 6/18/2012                Valid to:       7:20 PM 9/18/2013           Microsoft Windows Hardware Compatibility PCA                Status:         Valid                Valid Usage:    All                Serial Number:  33 00 00 00 38 2E 50 E8 6A 98                                9D 95 7F 00 00 00 00 00 38                Thumbprint:     8D42419D8B21E5CF9C3204D0060B19312B96EB78                Algorithm:      SHA1                Valid from:     5:05 PM 6/4/2012                Valid to:       5:15 PM 6/4/2020           Microsoft Root Certificate Authority                Status:         Valid                Valid Usage:    All                Serial Number:  79 AD 16 A1 4A A0 A5 AD 4C 73                                58 F4 07 13 2E 65                Thumbprint:     CDD4EEAE6000AC7F40C3802C171E30148030C072                Algorithm:      SHA1                Valid from:     7:19 PM 5/9/2001                Valid to:       7:28 PM 5/9/2021        Signing date:   4:27 PM 9/30/2012        Counter Signers:           Microsoft Time-Stamp Service                Status:         A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.                Valid Usage:    Timestamp Signing                Serial Number:  61 07 79 10 00 00 00 00 00 0E                Thumbprint:     1895C2C907E0D7E5C0292B92C6EA8D0E236F525E                Algorithm:      SHA1                Valid from:     5:53 PM 1/9/2012                Valid to:       5:53 PM 4/9/2013           Microsoft Timestamping PCA                Status:         Valid                Valid Usage:    Timestamp Signing                Serial Number:  6A 0B 99 4F C0 00 25 AB 11 DB                                45 1F 58 7A 67 A2                Thumbprint:     3EA99A60058275E0ED83B892A909449F8C33B245                Algorithm:      SHA1                Valid from:     9:04 PM 9/15/2006                Valid to:       3:00 AM 9/15/2019           Microsoft Root Authority                Status:         Valid                Valid Usage:    All                Serial Number:  00 C1 00 8B 3C 3C 88 11 D1 3E                                F6 63 EC DF 40                Thumbprint:     A43489159A520F0D93D032CCAF37E7FE20A8B419                Algorithm:      MD5                Valid from:     3:00 AM 1/10/1997                Valid to:       3:00 AM 12/31/2020        Publisher:      Microsoft Windows Hardware Compatibility Publisher        Description:    igfxsrvc Module        Product:        Intel(R) Common User Interface        Prod version:   8.15.10.2849        File version:   8.15.10.2849        MachineType:    64-bit        Binary Version: 8.15.10.2849        Original Name:  IGFXSRVC.EXE        Internal Name:  IGFXSRVC        Copyright:      Copyright 1999-2006, Intel Corporation        Comments:       n/a        Entropy:        5.934
I've attached the file as well. Thanks
Link to post
Share on other sites

It is a valid file whose Publishers Certificate is valid.
 
A system having problems verifying a certificate through an Online Certificate Status Protocol (OCSP) server is not something that can be ascribed to Malwarebytes' Anti-Malware (MBAM).

 

The problem could be as simple as the system clock is not set properly to not having a good Root Certificate for the certificate chain.

 

For all we know, there is a problem with your system whose symptoms are an inability to check a publisher's certificate through and OCSP to the problems you have noted by MBAM.

 

PS:  New members are not given edit privileges.

Link to post
Share on other sites

A system having problems verifying a certificate through an Online Certificate Status Protocol (OCSP) server is not something that can be ascribed to Malwarebytes' Anti-Malware (MBAM).

 

The problem could be as simple as the system clock is not set properly to not having a good Root Certificate for the certificate chain.

 

For all we know, there is a problem with your system whose symptoms are an inability to check a publisher's certificate through and OCSP to the problems you have noted by MBAM.

 

How do you know it's OCSP? My clock is correct. What do you think of my theory that a signature in the catalog file is overriding the signature in the exe? Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.