Jump to content
Nazareno

Digital signatures.

Recommended Posts

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Do you mean check if the program is signed? If so, yes, it's one of the many pieces of information we use to identify whether or not something is malicious.

Share this post


Link to post
Share on other sites

Thank you very much for your reply. But it seems to me that you are missing something as there are versions of HMPA that are pirated and are not detected by mbam. I don't know if I should detect them but I know they are illegitimate. I attach a virustotal link. Thank you very much again. Best regards.

 

https://www.virustotal.com/es-ar/file/67cc605442988a11fa9fce359a4209ffe98c0664ea2e53f826944980cb2a228a/analysis/1543775590/

Share this post


Link to post
Share on other sites

Ahh I see what you mean now, you mean do we detect a file that has an invalid signature as a threat. The answer is no. This would require keeping a database of known good files with their signature to compare against, which requires signature updating, and is an old way of validating threats. In the example above, anytime HitmanPro released a new binary, we'd have to download it, verify the fingerprint thumbnail, and then keep track of that. Instead we rely on our other algorithms for detection, which already incorporate signature validation, and allow us to detect a lot of these threats without requiring new updates everytime someone releases a new binary

Share this post


Link to post
Share on other sites

Thank you very much for the detailed explanation. We can give the subject as solved. Thank you again. Greetings.

Share this post


Link to post
Share on other sites

Working with Certificates and "trusting" that which is signed, is a function of the OS.  If one is worried, lock down the OS specifically to reduce the trust of sites, executable binaries and data files that fail OCSP verification via a CA.

Reference:
https://en.wikipedia.org/wiki/Public_key_infrastructure
https://docs.microsoft.com/en-us/windows/desktop/seccrypto/managing-certificates-with-certificate-stores

Share this post


Link to post
Share on other sites

Just to add, Malwarebytes also checks many items for fake/spoofed digital signatures, however this is generally only for the purpose of detecting malware such as when a Trojan attempting to pose as a legitimate digitally signed Microsoft OS file tries to infiltrate the system.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.