[Windows 7] Windows PowerShell lost signature

Discussion in 'other software & services' started by m00nbl00d, Aug 19, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I don't know exactly what happened, but Windows PowerShell, which is installed on Windows 7 by default (I also think it's installed in Vista), all of a sudden lost the digital signature in all of its processes and dlls.

    I know it was digitally signed, because I have worked with PowerShell before from an elevated prompt, and UAC always presented me with a prompt with valid digital signature.

    Moments ago, I was going to elevate PowerShell, but due to a Group Policy setting that I've enabled, files that are not digitally signed cannot elevate. This is what caught my attention, because it prevented PowerShell from elevating, giving me the usual error message when we try to elevate processes that don't have a digital signature.

    Now, by default Windows 7 has version 2 installed, but I've recently installed version 3 (Release Candidate version), but this cannot be why all of a sudden it lost its digital signature, and simply because I've elevated PowerShell after installing version 3.

    I ran SFC and it found some errors related to PowerShell, due to non matching hashes, but this is most likely due to v2 <-> v3.

    Out of curiousity I checked a relative's system (Windows 7) running the default PowerShell v2, and it's also not digitally signed. o_O

    Can anyone confirm if your PowerShell is digitally signed or not?

    Open the Start Menu and type powershell.exe. Right-click it and open its Properties. You should then see a tab for Digital Signatures, if it's digitally signed... or not have it, if it's not digitally signed.

    The only thing in common between my system and my relative's system are the Windows Updates that happened last week. Could some Windows Update have screwed the digital signature, somehow? :doubt:


    Thanks
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    I don't see a digital signature tab, but if I scan the files with AppLocker using Publisher rule, it finds digital signatures on the files.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I opened AppLocker, and then added powershell.exe with Publisher rule, and I get an error. I'm going to try in my relative's system. Maybe it happens the same that happens in your system.
     

    Attached Files:

  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Update: I can elevate just fine in my relative's system. I didn't try it before, because I expected the process to have the Digital Signatures tab. :oops:

    I reverted to Windows PowerShell v2, and I can also elevate just fine.

    This is a bit confusing. I'm still not sure why at first I was able to elevate with version 3? o_O I remember I did uninstall v3 the other day to test something, and maybe after that it no longer had a valid digital signature... or, it never had a digital signature, at all... and for some reason when I first installed v3, somehow it was using the v2 process (sounds stupid, though lol) ? No idea. o_O
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    There's a similar case, with a resolution, about that error you got here:

    -http://social.technet.microsoft.com/Forums/eu/winserverGP/thread/d575275a-08eb-4365-b628-8a8fbe316c10

    Theory being AppLocker can't create a certificate rule because Windows can't trust the signature due to unknown revocation status, or something to that effect.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I came across that thread, when I search for error message. :) Anyway, I solved my issue with PowerShell. I redownloaded the RC version installer, and reinstalled it. It now is digitally signed and, obviously, now I can elevate it just fine.

    I believe that the installer is time bombed, and after a period of time, even though it allows you to install PowerShell, it happens the issue with the digital signature. I wonder why Microsoft doesn't just prevent us from installing it in the first place, after the period of time of the installer ends. Go figure.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Good to see you got it resolved, m00nbl00d :)
     
Loading...
Thread Status:
Not open for further replies.