Friday, November 1, 2013

Using the Verify button within Process Explorer

The Process Explorer utility from SysInternals has a verify process feature.  This option indicates whether the executable in question has been verified as digitally signed by a certificate that chains to a root authority trusted by the computer in question.

After launching Process Explorer, access the Properties of the entry in question.  Click on the Verify button on the Image tab.

process_explorer_verify_1

If the certificate is valid, a “verified” text should appear near the top of the dialog box near the description.

process_explorer_verify_2

Below is an example of an older application that did not return a “verified” value.  If a process does not return a “valid” certificate, this could be a clue that the entry in question may be malware.

process_explorer_verify_3

No comments:

Post a Comment