Friday, November 1, 2013

Using the Verify button within Process Explorer

The Process Explorer utility from SysInternals has a verify process feature.  This option indicates whether the executable in question has been verified as digitally signed by a certificate that chains to a root authority trusted by the computer in question.

After launching Process Explorer, access the Properties of the entry in question.  Click on the Verify button on the Image tab.


If the certificate is valid, a “verified” text should appear near the top of the dialog box near the description.


Below is an example of an older application that did not return a “verified” value.  If a process does not return a “valid” certificate, this could be a clue that the entry in question may be malware.


No comments:

Post a Comment