How to Verify that System Drivers are Digitally Signed

This is a useful trick both for security’s sake and for making sure that unnecessary drivers are not being loaded every time you start up your PC.

Device drivers are important files as they allow you and the operating system to interact with hardware connected to the system. Drivers, just like executable files, can be digitally signed to improve their verifiability. Manufacturers can submit drivers to Microsoft to get them signed. While many do so, some don’t do this for all drivers they release. It is common for instance that beta drivers are not digitally signed.

While unsigned drivers don’t necessarily have to be problematic, it makes sense to check the system for those and verify that they are legitimate and the best choice.

Windows ships with a driver verification tool called File Signature Verification which you can use for that purpose.

All you need to do is press the Windows-key, type sigverif and hit enter to start it up.

sigverif file signature verification

The program creates a log file of its activities automatically by default. The advanced button displays the name of that log file, an option to load it, and options to block the creation of log files in first place.

log file

The File Signature Verification tool scans all drivers on the system once you hit the start button. This should not take long provided that the system is not under load when you run the scan.

All unsigned drivers are displayed in the results after the scan. Each driver is listed with its file name, path, type, version and modification date.

unsigned drivers

The same information are also available in the log file. On Windows 7, you find it under C:\Users\Public\Documents by default.

Since it is not clear automatically what a driver does, you may want to run searches on the Internet for each of the file names to find out more about them.

Before you do that, you may want to check the file locally first. Just open the folder location, right-click on a file and select properties from the dialog.

You may find a digital signatures listing for it which reveals information about the signer and thus the program or hardware device it belongs to.

signer

Sometimes, this may be all you need. Depending on that, you may want to keep the file, search for an updated version of it or remove it from being started with Windows.

Microsoft’s Autoruns program can help you further. It highlights problematic drivers as well and ships with options to disable a driver’s autorun entry so that it won’t be loaded anymore.

autoruns unsigned drivers

For instance, if you notice an unsigned driver that is not used anymore, which can be the case if you removed a program that installed it for example or a hardware device that you no longer use, then you can uncheck its entry in Autoruns to prevent it from being loaded.

Another advantage of Autoruns is that it will highlight additional drivers that Sigverif does not seem to include in its scans.

Autoruns can scan drivers on Virustotal automatically if you enable the feature which helps with the verification as well.

It is obviously important to only block drivers that are not needed anymore or of questionable origin from starting with the system as you may run into issues otherwise.

It makes sense to use both tools in conjunction to reveal and verify unsigned drivers on Windows.

Link to Original Content

Tags: , , ,

Comments are closed.