4 Replies Latest reply on Dec 20, 2013 8:07 AM by Ralf.Gerkum

    file is not signed?

    Ralf.Gerkum Rookie




      lot of Patches are  not installed with following eventlog:

      File is not signed: C:\Windows\ProPatches\Patches\Windows6.1-KB2833946-x64_GER.msu

      what to do?

        • 1. Re: file is not signed?



          If you go to the file, right click, go to Properties > Digital Signatures, do you see a digital signature listed?


          It might be best to delete the file both from the C:\Windows\Propatches\Patches directory as well as the patch download folder on the Protect console system, then re-download the patch and ensure that a digital signature is listed on the file.


          I hope that helps.

          • 2. Re: file is not signed?
            Ralf.Gerkum Rookie

            Hello again,


            Digital Signature of the file on the console sytem is valid, the signature of the file on the client in the /propatche/patches-folder is invalid.

            When I copy the patch manually from the console-folder to the client-folder the file-signature remains valid. When I use Protect to Deploy, the Deployment fails, the patch remains in the the propatches-folder with invalid signature.


            Several Patches in several machines, but most frequently the Q2835361 of MS13-054

            • 3. Re: file is not signed?

              What antivirus software is on the target system? If you check the log for your antivirus software does it appear to be scanning and or possibly stripping any files during patch deployment?


              Have you tried deleting the patch from the patch download directory on the Protect console system as well as from the C:\Windows\Propatches\Patches folder on the client system, then try deploying?



              • 4. Re: file is not signed?
                Ralf.Gerkum Rookie

                Same behavior with deactivated antivirus and new patches on console and client.


                now I even reinstalled ServerOS, SQLDB and ShavlikProtect complete:

                no improvement.


                with FC FileCompare you can see minimal differences between the patch on the Shavlikserver and the client. The binaries are not exact same whereby the invalid signature is explainable


                as already mentioned: if I copy the patches manually from the server in the propatches folders that remain valid patches.



                now that is a real trouble for me. I can not provide 500 clients with patches manually.


                I sent logfiles to the support.