Problem with antimalware protected process service

  • Thread starter Thread starter st1111
  • Start date Start date
S

st1111

Guest
I cannot get my AM-PPL service to start, it gives me error 577
“Windows cannot verify the digital signature for this file”.
The error is coming from CI!CiValidateImageHeader which I see in the debugger
if enabling HKLM\System\CCS\Control\CI debugflags=0x400.

As far as I can understand, I need to embed a hash of the certificate used to sign the
service in the ELAM driver.
I have a self-signed certificate (and I enabled test signing on the test VM).

This is the certificate used to sign the service (output from certmgr -v):

----- Signer [1] Certificate-----
Subject::
[0,0] 2.5.4.3 (CN) ValueType: 4
45 6C 61 6D 54 65 73 74 53 72 76 'ElamTestSrv'
Issuer::
[0,0] 2.5.4.3 (CN) ValueType: 4
45 6C 61 6D 54 65 73 74 53 72 76 'ElamTestSrv'
SerialNumber::
8B 84 5D 4E 44 66 2C B2 48 B2 2B E1 D0 EF CE 30
SHA1 Thumbprint::
A45AB512 53D995BE 778342D1 EBECDF13 A4577BFA
MD5 Thumbprint::
9C03659D 13F4D604 D2F1624E C66F0775
Key MD5 Thumbprint::
193BF804 99939223 575A3668 15F13AEB

and this is the ELAM driver resource script:

MicrosoftElamCertificateInfo MSElamCertInfoID
{
1,
L"A45AB51253D995BE778342D1EBECDF13A4577BFA\0",
0x8004,
L"\0"
}


Can you spot any error here?

Thanks!

Continue reading...
 
You must log in or register to reply here.

Similar threads

M
Why does my router "Threat Prevention" complain about zip file download from 72.21.81.240?
Replies
0
Views
10
MarkTiede
M
M
event 13, Vss
Replies
0
Views
33
MarkBrosche1
M
M
event 13, Vss
Replies
0
Views
31
MarkBrosche1
M
D
BSoD: on driver file rxfcy.sys when Enabeling core isolation feature.
Replies
0
Views
12
Darkmoor Runebane
D
What is the format of the byte stream obtained by FWPM_LAYER_ALE_CONNECT_REDIRECT_V4?
Replies
0
Views
730
赫敏璋
Back
Top