How to verify that system drivers are digitally signed - gHacks Tech News

How to verify that system drivers are digitally signed

Device drivers are important files as they allow you and the operating system to interact with hardware connected to the system.

Drivers, just like executable files, can be digitally signed to improve their verifiability.

Manufacturers can submit drivers to Microsoft to get them signed. While many do so, some don't do this for all drivers they release.

It is common for instance that beta drivers are not digitally signed.

While unsigned drivers don't necessarily have to be problematic, it makes sense to check the system for those and verify that they are legitimate and the best choice.

Windows ships with a driver verification tool called File Signature Verification which you can use for that purpose.

All you need to do is press the Windows-key, type sigverif and hit enter to start it up.

sigverif file signature verification

The program creates a log file of its activities automatically by default. The advanced button displays the name of that log file, an option to load it, and options to block the creation of log files in first place.

log file

The File Signature Verification tool scans all drivers on the system once you hit the start button. This should not take long provided that the system is not under load when you run the scan.

All unsigned drivers are displayed in the results after the scan. Each driver is listed with its file name, path, type, version and modification date.

unsigned drivers

The same information are also available in the log file. On Windows 7, you find it under C:\Users\Public\Documents by default.

Since it is not clear automatically what a driver does, you may want to run searches on the Internet for each of the file names to find out more about them.

Before you do that, you may want to check the file locally first. Just open the folder location, right-click on a file and select properties from the dialog.

You may find a digital signatures listing for it which reveals information about the signer and thus the program or hardware device it belongs to.

signer

Sometimes, this may be all you need. Depending on that, you may want to keep the file, search for an updated version of it or remove it from being started with Windows.

Microsoft's Autoruns program can help you further. It highlights problematic drivers as well and ships with options to disable a driver's autorun entry so that it won't be loaded anymore.

autoruns unsigned drivers

For instance, if you notice an unsigned driver that is not used anymore, which can be the case if you removed a program that installed it for example or a hardware device that you no longer use, then you can uncheck its entry in Autoruns to prevent it from being loaded.

Another advantage of Autoruns is that it will highlight additional drivers that Sigverif does not seem to include in its scans.

Autoruns can scan drivers on Virustotal automatically if you enable the feature which helps with the verification as well.

It is obviously important to only block drivers that are not needed anymore or of questionable origin from starting with the system as you may run into issues otherwise.

It makes sense to use both tools in conjunction to reveal and verify unsigned drivers on Windows.

Now You:

Summary
How to verify that system drivers are digitally signed
Article Name
How to verify that system drivers are digitally signed
Description
Find out how to verify all system drivers on a computer running the Windows operating system.
Author
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Dwight Stegall said on April 11, 2015 at 10:26 am
    Reply

    Thanks I had never heard of this before. It says all my Windows 8.1 and Windows 10 build 10049 drivers are digitally signed. But I only download drivers from Windows Update. Those third-party driver updaters always screw me. I have sometimes lost audio or video or both.

  2. Nebulus said on April 11, 2015 at 10:43 am
    Reply

    Martin, towards the end of the article there is a sentence that starts with “Another advantage of Malwarebytes”. I think that it should be Autoruns instead of MalwareBytes :)

    1. Martin Brinkmann said on April 11, 2015 at 10:51 am
      Reply

      Hah, thanks ;)

  3. YB said on April 11, 2015 at 4:43 pm
    Reply

    I don’t install any drivers not signed anymore. I did so once with an NVIDIA driver that was beta and it made my clock speeds to fast. While this is great when playing games, the card ended up running hot when at the desktop.

    Once I reverted back to stable drivers, that ended.

  4. X said on April 11, 2015 at 5:45 pm
    Reply

    Files not scanned: 3.
    You can check the log to find which ones and why.

  5. MartinPC said on April 12, 2015 at 4:16 am
    Reply

    Hmmm. Running sigverif.exe on my laptop threw up two unsigned drivers. The first was a table used by the TrackPoint (pointing stick). I had manually hacked it to make additional apps “TrackPoint-scrolling-aware,” so that made sense. But the second was the difxapi.dll file in my C:\Windows/System32 folder. That’s apparently part of Microsoft’s Driver Installation Framework, so the fact that it was unsigned came as a bit of a surprise. I ran sfc.exe /scannow, took a look at the log file and saw that some repairs had been made but had to attend to other business and didn’t have time to examine it in detail. I just ended up rebooting. When I came back to the computer, difxapi.dll had been left untouched and was still unsigned. Bizarre.

  6. PhoneyVirus said on April 16, 2015 at 3:23 am
    Reply

    I have some digitally unsigned drivers on the Network Attach Storage/Server (NAS) and never had any problems. Plus I had no other choice but install them, because there was NO Microsoft Windows Hardware Quality Labs Versions available.

    Windows Hardware Quality Labs testing or (WHQL) Testing is Microsoft’s testing process which involves running a series of tests on third-party hardware or software, and then submitting the log files from these tests to Microsoft for review.

    Thanks for the Tutorial Martin

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.