SAPIEN executables quarantined and not digitally signed

Support for all customers who have purchased a PrimalScript product license. This forum does not offer a response time guarantee.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
User avatar
thromada
Posts: 2
Joined: Thu May 28, 2009 1:40 am

SAPIEN executables quarantined and not digitally signed

Post by thromada » Wed Aug 09, 2017 11:28 am

SAPIEN,

One of my coworkers had the following SAPIEN executables quarantined by Symantec Endpoint Protection version 14.0.2349.0100:
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”

The above files are from Primal Script 2017 version 7.3.106 64bit and PowerShell Studio 2017 version 5.4.143 64bit, both running on Windows 10.0.15063 (1703). I wanted to be sure they are valid files that are just seen as false-positives by Symantec? And ask why the executables aren’t digitally signed?

When you view the properties of the files, there is no Digital Signatures tab. And using SysInternals “sigcheck -i” command, it reports they are unsigned.

However, the versions that I’m running, SAPIEN Primal Script 2017 version 7.3.105 64bit and PowerShell Studio 2017 version 5.4.141 64bit, both running on Windows 10.0.15063 (1703), do have executables that are digitally signed and have not been quarantined on my system.

Thanks,
Tom.

User avatar
Alexander Riedel
Posts: 6300
Joined: Tue May 29, 2007 4:43 pm

Re: SAPIEN executables quarantined and not digitally signed

Post by Alexander Riedel » Wed Aug 09, 2017 11:54 am

These executable files are templates for creating powershell executables. They must not be signed, otherwise you cannot sign the executable you create with either product.
They were previously signed by accident. The installer build tool we use is a bit overzealous sometimes :D
As for the false positives, yes, most likely. We scan everything all the time, but we do not know what happens on your machine, so you should always submit detected files to your antivirus vendor.
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
thromada
Posts: 2
Joined: Thu May 28, 2009 1:40 am

Re: SAPIEN executables quarantined and not digitally signed

Post by thromada » Thu Aug 10, 2017 7:48 am

Thank you Alexander. If I understand you correctly, the previous SAPIEN version executables I site above were accidentally digitally signed by SAPIEN. The newer version executables I site above were not digitally signed; and it sounds like this is your standard.

Out antivirus flagged the newer SAPIEN executables probably because they were a newer version and not recognized; not because they were not digitally signed.

Alright, thanks for your help!
Tom.