SAPIEN executables quarantined and not digitally signed
Posted: Wed Aug 09, 2017 11:28 am
SAPIEN,
One of my coworkers had the following SAPIEN executables quarantined by Symantec Endpoint Protection version 14.0.2349.0100:
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
The above files are from Primal Script 2017 version 7.3.106 64bit and PowerShell Studio 2017 version 5.4.143 64bit, both running on Windows 10.0.15063 (1703). I wanted to be sure they are valid files that are just seen as false-positives by Symantec? And ask why the executables aren’t digitally signed?
When you view the properties of the files, there is no Digital Signatures tab. And using SysInternals “sigcheck -i” command, it reports they are unsigned.
However, the versions that I’m running, SAPIEN Primal Script 2017 version 7.3.105 64bit and PowerShell Studio 2017 version 5.4.141 64bit, both running on Windows 10.0.15063 (1703), do have executables that are digitally signed and have not been quarantined on my system.
Thanks,
Tom.
One of my coworkers had the following SAPIEN executables quarantined by Symantec Endpoint Protection version 14.0.2349.0100:
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V5 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
-“C:\Program Files\SAPIEN Technologies,Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V3 Host (Windows Application) Win32.exe”
The above files are from Primal Script 2017 version 7.3.106 64bit and PowerShell Studio 2017 version 5.4.143 64bit, both running on Windows 10.0.15063 (1703). I wanted to be sure they are valid files that are just seen as false-positives by Symantec? And ask why the executables aren’t digitally signed?
When you view the properties of the files, there is no Digital Signatures tab. And using SysInternals “sigcheck -i” command, it reports they are unsigned.
However, the versions that I’m running, SAPIEN Primal Script 2017 version 7.3.105 64bit and PowerShell Studio 2017 version 5.4.141 64bit, both running on Windows 10.0.15063 (1703), do have executables that are digitally signed and have not been quarantined on my system.
Thanks,
Tom.