search

godaddy / procfilter

A YARA-integrated process denial framework for Windows
MIT License
397 stars 80 forks source link

error while attempting to start service #1

Closed oasec1 closed 8 years ago

oasec1 commented 8 years ago

master windows 7 pro n 32bit-2016-07-30-11-08-45

Windows version professional 7 sp3

reboot had the same result on restart. installation used the right click option of runas administrator

Thanks Robert

ewil commented 8 years ago

I had forgotten about this issue and should've included info about it in the README. Unpatched Windows 7 systems require the hotfix at Microsoft Security Advisory 3033929 in order to verify SHA-2 (SHA256) digital signatures. Current driver signing certificates can only sign using SHA256 so we unfortunately can't sign with SHA-1 to be backwards compatible. More details about Microsoft's deprecation of SHA-1 can be found at Windows Enforcement of Authenticode Code Signing and Timestamping.

If this fix works for you let me know so I can move to close the issue by updating the project README and making that 577 dialog box clearer. Thank you for the bug report, we appreciate it!

oasec1 commented 8 years ago

I'm having a problem finding the file to download from MS. The site link doesn't download the specific OS file. Feel free to close the issue until I can get the correct file from MS.

Thanks Robert

On Sat, Jul 30, 2016 at 3:30 PM, Emerson R. Wiley notifications@github.com wrote:

I had forgotten about this issue and should've included info about it in the README. Unpatched Windows 7 systems require the hotfix at Microsoft Security Advisory 3033929 https://technet.microsoft.com/en-us/library/security/3033929 in order to verify SHA-2 (SHA256) digital signatures. Current driver signing certificates can only sign using SHA256 so we unfortunately can't sign with SHA-1 to be backwards compatible. More details about Microsoft's deprecation of SHA-1 can be found at Windows Enforcement of Authenticode Code Signing and Timestamping http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx .

If this fix works for you let me know so I can move to close the issue by updating the project README and making that 577 dialog box clearer. Thank you for the bug report, we appreciate it!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/godaddy/procfilter/issues/1#issuecomment-236385312, or mute the thread https://github.com/notifications/unsubscribe-auth/AD9CutWqIuYH-18s8xrARPjSeCzNNu0gks5qa6ZbgaJpZM4JY069 .

ewil commented 8 years ago

The links to the patches should be at the above security advisory link under the "Affected Software" section. If you're able to apply the patch and still have problems, don't hesitate to open another issue and we'll get it figured out. Thanks Robert!

oasec1 commented 8 years ago

Just a quick update The patches fixed the issues.

Regards Robert

On Mon, Aug 1, 2016 at 12:26 AM, Emerson R. Wiley notifications@github.com wrote:

Closed #1 https://github.com/godaddy/procfilter/issues/1.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/godaddy/procfilter/issues/1#event-740504004, or mute the thread https://github.com/notifications/unsubscribe-auth/AD9CuhNxJ8m-X9NL-eKLC63UfvG1oVdNks5qbXWLgaJpZM4JY069 .

ewil commented 8 years ago

Great! Thanks for the update!