- Notifications
You must be signed in to change notification settings - Fork545
Closed
Description
Greetings,
On a fully patched Windows Server 2008 R2 x64 (including the all-important SHA2 patch, KB3033929), I am still getting failures of silent installation thanks to "untrusted" drivers. Comodo's CA certs are added to Windows trusted root and intermediate cert stores, and Insecure.com LLC certificate is added to the trusted publishers store. Npcap 0.9984 (the last version signed by DigiCert, as opposed to Comodo) does not suffer from this problem. The below logs indicate that Windows can't build the certificate chain up to a trusted root (which is, for kernel drivers, apparently only "Microsoft Code Verification Root"). But I can't seem to find any fault with the driver package; its npcap.cat seems to include all intermediate certificates, including COMODO RSA Certification Authority cross-signed by Microsoft Code Verification Root. What's worse, signtool.exe /kp validates the package just fine on the target system!
Note that the prompt is different than an unsigned driver prompt that you'd see on Windows Server 2008 (non-R2) which does not support SHA2 signatures.
Contents of NPFInstall.log:
NPFInstall.log[00000C68] 2020-04-16 18:41:23 --> wmain[00000C68] 2020-04-16 18:41:23 _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.[00000C68] 2020-04-16 18:41:23 _tmain: executing, argv[1] = -n.[00000C68] 2020-04-16 18:41:23 _tmain: executing, argv[2] = -c.[00000C68] 2020-04-16 18:41:23 --> ClearDriverStore[00000C68] 2020-04-16 18:41:23 --> executeCommand[00000C68] 2020-04-16 18:41:23 executeCommand: executing, strCmd = pnputil.exe -e.[00000C68] 2020-04-16 18:41:23 executeCommand: result = Microsoft PnP UtilityPublished name : oem0.infDriver package provider : MicrosoftClass : PrintersDriver date and version : 06/21/2006 6.1.7600.16385Signer name : Microsoft WindowsPublished name : oem1.infDriver package provider : MicrosoftClass : PrintersDriver date and version : 06/21/2006 6.1.7601.17514Signer name : Microsoft WindowsPublished name : oem2.infDriver package provider : Citrix Systems, Inc.Class : Storage controllersDriver date and version : 06/15/2012 6.0.2.56921Signer name : Microsoft Windows Hardware Compatibility PublisherPublished name : oem3.infDriver package provider : Citrix Systems, Inc.Class : System devicesDriver date and version : 07/19/2011 5.9.960.49119Signer name : Microsoft Windows Hardware Compatibility PublisherPublished name : oem4.infDriver package provider : Citrix Systems, Inc.Class : System devicesDriver date and version : 03/15/2012 6.0.2.54160Signer name : Microsoft Windows Hardware Compatibility PublisherPublished name : oem5.infDriver package provider : Citrix Systems, Inc.Class : Network adaptersDriver date and version : 07/19/2011 5.9.960.49119Signer name : Microsoft Windows Hardware Compatibility PublisherPublished name : oem6.infDriver package provider : Citrix Systems, Inc.Class : System devicesDriver date and version : 01/20/2012 6.0.2.52988Signer name : Microsoft Windows Hardware Compatibility Publisher.[00000C68] 2020-04-16 18:41:23 <-- executeCommand[00000C68] 2020-04-16 18:41:23 --> getInfNamesFromPnpUtilOutput[00000C68] 2020-04-16 18:41:23 <-- getInfNamesFromPnpUtilOutput[00000C68] 2020-04-16 18:41:23 <-- ClearDriverStore[00000C68] 2020-04-16 18:41:23 _tmain: succeed, nStatus = 0.[00000C68] 2020-04-16 18:41:23 <-- wmain[00000EF8] 2020-04-16 18:41:23 --> wmain[00000EF8] 2020-04-16 18:41:23 _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.[00000EF8] 2020-04-16 18:41:23 _tmain: executing, argv[1] = -n.[00000EF8] 2020-04-16 18:41:23 _tmain: executing, argv[2] = -iw.[00000EF8] 2020-04-16 18:41:23 --> InstallWFPCallout[00000EF8] 2020-04-16 18:41:23 --> GetWFPCalloutInfFilePath[00000EF8] 2020-04-16 18:41:23 lpFilename = C:\Program Files\Npcap\NPCAP_wfp.inf[00000EF8] 2020-04-16 18:41:23 <-- GetWFPCalloutInfFilePath[00000EF8] 2020-04-16 18:41:23 --> isFileExist[00000EF8] 2020-04-16 18:41:23 FindFirstFile: succeed, szFileFullPath = C:\Program Files\Npcap\NPCAP_wfp.inf.[00000EF8] 2020-04-16 18:41:23 <-- isFileExist[00000EF8] 2020-04-16 18:41:23 LaunchINFSectionEx: executing, szCmd = C:\Program Files\Npcap\NPCAP_wfp.inf,DefaultInstall,,36,N.[00000EF8] 2020-04-16 18:41:23 <-- InstallWFPCallout[00000EF8] 2020-04-16 18:41:23 _tmain: succeed, nStatus = 0.[00000EF8] 2020-04-16 18:41:23 <-- wmain[00000578] 2020-04-16 18:41:23 --> wmain[00000578] 2020-04-16 18:41:23 _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.[00000578] 2020-04-16 18:41:23 _tmain: executing, argv[1] = -n.[00000578] 2020-04-16 18:41:23 _tmain: executing, argv[2] = -i.[00000578] 2020-04-16 18:41:23 --> PacketInstallDriver60[00000578] 2020-04-16 18:41:23 --> InstallDriver[00000578] 2020-04-16 18:41:23 --> GetServiceInfFilePath[00000578] 2020-04-16 18:41:23 lpFilename = C:\Program Files\Npcap\NPCAP.inf[00000578] 2020-04-16 18:41:23 <-- GetServiceInfFilePath[00000578] 2020-04-16 18:41:23 --> InstallSpecifiedComponent[00000578] 2020-04-16 18:41:23 --> HrGetINetCfg[00000578] 2020-04-16 18:41:23 <-- HrGetINetCfg[00000578] 2020-04-16 18:41:23 --> HrInstallNetComponent[00000578] 2020-04-16 18:41:24 SetupCopyOEMInfW: error, errCode = 0xe0000247.[00000578] 2020-04-16 18:41:24 <-- HrInstallNetComponent[00000578] 2020-04-16 18:41:25 Error 0xe0000247: Couldn't install the network component.[00000578] 2020-04-16 18:41:25 --> HrReleaseINetCfg[00000578] 2020-04-16 18:41:25 <-- HrReleaseINetCfg[00000578] 2020-04-16 18:41:25 <-- InstallSpecifiedComponent[00000578] 2020-04-16 18:41:25 Error 0xe0000247: InstallSpecifiedComponent[00000578] 2020-04-16 18:41:25 <-- InstallDriver[00000578] 2020-04-16 18:41:25 <-- PacketInstallDriver60[00000578] 2020-04-16 18:41:25 _tmain: error, nStatus = -1.[00000578] 2020-04-16 18:41:25 <-- wmainContents of SetupAPI.dev.log:
>>> [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]>>> Section start 2020/04/16 18:41:23.881 cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i sto: {Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 18:41:23.959 sto: Importing driver package into Driver Store: sto: Driver Store = C:\Windows\System32\DriverStore (Online | 6.1.7601) sto: Driver Package = C:\Program Files\Npcap\NPCAP.inf sto: Architecture = amd64 sto: Locale Name = neutral sto: Flags = 0x00000008 sto: Copying driver package files to 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'. inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings]) inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings]) flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000000 flq: SourceRootPath - 'C:\Program Files\Npcap' flq: SourceFilename - 'npcap.cat' flq: TargetDirectory- 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000000 flq: SourceRootPath - 'C:\Program Files\Npcap' flq: SourceFilename - 'NPCAP.inf' flq: TargetDirectory- 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000000 flq: SourceRootPath - 'C:\Program Files\Npcap' flq: SourceFilename - 'npcap.sys' flq: TargetDirectory- 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {_commit_file_queue} flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3 flq: {_commit_copy_subqueue} flq: subqueue count=3 flq: source media: flq: SourcePath - [C:\Program Files\Npcap] flq: SourceFile - [npcap.cat] flq: Flags - 0x00000000 flq: {_commit_copyfile} flq: CopyFile: 'C:\Program Files\Npcap\npcap.cat' flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA6.tmp' flq: MoveFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA6.tmp' flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.cat' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Program Files\Npcap\NPCAP.inf' flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA7.tmp' flq: MoveFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA7.tmp' flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Program Files\Npcap\npcap.sys' flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAB8.tmp' flq: MoveFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAB8.tmp' flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.sys' flq: {_commit_copyfile exit OK} flq: {_commit_copy_subqueue exit OK} flq: {_commit_file_queue exit OK} pol: {Driver package policy check} 18:41:24.022 pol: {Driver package policy check - exit(0x00000000)} 18:41:24.022 sto: {Stage Driver Package: C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf} 18:41:24.022 inf: Opened INF: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf' ([strings]) inf: Opened INF: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf' ([strings]) sto: Copying driver package files: sto: Source Path = C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30} sto: Destination Path = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000010 flq: SourceRootPath - 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}' flq: SourceFilename - 'npcap.cat' flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000010 flq: SourceRootPath - 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}' flq: SourceFilename - 'NPCAP.inf' flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000010 flq: SourceRootPath - 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}' flq: SourceFilename - 'npcap.sys' flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {_commit_file_queue} flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3 flq: {_commit_copy_subqueue} flq: subqueue count=3 flq: source media: flq: SourcePath - [C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}] flq: SourceFile - [npcap.cat] flq: Flags - 0x00000000 flq: {_commit_copyfile} flq: CopyFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.cat' flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF4.tmp' flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF4.tmp' flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.cat' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf' flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF5.tmp' flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF5.tmp' flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.sys' flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDB06.tmp' flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDB06.tmp' flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.sys' flq: {_commit_copyfile exit OK} flq: {_commit_copy_subqueue exit OK} flq: {_commit_file_queue exit OK} sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE} 18:41:24.068 inf: Opened INF: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf' ([strings]) sig: {_VERIFY_FILE_SIGNATURE} 18:41:24.068 sig: Key = NPCAP.inf sig: FilePath = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf sig: Catalog = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.cat! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 18:41:24.895 sig: {_VERIFY_FILE_SIGNATURE} 18:41:24.895 sig: Key = NPCAP.inf sig: FilePath = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf sig: Catalog = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.cat! sig: Verifying file against specific Authenticode(tm) catalog failed! (0x800b010a)! sig: Error 0x800b010a: A certificate chain could not be built to a trusted root authority. sig: {_VERIFY_FILE_SIGNATURE exit(0x800b010a)} 18:41:24.895!!! sto: An unexpected error occurred while validating driver package. Assuming that driver package is unsigned. Catalog = npcap.cat, Error = 0x800B010A!!! sto: Driver package is considered unsigned.!!! ndv: Driver package failed signature validation. Error = 0xE0000247 sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0xe0000247)} 18:41:24.911!!! sto: Driver package failed signature verification. Error = 0xE0000247!!! sto: Failed to import driver package into Driver Store. Error = 0xE0000247 sto: {Stage Driver Package: exit(0xe0000247)} 18:41:24.911!!! sto: Failed to stage driver package to Driver Store. Error = 0xE0000247, Time = 920 ms sto: {Import Driver Package: exit(0xe0000247)} 18:41:24.911 inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])! inf: Add to Driver Store unsuccessful! inf: Error 0xe0000247: A problem was encountered while attempting to add the driver to the store.!!! inf: returning failure to SetupCopyOEMInf<<< Section end 2020/04/16 18:41:24.989<<< [Exit status: FAILURE(0xe0000247)]Contents of SetupAPI.dev.log with version 0.9984 on the same system:
>>> [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]>>> Section start 2020/04/17 03:57:21.087 cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i sto: {Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 03:57:21.087 sto: Importing driver package into Driver Store: sto: Driver Store = C:\Windows\System32\DriverStore (Online | 6.1.7601) sto: Driver Package = C:\Program Files\Npcap\NPCAP.inf sto: Architecture = amd64 sto: Locale Name = neutral sto: Flags = 0x00000000 sto: Copying driver package files to 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'. inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings]) inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings]) flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000000 flq: SourceRootPath - 'C:\Program Files\Npcap' flq: SourceFilename - 'npcap.cat' flq: TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000000 flq: SourceRootPath - 'C:\Program Files\Npcap' flq: SourceFilename - 'NPCAP.inf' flq: TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000000 flq: SourceRootPath - 'C:\Program Files\Npcap' flq: SourceFilename - 'npcap.sys' flq: TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {_commit_file_queue} flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3 flq: {_commit_copy_subqueue} flq: subqueue count=3 flq: source media: flq: SourcePath - [C:\Program Files\Npcap] flq: SourceFile - [npcap.cat] flq: Flags - 0x00000000 flq: {_commit_copyfile} flq: CopyFile: 'C:\Program Files\Npcap\npcap.cat' flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC463.tmp' flq: MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC463.tmp' flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.cat' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Program Files\Npcap\NPCAP.inf' flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC464.tmp' flq: MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC464.tmp' flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Program Files\Npcap\npcap.sys' flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC465.tmp' flq: MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC465.tmp' flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.sys' flq: {_commit_copyfile exit OK} flq: {_commit_copy_subqueue exit OK} flq: {_commit_file_queue exit OK} pol: {Driver package policy check} 03:57:21.118 pol: {Driver package policy check - exit(0x00000000)} 03:57:21.118 sto: {Stage Driver Package: C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf} 03:57:21.118 inf: Opened INF: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf' ([strings]) inf: Opened INF: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf' ([strings]) sto: Copying driver package files: sto: Source Path = C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a} sto: Destination Path = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000010 flq: SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}' flq: SourceFilename - 'npcap.cat' flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000010 flq: SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}' flq: SourceFilename - 'NPCAP.inf' flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {FILE_QUEUE_COPY} flq: CopyStyle - 0x00000010 flq: SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}' flq: SourceFilename - 'npcap.sys' flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}' flq: {FILE_QUEUE_COPY exit(0x00000000)} flq: {_commit_file_queue} flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3 flq: {_commit_copy_subqueue} flq: subqueue count=3 flq: source media: flq: SourcePath - [C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}] flq: SourceFile - [npcap.cat] flq: Flags - 0x00000000 flq: {_commit_copyfile} flq: CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.cat' flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC482.tmp' flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC482.tmp' flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.cat' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf' flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC483.tmp' flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC483.tmp' flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf' flq: {_commit_copyfile exit OK} flq: {_commit_copyfile} flq: CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.sys' flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC494.tmp' flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC494.tmp' flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.sys' flq: {_commit_copyfile exit OK} flq: {_commit_copy_subqueue exit OK} flq: {_commit_file_queue exit OK} sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE} 03:57:21.149 inf: Opened INF: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf' ([strings]) sig: {_VERIFY_FILE_SIGNATURE} 03:57:21.149 sig: Key = NPCAP.inf sig: FilePath = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf sig: Catalog = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.cat! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 03:57:21.181 sig: {_VERIFY_FILE_SIGNATURE} 03:57:21.181 sig: Key = NPCAP.inf sig: FilePath = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf sig: Catalog = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.cat sig: Success: File is signed in Authenticode(tm) catalog. sig: Error 0xe0000241: The INF was signed with an Authenticode(tm) catalog from a trusted publisher. sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 03:57:21.196 sto: Validating driver package files against catalog 'npcap.cat'. sto: Driver package is valid. sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0x00000000)} 03:57:21.196 sto: Verified driver package signature: sto: Digital Signer Score = 0xFF000000 sto: Digital Signer Name = <unknown> sto: {DRIVERSTORE_IMPORT_NOTIFY_BEGIN} 03:57:21.196 inf: Opened INF: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf' ([strings]) sto: Create system restore point: sto: Description = Device Driver Package Install: Nmap Project Network Service sto: Time = 0ms sto: Status = 0x0000007E (FAILURE) sto: {DRIVERSTORE_IMPORT_NOTIFY_BEGIN: exit(0x00000000)} 03:57:21.212 sto: Importing driver package files: sto: Source Path = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377} sto: Destination Path = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f sto: {Copy Directory: C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}} 03:57:21.212 sto: Target Path = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f sto: {Copy Directory: exit(0x00000000)} 03:57:21.212 sto: {Index Driver Package: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f\NPCAP.inf} 03:57:21.212 idb: Registered driver store entry 'npcap.inf_amd64_neutral_b8e999af81612f8f'. idb: Published 'npcap.inf_amd64_neutral_b8e999af81612f8f\npcap.inf' to 'C:\Windows\INF\oem9.inf' idb: Published driver store entry 'npcap.inf_amd64_neutral_b8e999af81612f8f'. sto: Published driver package INF 'oem9.inf' was changed. sto: Active published driver package is 'npcap.inf_amd64_neutral_b8e999af81612f8f'. sto: {Index Driver Package: exit(0x00000000)} 03:57:21.664 sto: {DRIVERSTORE_IMPORT_NOTIFY_END} 03:57:21.664 ndv: No system restore point was set earlier. sto: {DRIVERSTORE_IMPORT_NOTIFY_END: exit(0x00000000)} 03:57:21.664 sto: {Stage Driver Package: exit(0x00000000)} 03:57:21.664 ndv: Doing device matching lookup! sto: Driver package was staged to Driver Store. Time = 593 ms sto: Imported driver package into Driver Store: sto: Filename = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f\NPCAP.inf sto: Time = 624 ms sto: {Import Driver Package: exit(0x00000000)} 03:57:21.711 inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings]) inf: Driver Store location: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f\NPCAP.inf inf: Published Inf Path: C:\Windows\INF\oem9.inf inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings]) inf: Installing catalog npcap.cat as: oem9.CAT inf: OEM source media location: C:\Program Files\Npcap\<<< Section end 2020/04/17 03:57:21.727<<< [Exit status: SUCCESS]Output ofsigntool.exe verify /kp /v npcap.cat (0.9990):
Verifying: npcap.catHash of file (sha256): D6193B2E57CB7C22D712007CB450A421992670D470CFACEA399E31A46FE4B273Signing Certificate Chain: Issued to: COMODO RSA Certification Authority Issued by: COMODO RSA Certification Authority Expires: Tue Jan 19 00:59:59 2038 SHA1 hash: AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 Issued to: COMODO RSA Extended Validation Code Signing CA Issued by: COMODO RSA Certification Authority Expires: Mon Dec 03 00:59:59 2029 SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7 Issued to: Insecure.Com LLC Issued by: COMODO RSA Extended Validation Code Signing CA Expires: Sun Nov 06 00:59:59 2022 SHA1 hash: 1C58BD08D220F81B21FB2837E3AB65AEE5EFD727The signature is timestamped: Mon Feb 03 18:46:22 2020Timestamp Verified by: Issued to: DigiCert Assured ID Root CA Issued by: DigiCert Assured ID Root CA Expires: Mon Nov 10 01:00:00 2031 SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Issued to: DigiCert SHA2 Assured ID Timestamping CA Issued by: DigiCert Assured ID Root CA Expires: Tue Jan 07 13:00:00 2031 SHA1 hash: 3BA63A6E4841355772DEBEF9CDCF4D5AF353A297 Issued to: TIMESTAMP-SHA256-2019-10-15 Issued by: DigiCert SHA2 Assured ID Timestamping CA Expires: Thu Oct 17 01:00:00 2030 SHA1 hash: 0325BD505EDA96302DC22F4FA01E4C28BE2834C5Cross Certificate Chain: Issued to: Microsoft Code Verification Root Issued by: Microsoft Code Verification Root Expires: Sat Nov 01 14:54:03 2025 SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3 Issued to: COMODO RSA Certification Authority Issued by: Microsoft Code Verification Root Expires: Sun Apr 11 23:16:20 2021 SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38 Issued to: COMODO RSA Extended Validation Code Signing CA Issued by: COMODO RSA Certification Authority Expires: Mon Dec 03 00:59:59 2029 SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7 Issued to: Insecure.Com LLC Issued by: COMODO RSA Extended Validation Code Signing CA Expires: Sun Nov 06 00:59:59 2022 SHA1 hash: 1C58BD08D220F81B21FB2837E3AB65AEE5EFD727Successfully verified: npcap.catNumber of files successfully Verified: 1Number of warnings: 0Number of errors: 0Output ofsigntool.exe verify /kp /v npcap.cat (0.9984):
Verifying: npcap.catHash of file (sha1): AB5AF9CD89A49741718DBC86158F533818B139F8Signing Certificate Chain: Issued to: DigiCert High Assurance EV Root CA Issued by: DigiCert High Assurance EV Root CA Expires: Mon Nov 10 01:00:00 2031 SHA1 hash: 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Issued to: DigiCert EV Code Signing CA Issued by: DigiCert High Assurance EV Root CA Expires: Sun Apr 18 13:00:00 2027 SHA1 hash: 846896AB1BCF45734855C61B63634DFD8719625B Issued to: Insecure.Com LLC Issued by: DigiCert EV Code Signing CA Expires: Thu Nov 07 13:00:00 2019 SHA1 hash: 83B2DDFEF9F7004438D7AA66C524344F71A70B48The signature is timestamped: Sat Nov 02 04:02:13 2019Timestamp Verified by: Issued to: DigiCert Assured ID Root CA Issued by: DigiCert Assured ID Root CA Expires: Mon Nov 10 01:00:00 2031 SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Issued to: DigiCert Assured ID CA-1 Issued by: DigiCert Assured ID Root CA Expires: Wed Nov 10 01:00:00 2021 SHA1 hash: 19A09B5A36F4DD99727DF783C17A51231A56C117 Issued to: DigiCert Timestamp Responder Issued by: DigiCert Assured ID CA-1 Expires: Tue Oct 22 01:00:00 2024 SHA1 hash: 614D271D9102E30169822487FDE5DE00A352B01DCross Certificate Chain: Issued to: Microsoft Code Verification Root Issued by: Microsoft Code Verification Root Expires: Sat Nov 01 14:54:03 2025 SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3 Issued to: DigiCert High Assurance EV Root CA Issued by: Microsoft Code Verification Root Expires: Thu Apr 15 20:55:33 2021 SHA1 hash: 2F2513AF3992DB0A3F79709FF8143B3F7BD2D143 Issued to: DigiCert EV Code Signing CA Issued by: DigiCert High Assurance EV Root CA Expires: Sun Apr 18 13:00:00 2027 SHA1 hash: 846896AB1BCF45734855C61B63634DFD8719625B Issued to: Insecure.Com LLC Issued by: DigiCert EV Code Signing CA Expires: Thu Nov 07 13:00:00 2019 SHA1 hash: 83B2DDFEF9F7004438D7AA66C524344F71A70B48Successfully verified: npcap.catNumber of files successfully Verified: 1Number of warnings: 0Number of errors: 0I can't seem to find any fault with 0.9990 as opposed to 0.9984, other than that it's signed by a different CA and uses SHA256 to sign (rather than SHA1) -- but in theory this should not matter. Perhaps it's the fact that the signing certificate is by Comodo, but the timestamp signature is still by DigiCert? Perhaps it should be switched to Comodo as well, per instructions athttps://support.comodoca.com/Com_KnowledgeDetailPageSectigo?Id=kA01N000000zFK6 ?
Metadata
Metadata
Assignees
Labels
No labels