This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 98%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
We sign our binaries linked with /INTEGRITYCHECK and OS denies to run it. Binary has valid signing certificate from DigiCert.
Can be linker switch /INTEGRITYCHECK used for user-mode binaries *.exe, *.dll ?
Do we need make the same steps for signing our user-mode binaries like for signing kernel-mode drivers ? (i.e. we need EV code signing certificate and to use MS portal for signing) ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 24%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
IntegretyCheck was a good way of ensuring that your user mode binaries weren't hacked, or otherwise tampered with after release. Are you really insisting that binaries have to be signed by the azure program to maintain this user mode security? If so it's completely ridiculous. Whose computer is it anyway?
Hello
Thank you for your question and reaching out. I can understand you are having query related to sign user-mode binaries linked with /INTEGRITYCHECK
I believe Microsoft has new signing guidance for DLL and executable files linked by using /INTEGRITYCHECK. The guidance used to recommend a cross-signed certificate from the cross-signing program. However, the cross-signing program is now deprecated. It is recommend you sign your /INTEGRITYCHECK files by using the Microsoft Azure Code Signing program instead.
--------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--