How to properly sign user-mode binaries linked with /INTEGRITYCHECK ?

Peter Skvarka 21 Reputation points
2022-06-15T11:52:03.003+00:00

We sign our binaries linked with /INTEGRITYCHECK and OS denies to run it. Binary has valid signing certificate from DigiCert.

Can be linker switch /INTEGRITYCHECK used for user-mode binaries *.exe, *.dll ?
Do we need make the same steps for signing our user-mode binaries like for signing kernel-mode drivers ? (i.e. we need EV code signing certificate and to use MS portal for signing) ?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,910 questions
Windows Hardware Performance
Windows Hardware Performance
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Hardware Performance: Delivering / providing hardware or hardware systems or adjusting / adapting hardware or hardware systems.
1,613 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,626 Reputation points
    2022-06-16T07:30:00.113+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query related to sign user-mode binaries linked with /INTEGRITYCHECK

    I believe Microsoft has new signing guidance for DLL and executable files linked by using /INTEGRITYCHECK. The guidance used to recommend a cross-signed certificate from the cross-signing program. However, the cross-signing program is now deprecated. It is recommend you sign your /INTEGRITYCHECK files by using the Microsoft Azure Code Signing program instead.

    --------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.