How can I verify that a Windows XP POS operating system executable is authentic?
up vote
11
down vote
favorite
I have a 3rd party firewall that alerted me that msiexec.exe was replaced by another version. The timing didn't correspond to an OS update, so I was worried a bad actor replaced the exe. How can I verify the signature of the exe?
EDIT:
I found this link at Microsoft which shows this, and it matches on byte size and file date:
I'd feel better if it had a hash too, but it looks like it's not nefarious.
As suggested in harrymc's answer, I ran sfc /scannnow
and it came out clean. Thanks!
digital-signature windows-xp-embedded
add a comment |
up vote
11
down vote
favorite
I have a 3rd party firewall that alerted me that msiexec.exe was replaced by another version. The timing didn't correspond to an OS update, so I was worried a bad actor replaced the exe. How can I verify the signature of the exe?
EDIT:
I found this link at Microsoft which shows this, and it matches on byte size and file date:
I'd feel better if it had a hash too, but it looks like it's not nefarious.
As suggested in harrymc's answer, I ran sfc /scannnow
and it came out clean. Thanks!
digital-signature windows-xp-embedded
2
Suspicious indeed, as XP is not in active support. You could maybe check the history in Windows Update and runsfc /scannow
, if they exists in XP Embedded. Reboot the device before starting.
– harrymc
yesterday
1
sfc /scannow
is exactly what I needed!
– Dale
yesterday
1
Since you like it, I added it as an answer.
– harrymc
yesterday
add a comment |
up vote
11
down vote
favorite
up vote
11
down vote
favorite
I have a 3rd party firewall that alerted me that msiexec.exe was replaced by another version. The timing didn't correspond to an OS update, so I was worried a bad actor replaced the exe. How can I verify the signature of the exe?
EDIT:
I found this link at Microsoft which shows this, and it matches on byte size and file date:
I'd feel better if it had a hash too, but it looks like it's not nefarious.
As suggested in harrymc's answer, I ran sfc /scannnow
and it came out clean. Thanks!
digital-signature windows-xp-embedded
I have a 3rd party firewall that alerted me that msiexec.exe was replaced by another version. The timing didn't correspond to an OS update, so I was worried a bad actor replaced the exe. How can I verify the signature of the exe?
EDIT:
I found this link at Microsoft which shows this, and it matches on byte size and file date:
I'd feel better if it had a hash too, but it looks like it's not nefarious.
As suggested in harrymc's answer, I ran sfc /scannnow
and it came out clean. Thanks!
digital-signature windows-xp-embedded
digital-signature windows-xp-embedded
edited yesterday
asked yesterday
Dale
266112
266112
2
Suspicious indeed, as XP is not in active support. You could maybe check the history in Windows Update and runsfc /scannow
, if they exists in XP Embedded. Reboot the device before starting.
– harrymc
yesterday
1
sfc /scannow
is exactly what I needed!
– Dale
yesterday
1
Since you like it, I added it as an answer.
– harrymc
yesterday
add a comment |
2
Suspicious indeed, as XP is not in active support. You could maybe check the history in Windows Update and runsfc /scannow
, if they exists in XP Embedded. Reboot the device before starting.
– harrymc
yesterday
1
sfc /scannow
is exactly what I needed!
– Dale
yesterday
1
Since you like it, I added it as an answer.
– harrymc
yesterday
2
2
Suspicious indeed, as XP is not in active support. You could maybe check the history in Windows Update and run
sfc /scannow
, if they exists in XP Embedded. Reboot the device before starting.– harrymc
yesterday
Suspicious indeed, as XP is not in active support. You could maybe check the history in Windows Update and run
sfc /scannow
, if they exists in XP Embedded. Reboot the device before starting.– harrymc
yesterday
1
1
sfc /scannow
is exactly what I needed!– Dale
yesterday
sfc /scannow
is exactly what I needed!– Dale
yesterday
1
1
Since you like it, I added it as an answer.
– harrymc
yesterday
Since you like it, I added it as an answer.
– harrymc
yesterday
add a comment |
1 Answer
1
active
oldest
votes
up vote
15
down vote
accepted
Windows XP Embedded POSReady is now on extended support until April 9, 2019.
This means no new features and fewer bug fixes and patches.
It is entirely possible that this update was legitimate, but is better checked.
It is also possible that the firewall detected just now a change that happened
some time in the past.
Possible checks:
- Verify the history in Windows Update,
- Run
sfc /scannow
to check system integrity.
Reboot the device before starting, just in case.
15
XP POS (essentially XP embedded) is for one more year.
– Joshua
yesterday
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383112%2fhow-can-i-verify-that-a-windows-xp-pos-operating-system-executable-is-authentic%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
15
down vote
accepted
Windows XP Embedded POSReady is now on extended support until April 9, 2019.
This means no new features and fewer bug fixes and patches.
It is entirely possible that this update was legitimate, but is better checked.
It is also possible that the firewall detected just now a change that happened
some time in the past.
Possible checks:
- Verify the history in Windows Update,
- Run
sfc /scannow
to check system integrity.
Reboot the device before starting, just in case.
15
XP POS (essentially XP embedded) is for one more year.
– Joshua
yesterday
add a comment |
up vote
15
down vote
accepted
Windows XP Embedded POSReady is now on extended support until April 9, 2019.
This means no new features and fewer bug fixes and patches.
It is entirely possible that this update was legitimate, but is better checked.
It is also possible that the firewall detected just now a change that happened
some time in the past.
Possible checks:
- Verify the history in Windows Update,
- Run
sfc /scannow
to check system integrity.
Reboot the device before starting, just in case.
15
XP POS (essentially XP embedded) is for one more year.
– Joshua
yesterday
add a comment |
up vote
15
down vote
accepted
up vote
15
down vote
accepted
Windows XP Embedded POSReady is now on extended support until April 9, 2019.
This means no new features and fewer bug fixes and patches.
It is entirely possible that this update was legitimate, but is better checked.
It is also possible that the firewall detected just now a change that happened
some time in the past.
Possible checks:
- Verify the history in Windows Update,
- Run
sfc /scannow
to check system integrity.
Reboot the device before starting, just in case.
Windows XP Embedded POSReady is now on extended support until April 9, 2019.
This means no new features and fewer bug fixes and patches.
It is entirely possible that this update was legitimate, but is better checked.
It is also possible that the firewall detected just now a change that happened
some time in the past.
Possible checks:
- Verify the history in Windows Update,
- Run
sfc /scannow
to check system integrity.
Reboot the device before starting, just in case.
edited 17 hours ago
answered yesterday
harrymc
251k11259557
251k11259557
15
XP POS (essentially XP embedded) is for one more year.
– Joshua
yesterday
add a comment |
15
XP POS (essentially XP embedded) is for one more year.
– Joshua
yesterday
15
15
XP POS (essentially XP embedded) is for one more year.
– Joshua
yesterday
XP POS (essentially XP embedded) is for one more year.
– Joshua
yesterday
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383112%2fhow-can-i-verify-that-a-windows-xp-pos-operating-system-executable-is-authentic%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Suspicious indeed, as XP is not in active support. You could maybe check the history in Windows Update and run
sfc /scannow
, if they exists in XP Embedded. Reboot the device before starting.– harrymc
yesterday
1
sfc /scannow
is exactly what I needed!– Dale
yesterday
1
Since you like it, I added it as an answer.
– harrymc
yesterday