Dave-H

Not here apparently.

I have quite a few updates which claim in the registry to be from "SP4" too, and have had for years. I suspect it refers to a notional Service Pack 4 for Windows XP which was mooted by Microsoft at one time but never actually issued.

I suspect that's because the free version of Malwarebytes does not offer realtime scanning, whereas the premium paid version does. The Windows XP Security Center probably only recognises realtime scanner programs as being AV programs.

Yes, sadly so. I was asking XPerceniol if the catalogue was actually working for them, as they had said that it was "empty". I don't think they realised that the home page of the catalogue does look pretty empty until you actually search for something!

Yes it does.

There's no point in doing it as it will apparently install but not actually do anything as the crypt32.dll file in the hotfix is older than the one already on the system, at least that was my experience. If you have 5.131.2600.6459 as I have, that is the latest (and presumably last) version for XP.

Thanks @i430VX, understood!

Well i430VX's installer appears to install it, but doesn't seem to produce any uninstall mechanism.

Well that's very interesting! So that tool does fetch updates and works on XP, presumably with the wsusscn2.cab that it downloaded, which shouldn't work on XP?!

I just tried out roytam's build of Serpent, and was puzzled to find that there appears to be no uninstallation option for it. It didn't appear in Add/Remove Programs. Is that normal? I just deleted its folders, is that the only way of uninstalling it or have I missed something? I used i430VX's installer to install it.

Thanks, good to know you're aware of this!

Keeping my fingers crossed for you!

Firefox 52.9 ESR tells me your installer file "contains a virus or malware", and I have to override this to download it. Malwarebytes says it's clean. A false positive obviously, but just thought I'd mention it!

Yes I could, but I'm not sure which one I would try! My instinct is to just let well alone!

Just for interest, I thought I would try out the "Portable Update" tool referenced in this post. It does seem to work fine still, and downloaded a new wsusscn2.cab file, containing updates from this month. The tool lists all my installed updates, and says I don't need any, which is almost certainly correct, but surely if it did decide I needed any, it wouldn't work anyway as that cab isn't SHA-1 signed? I would be interested to see what it would do if I tried to use it!

@XPerceniol Is the Microsoft Catalogue actually working for you? Just as an aside, you don't have to use Internet Explorer for the catalogue, just in case you weren't aware, it should work in any browser. Windows/Microsoft Update needs IE as it uses ActiveX controls, which don't work anywhere else, but the catalogue is a standard site.

Wow, thank you so much for all that information! Sounds like Serpent is the one to try then when I inevitably have to finally abandon Firefox 52 ESR. Good to know that there are alternatives to the Mozilla Sync system, as I would really miss that facility if I had to lose it. Keeping bookmarks and saved passwords in sync is my main concern.

I didn't appear to have KB968730 installed on my machine, so I downloaded it and installed it. It appeared to install OK, and its registry entries are now there, but a system file check didn't reveal any changed files. It should change CRYPT32.DLL. The version in the hotfix is 5.131.2600.5779. When I checked I found that I already have version 5.131.2600.6459, which is presumably why the hotfix didn't do anything! Where would that later version have come from though, would it have been a POSReady update?

I suspect it's time to read the last rites over the Microsoft Update and Windows Update web sites. As I said earlier, I'm surprised that they haven't been completely taken offline by now! AFAIK there's nothing left now served by them which is still in support. What do you mean by "the catalogue is empty"? Do you mean that if you put a known existing KB number in the search field and search for it, you get no results? The screen grab you posted is quite normal until you do a search for something.

I ran "sigcheck -i wsusscn2.cab" on the November 2019 version of wsusscn2.cab, using sigcheck 2.30 on Windows 10, and got exactly the same result as I did when I ran the same command with the same files on XP, still no SHA-2 information, so it looks as if it isn't OS dependant. Comparing the results from the November 2019 cab and the July 2020 cab, there seems to be very little difference, apart from the serial number and thumbprint, as you would expect, and the dates on the first certificate displayed, which are later of course on the latter file. Both have certificates apparently past their expiry dates. Everything else seems to be identical, which raises more questions as to why one of them works for me and the other doesn't!

I can confirm that version 2.30 does work in XP! Here's its output after scanning the July 2020 wsusscn2.cab file I scanned before on Windows 10 with version 2.80. As you can see, it's quite different. Whether this is SHA-2 problems I don't know, but it doesn't mention it, which 2.80 did. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. D:\Users\Dave>e: E:\>cd dump folder E:\Dump Folder>sigcheck -i wsusscn2.cab Sigcheck v2.30 - File version and signature viewer Copyright (C) 2004-2015 Mark Russinovich Sysinternals - www.sysinternals.com E:\Dump Folder\wsusscn2.cab: Verified: Signed Catalog: E:\Dump Folder\wsusscn2.cab Signers: Microsoft Corporation Status: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Valid Usage: Code Signing Serial Number: 33 00 00 01 F3 07 55 2B 7B A6 03 AD 7C 00 02 00 00 01 F3 Thumbprint: 8C0FB087D6EB137F3FEE3AFA56F168FCA5224830 Algorithm: SHA1 Valid from: 21:18 20/03/20 Valid to: 21:18 30/09/20 Microsoft Code Signing PCA Status: Valid Valid Usage: All Serial Number: 61 04 35 45 00 00 00 00 00 3F Thumbprint: 4BAEA1454B8D5DC845BDE7A2D9754FABC221267C Algorithm: SHA1 Valid from: 18:42 20/09/18 Valid to: 00:28 10/05/21 Microsoft Root Certificate Authority Status: Valid Valid Usage: All Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: SHA1 Valid from: 00:19 10/05/01 Valid to: 00:28 10/05/21 Signing date: 02:41 14/07/20 Counter Signers: Microsoft Time-Stamp Service Status: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Valid Usage: Timestamp Signing Serial Number: 33 00 00 01 54 B0 93 6E 7C 4C 1C 1A 58 00 00 00 00 01 54 Thumbprint: 7E3F6224A15080E0D17B3B3ED7505E1CD704076D Algorithm: SHA1 Valid from: 02:13 19/12/19 Valid to: 02:13 17/03/21 Microsoft Time-Stamp PCA Status: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Valid Usage: Timestamp Signing Serial Number: 61 16 68 34 00 00 00 00 00 1C Thumbprint: 375FCB825C3DC3752A02E34EB70993B4997191EF Algorithm: SHA1 Valid from: 13:53 03/04/07 Valid to: 14:03 03/04/21 Microsoft Root Certificate Authority Status: Valid Valid Usage: All Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: SHA1 Valid from: 00:19 10/05/01 Valid to: 00:28 10/05/21 Publisher: Microsoft Corporation Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a E:\Dump Folder>

Thanks, that explains the problem! This is off-topic, but I'm actually constantly surprised at just how well Firefox 52.9 ESR does still work, as you say it's now years old! It's had all the tweaks of course, which has improved its performance. It's still rather slow on javascript heavy sites like Facebook, but I'm impressed that it still works there at all! Even videos still seem to be no problem on YouTube, Facebook, and Instagram, despite a few scares in recent years. My only major reason not to switch to something else is really because I use Firefox Sync to synchronise my browsing data between Firefox on XP, Windows 10, and my mobile phone, and from what I can gather none of roytam1's browsers can now use the Mozilla Sync system, despite being originally Mozilla based. Eventually I will have to bite the bullet of course, but at the moment it's actually quite rare to find a site which is unusable in Firefox 52 ESR, and all the sites I use regularly are fine with it, so until that changes (which it inevitably will of course) I will stick with it. Cheers, Dave.

I get a 100 score on https://adblock-tester.com/. However https://d3ward.github.io/toolz/src/adblock.html doesn't work at all for me, even with d3ward.github.io whitelisted. I just get an animation permanently and nothing else happens. This on Firefox 52.9.1 ESR.

@Dixel See if it says "following" at the top right of the thread. If it doesn't, turn following on and you should get a notification e-mail anytime anyone posts. If it wasn't on already, check your forum notification settings. You should be automatically subscribed to threads that you post in.

OK, I tried that. Sigcheck doesn't actually work in Windows XP, so I had to do it in Windows 10. I guess the results are still valid though. This is the result from the November 2019 version, the last one which works for me - E:\Dump Folder\Nov 2019>sigcheck64 -i wsusscn2.cab Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com E:\Dump Folder\Nov 2019\wsusscn2.cab: Verified: Signed Signing date: 10:28 12/11/2019 Signing date: 10:28 12/11/2019 Catalog: E:\Dump Folder\Nov 2019\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Code Signing Cert Issuer: Microsoft Code Signing PCA Serial Number: 33 00 00 01 E3 7D A3 1F 82 84 DC E4 A1 00 02 00 00 01 E3 Thumbprint: C82273A065EC470FB1EBDE846A91E6FFB29E9C12 Algorithm: sha1RSA Valid from: 22:20 02/05/2019 Valid to: 22:20 02/05/2020 Microsoft Code Signing PCA Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 04 35 45 00 00 00 00 00 3F Thumbprint: 4BAEA1454B8D5DC845BDE7A2D9754FABC221267C Algorithm: sha1RSA Valid from: 18:42 20/09/2018 Valid to: 00:28 10/05/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA Serial Number: 33 00 00 01 2E 8F 84 66 68 39 BF 05 BD 00 00 00 00 01 2E Thumbprint: 621B12725AA5518FBDDE6044C838A0FC5031051A Algorithm: sha1RSA Valid from: 21:40 06/09/2019 Valid to: 21:40 04/12/2020 Microsoft Time-Stamp PCA Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 16 68 34 00 00 00 00 00 1C Thumbprint: 375FCB825C3DC3752A02E34EB70993B4997191EF Algorithm: sha1RSA Valid from: 13:53 03/04/2007 Valid to: 14:03 03/04/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Signing date: 10:28 12/11/2019 Catalog: E:\Dump Folder\Nov 2019\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Microsoft Publisher, Code Signing Cert Issuer: Microsoft Code Signing PCA 2011 Serial Number: 33 00 00 01 51 9E 8D 8F 40 71 A3 0E 41 00 00 00 00 01 51 Thumbprint: 62009AAABDAE749FD47D19150958329BF6FF4B34 Algorithm: sha256RSA Valid from: 22:37 02/05/2019 Valid to: 22:37 02/05/2020 Microsoft Code Signing PCA 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 61 0E 90 D2 00 00 00 00 00 03 Thumbprint: F252E794FE438E35ACE6E53762C0A234A2C52135 Algorithm: sha256RSA Valid from: 21:59 08/07/2011 Valid to: 22:09 08/07/2026 Microsoft Root Certificate Authority 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44 Thumbprint: 8F43288AD272F3103B6FB1428485EA3014C0BCFE Algorithm: sha256RSA Valid from: 23:05 22/03/2011 Valid to: 23:13 22/03/2036 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA 2010 Serial Number: 33 00 00 01 04 09 01 75 08 58 87 2D 29 00 00 00 00 01 04 Thumbprint: B3461E7F4748F3284C8854B673187816DC150A7D Algorithm: sha256RSA Valid from: 21:41 06/09/2019 Valid to: 21:41 04/12/2020 Microsoft Time-Stamp PCA 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 61 09 81 2A 00 00 00 00 00 02 Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE Algorithm: sha256RSA Valid from: 22:36 01/07/2010 Valid to: 22:46 01/07/2025 Microsoft Root Certificate Authority 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5 Algorithm: sha256RSA Valid from: 22:57 23/06/2010 Valid to: 23:04 23/06/2035 Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a E:\Dump Folder\Nov 2019> Here is the result from the June 2020 version (the one you linked to on the Wayback Machine) which doesn't work for me - E:\Dump Folder\June 2020>sigcheck64 -i wsusscn2.cab Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com E:\Dump Folder\June 2020\wsusscn2.cab: Verified: Signed Signing date: 03:35 09/06/2020 Signing date: 03:35 09/06/2020 Catalog: E:\Dump Folder\June 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Code Signing Cert Issuer: Microsoft Code Signing PCA Serial Number: 33 00 00 01 F3 07 55 2B 7B A6 03 AD 7C 00 02 00 00 01 F3 Thumbprint: 8C0FB087D6EB137F3FEE3AFA56F168FCA5224830 Algorithm: sha1RSA Valid from: 21:18 20/03/2020 Valid to: 21:18 30/09/2020 Microsoft Code Signing PCA Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 04 35 45 00 00 00 00 00 3F Thumbprint: 4BAEA1454B8D5DC845BDE7A2D9754FABC221267C Algorithm: sha1RSA Valid from: 18:42 20/09/2018 Valid to: 00:28 10/05/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA Serial Number: 33 00 00 01 57 07 C0 8F 80 56 2B E5 E1 00 00 00 00 01 57 Thumbprint: 3990841ADB1A09F011C25CE8E96BEFAD448834B2 Algorithm: sha1RSA Valid from: 02:13 19/12/2019 Valid to: 02:13 17/03/2021 Microsoft Time-Stamp PCA Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 16 68 34 00 00 00 00 00 1C Thumbprint: 375FCB825C3DC3752A02E34EB70993B4997191EF Algorithm: sha1RSA Valid from: 13:53 03/04/2007 Valid to: 14:03 03/04/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Signing date: 03:35 09/06/2020 Catalog: E:\Dump Folder\June 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Microsoft Publisher, Code Signing Cert Issuer: Microsoft Code Signing PCA 2011 Serial Number: 33 00 00 01 87 72 17 72 15 59 40 C7 09 00 00 00 00 01 87 Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769 Algorithm: sha256RSA Valid from: 19:39 04/03/2020 Valid to: 19:39 03/03/2021 Microsoft Code Signing PCA 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 61 0E 90 D2 00 00 00 00 00 03 Thumbprint: F252E794FE438E35ACE6E53762C0A234A2C52135 Algorithm: sha256RSA Valid from: 21:59 08/07/2011 Valid to: 22:09 08/07/2026 Microsoft Root Certificate Authority 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44 Thumbprint: 8F43288AD272F3103B6FB1428485EA3014C0BCFE Algorithm: sha256RSA Valid from: 23:05 22/03/2011 Valid to: 23:13 22/03/2036 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA 2010 Serial Number: 33 00 00 01 1E 0E BC E5 4B 16 A2 03 1B 00 00 00 00 01 1E Thumbprint: 39C906E3EDE9AB3113FE8E3758BACA598CCAB0DC Algorithm: sha256RSA Valid from: 22:40 13/11/2019 Valid to: 22:40 11/02/2021 Microsoft Time-Stamp PCA 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 61 09 81 2A 00 00 00 00 00 02 Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE Algorithm: sha256RSA Valid from: 22:36 01/07/2010 Valid to: 22:46 01/07/2025 Microsoft Root Certificate Authority 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5 Algorithm: sha256RSA Valid from: 22:57 23/06/2010 Valid to: 23:04 23/06/2035 Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a E:\Dump Folder\June 2020> And here's the result from the July 2020 version which I already had, and I understood to be the last SHA-1 signed version, which also doesn't work for me - E:\Dump Folder\July 2020>sigcheck64 -i wsusscn2.cab Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com E:\Dump Folder\July 2020\wsusscn2.cab: Verified: Signed Signing date: 02:41 14/07/2020 Signing date: 02:41 14/07/2020 Catalog: E:\Dump Folder\July 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Code Signing Cert Issuer: Microsoft Code Signing PCA Serial Number: 33 00 00 01 F3 07 55 2B 7B A6 03 AD 7C 00 02 00 00 01 F3 Thumbprint: 8C0FB087D6EB137F3FEE3AFA56F168FCA5224830 Algorithm: sha1RSA Valid from: 21:18 20/03/2020 Valid to: 21:18 30/09/2020 Microsoft Code Signing PCA Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 04 35 45 00 00 00 00 00 3F Thumbprint: 4BAEA1454B8D5DC845BDE7A2D9754FABC221267C Algorithm: sha1RSA Valid from: 18:42 20/09/2018 Valid to: 00:28 10/05/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA Serial Number: 33 00 00 01 54 B0 93 6E 7C 4C 1C 1A 58 00 00 00 00 01 54 Thumbprint: 7E3F6224A15080E0D17B3B3ED7505E1CD704076D Algorithm: sha1RSA Valid from: 02:13 19/12/2019 Valid to: 02:13 17/03/2021 Microsoft Time-Stamp PCA Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 16 68 34 00 00 00 00 00 1C Thumbprint: 375FCB825C3DC3752A02E34EB70993B4997191EF Algorithm: sha1RSA Valid from: 13:53 03/04/2007 Valid to: 14:03 03/04/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Signing date: 02:41 14/07/2020 Catalog: E:\Dump Folder\July 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Microsoft Publisher, Code Signing Cert Issuer: Microsoft Code Signing PCA 2011 Serial Number: 33 00 00 01 87 72 17 72 15 59 40 C7 09 00 00 00 00 01 87 Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769 Algorithm: sha256RSA Valid from: 19:39 04/03/2020 Valid to: 19:39 03/03/2021 Microsoft Code Signing PCA 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 61 0E 90 D2 00 00 00 00 00 03 Thumbprint: F252E794FE438E35ACE6E53762C0A234A2C52135 Algorithm: sha256RSA Valid from: 21:59 08/07/2011 Valid to: 22:09 08/07/2026 Microsoft Root Certificate Authority 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44 Thumbprint: 8F43288AD272F3103B6FB1428485EA3014C0BCFE Algorithm: sha256RSA Valid from: 23:05 22/03/2011 Valid to: 23:13 22/03/2036 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA 2010 Serial Number: 33 00 00 01 11 0D 02 9E EE D4 ED 05 D4 00 00 00 00 01 11 Thumbprint: 41EEE6EDBC7A27CF7D9B938996861B1B5F9F74C7 Algorithm: sha256RSA Valid from: 00:19 24/10/2019 Valid to: 00:19 22/01/2021 Microsoft Time-Stamp PCA 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 61 09 81 2A 00 00 00 00 00 02 Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE Algorithm: sha256RSA Valid from: 22:36 01/07/2010 Valid to: 22:46 01/07/2025 Microsoft Root Certificate Authority 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5 Algorithm: sha256RSA Valid from: 22:57 23/06/2010 Valid to: 23:04 23/06/2035 Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a E:\Dump Folder\July 2020> I can't see any obvious differences, they all apparently have certificates which have either expired or are about to expire.