Jump to content

Software with expired driver certificate


Recommended Posts

Dear all,

I am trying to run silent/unattended installations of NetBackup client 7.1 - which includes the driver wimfltr.sys. Unfortunately, that driver's certificate expired in 2008.

According to that article, this can be ignored should not prevent installation - but unfortunately, it does. At least on some Windows 2003 SP2 x86 servers.

They all have the group policy item "Devices: Unsigned driver installation behavior" set to "Silently succeed", and all have the "Driver Signing\Policy" registry key set to 00. But some are logging the following in the setupapi.log file:

[2013/06/20 08:43:34 5780.1]

#-198 Command line processed: "C:\WINDOWS\system32\rundll32.exe" setupapi,InstallHinfSection DefaultInstall 132 C:\WINDOWS\system32\drivers\Wimfltr.inf

#-011 Installing section [DefaultInstall] from "C:\WINDOWS\system32\drivers\Wimfltr.inf".

#W367 An unsigned, incorrectly signed, or Authenticode signed file "c:\windows\system32\drivers\wimfltr.inf" for will be installed (Policy=Warn, user said ok). Error 1168: Element not found.

#-024 Copying file "C:\WINDOWS\system32\drivers\WimFltr.sys" to "C:\WINDOWS\system32\DRIVERS\WimFltr.sys".

#W363 An unsigned, incorrectly signed, or Authenticode signed file "C:\WINDOWS\system32\drivers\WimFltr.sys" will be installed (Policy=Warn). Error 0xe000022f: The third-party INF does not contain digital signature information.

When this happens, the installation halts, waiting for somebody to click OK. As this is an unattended installation, nobody will see this prompt unless they logon to the console (session 0).

I can't find which setting it might be that is causing some of these servers to choke on the wimfltr.sys file, whereas others succeed. It happens on machines upgrading from the same previous NetBackup client versions, and with the same version of the setupapi.dll file.

Apart from the resultant set of policy, local computer policy and the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing\Policy registry key, where else should I be looking to find out why some servers are logging "Policy=Warn" in the logs?

Many thanks,


Link to comment
Share on other sites

I would be interested in the answer as well. I have this happen for one certain situation and the current method involves someone needing to be there to click the button on the warning screen. I had looked into it in the past but most people were pointing towards automating cursor movement which I feel is cheating. :angel

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...