All System Files Reporting As Being Unsigned [SOLVED]

[Dave-H]

@jaclaz @Andalu

I'm getting the annoying problem of the driver installation dialogue popping up when I mount a disk, and it telling me that the driver isn't signed.
I don't seem to be able to override this warning, and I've done some further investigation on this.

It now seems that almost every driver file on my system says it's unsigned if I look at the file details in Device Manager.
This includes the Microsoft driver files using original system files, which should be signed of course.

I ran the File Signature Verifier SIGVERIF.EXE and it reported only 57 signed files, and 2525 unsigned.
This is obviously not as it should be!

I looked at previous logs from the program, and many of the files when they were declared to be signed, referenced NT5.cat or SP3.cat.
They should be in the System32\Catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder.

My Catroot folder's {F750E6C3-38EE-11D1-85E5-00C04FC295EE} subfolder has only 6 files in it.
The equivalent one on my other XP installation on my netbook has 668 files in it, including NT5.cat and SP3.cat, which are completely missing on the main machine!

I guess that's the problem then, I have no idea where the missing files went, the folder has probably been like that for a very long time.
Because of that, I have no backup of it which would contain the missing files.

I tried copying the files from the other machine, but it made no difference at all, the files are still being declared unsigned.

Research indicates that there is no way of fixing this other than by reinstalling Windows from scratch again.
I really hope that isn't the case, because I'm definitely not doing that!

Any suggestions gratefully received.
Thanks, Dave.

[D.Draker]

4 hours ago, Dave-H said:

My Catroot folder's {F750E6C3-38EE-11D1-85E5-00C04FC295EE} subfolder has only 6 files in it.
The equivalent one on my other XP installation on my netbook has 668 files in it, including NT5.cat and SP3.cat, which are completely missing on the main machine!

Some time ago there was a topic with those backed up files, but got deleted/locked very soon. It restored all of the original Microsoft certificate authority to the state of 2011 (XP).

[D.Draker]

Probably this one will work.

https://answers.microsoft.com/en-us/windows/forum/all/microsoft-root-certificate-2011cer/4a6aca92-fa7b-40a2-959d-4c440f3ec91d

"Hi my name is Ross, I don't specially know which version is required, however you can install this manually if needed, just download the certificate from Microsoft":

https://download.microsoft.com/download/2/4/8/248D8A62-FCCD-475C-85E7-6ED59520FC0F/MicrosoftRootCertificateAuthority2011.cer

[Dave-H]

Thanks @D.Draker.

I'm a bit confused here though (not for the first time!)
Isn't that to do with the Root Certificates, which are up-to-date on my machine?
Installing that certificate is surely not going to reinstall the missing *.cat files?

[D.Draker]

3 hours ago, Dave-H said:

Thanks @D.Draker.

I'm a bit confused here though (not for the first time!)
Isn't that to do with the Root Certificates, which are up-to-date on my machine?
Installing that certificate is surely not going to reinstall the missing *.cat files?

You're welcome, Dave, those were needed for XP/Vista when the prompt about unsigned HD drivers (Intel) was driving people nuts.

Some even used that Authority to install Net framework 4.0 or updates. It's a basic, important set of MS certs. Probably yours were damaged, leading to that annoying prompt.

Anyways, it won't hurt your system. The link is official. Needs to run as admin.

[D.Draker]

3 hours ago, Dave-H said:

*.cat files

Forgive me for such a simple explanation, I'm sure you know that already, *cat files are issued by drivers manufacturers, and Windows needs to run them by the MS Authority certs to make sure they are the legit WHQL ones. That's how it works.

EDIT (how to make your own *cat):

https://superuser.com/questions/515653/how-can-i-create-security-catalog-cat-file

Edited April 4 by D.Draker
link

[Dave-H]

OK, but if the catalogue files are not there, surely that cannot work.

I tried installing the certificate anyway, and it seemed to install OK.

D:\Users\Dave>CertUtil -addstore AuthRoot "e:\dump folder\MicrosoftRootCertificateAuthority2011.cer"
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
Signature matches Public Key
Related Certificates:

Exact match:
Element 217:
Serial Number: 3f8bc8b5fc9fb29643b569d66c42e144
Issuer: CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CA Version: V0.0
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 8f 43 28 8a d2 72 f3 10 3b 6f b1 42 84 85 ea 30 14 c0 bc fe

Certificate "CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" already in store.
CertUtil: -addstore command completed successfully.

D:\Users\Dave>

It made no difference, and unless and until the catalogue files are restored, I don't think it will do.
Have you any idea why the catalogue files from the other system don't work?
Are they perhaps tied to particular hardware?

[D.Draker]

6 hours ago, Dave-H said:

My Catroot folder's {F750E6C3-38EE-11D1-85E5-00C04FC295EE} subfolder has only 6 files in it.

Could this be of help?

https://mywindowshub.com/what-are-catroot-and-catroot2-folders-how-to-reset-the-folder/

[D.Draker]

3 hours ago, Dave-H said:

Have you any idea why the catalogue files from the other system don't work?

In theory, those that are "oem" .CAT, should be.

[Dave-H]

39 minutes ago, D.Draker said:

Could this be of help?

https://mywindowshub.com/what-are-catroot-and-catroot2-folders-how-to-reset-the-folder/

Like most of the references I found, this actually only seems to apply to the catroot2 folder, which is where Windows Update does its thing, not the catroot folder which is where the catalogue information for local offline installations seems to be stored, such as when Windows is first installed.

38 minutes ago, D.Draker said:

In theory, those that are "oem" .CAT, should be.

I deliberately didn't copy the oem*.cat files from the other machine, as I assumed they were generated by third party driver installations, which would not be the same on different hardware of course. I assumed that Windows catalogue files, such as NT5.cat and SP3.cat would be the same on all machines though. Perhaps not.

[Dixel]

3 hours ago, Dave-H said:

I deliberately didn't copy the oem*.cat files from the other machine, as I assumed they were generated by third party driver installations, which would not be the same on different hardware of course. I assumed that Windows catalogue files, such as NT5.cat and SP3.cat would be the same on all machines though. Perhaps not.

Those that are for the exact machine are stored in System32/DriverStore/FileRepository, on Vista. Could be the same for XP?

 

Edited April 4 by Dixel
screen

[Dave-H]

Thanks, but there's no 'Driver Store' folder on XP, only 'DRVStore' which seems to contain files for installed drivers.
I think it could be what's used if you roll back a driver in Device Manager.

[Dave-H]

Just as a matter of interest, I just tried running the File Signature Verifier on the other machine, the one with an apparently intact Catroot folder.
To my surprise, once again it said that there were only 227 signed files, and 2265 unsigned files, again including files like disk.sys!
So, it isn't really any different to the main machine.

[D.Draker]

22 hours ago, Dave-H said:

To my surprise, once again it said that there were only 227 signed files, and 2265 unsigned files, again including files like disk.sys!
So, it isn't really any different to the main machine.

That's why I assumed the registry corruption and/or missing MS Authority certs, this was the first logical thing to think of. If only we had a programme similar to DDU (graphics drivers cleanup), the programme which would reinstall the Asmedia driver cleanly, restoring the original windows registry entries before it.

 

[Dave-H]

It is strange that this situation seems to be there on both my machines.
I haven't knowingly done anything to cause it.

A reference did come up about the catalogue database being corrupt.
I tried a repair using -

esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

Made no difference.