Skip to main content
Solved

Sign software

A

Hello,

 

 

Our AV policy is set so that any unknown executable file is blocked unless it is trusted. There are two options for a file to get into this state:

 

1) The file is signed by a recognized Certification Authority

 

2) It has been analyzed by the AV itself (and it has to be executed prior to analysis)

 

 

This means that after every update we have to experience continuous blocks -as every dll is analyzed independently- until the whole program becomes functional.

 

 

As a good security practice that any mature software company should perform, could you please sign your code?

 

 

Thank you in advanced,

Best answer by andreaatsafe

I'm pleased to let you know that as of FME 2020.1.2.1 (build 20624) and newer, there are no longer any unsigned EXEs or DLLs in FME Desktop.

View original
Did this help you find an answer to your question?

7 replies

iainatsafe
Safer
  • iainatsafeSafer
  • Safer
  • January 24, 2018

Thanks for the question - could you please let us know which version of FME you are experiencing difficulties with?

All of our installers and principle executables, such as fmeworkbench.exe and fmedatainspector.exe, should be digitally signed with signatures from the CA GlobalSign.

We do not currently sign individual dlls.

Some AV programs that rely on volume of installations across their user-base to verify software do occasionally have an issue with FME beta builds (due to their limited exposure).

A
  • alfredol1
  • Author
  • January 25, 2018

Thank you so much for your early response.

We have "fme-desktop-b15253-win-x64" release.

In fact, this is something that happens to us in every new version, so it is not necessarily related with Beta versions.

We would really much appreciate if you can also sign every single executable file (including dll's). To my understanding, it is usually not big deal to do so during the compilation/build process but, of course, this is your process. Would it be possible for you to do so?

Thanks for all, best regards,

iainatsafe
Safer
  • iainatsafeSafer
  • Safer
  • January 26, 2018

Would it be possible to let us know what anti-virus product you are working with? An offline ticket with support would be great if this is sensitive information (especially regarding the specific security policies).

This would help us test and explore options to better sign the product in future. I did install your build (FME 2015.0) to check signing and (on my installation) the msi and the major executables were signed via GlobalSign, though not the dlls, as you note, which would be quite a departure for our build process. Thanks!

A
  • alfredol1
  • Author
  • January 29, 2018

HI,

We are using Panda Adaptive Defense 360 in "Lock" mode, it’s means that any executable file that is unknown by Panda Cloud will be blocked, that includes all Portable Executable extensions (.acm, .ax, .cpl, .dll, .drv, .efi, .exe, .mui, .ocx, .scr, .sys, .tsp)

To avoid such blockages with legitimate programs, it is recommended that al PE executables be digitally signed with certificates issued by a trusted public CA.

Kind regards

iainatsafe
Safer
  • iainatsafeSafer
  • Safer
  • February 5, 2018
alfredol1 wrote:

HI,

We are using Panda Adaptive Defense 360 in "Lock" mode, it’s means that any executable file that is unknown by Panda Cloud will be blocked, that includes all Portable Executable extensions (.acm, .ax, .cpl, .dll, .drv, .efi, .exe, .mui, .ocx, .scr, .sys, .tsp)

To avoid such blockages with legitimate programs, it is recommended that al PE executables be digitally signed with certificates issued by a trusted public CA.

Kind regards

 

Thanks for additional information, this has been added to the internal case that you have raised with support.
nathanatsafe
Safer
Forum|alt.badge.img+7

Please note that a Safe Software support ticket has been filed to investigate and address this question, and that if you experience the same issue or have the same concerns, please don't hesitate to contact our support team here.

andreaatsafe
Safer
Forum|alt.badge.img+10
  • andreaatsafeSafer
  • Safer
  • Best Answer
  • October 27, 2020

I'm pleased to let you know that as of FME 2020.1.2.1 (build 20624) and newer, there are no longer any unsigned EXEs or DLLs in FME Desktop.

Reply


Helpful Members This Week

Community Stats

31,031
Posts
117,602
Replies
38,810
Members

Latest FME

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.