Using SIGVERIF to Identify Unsigned System and Driver Files

Although the SFC utility will scan to ensure that proper versions of system files are present, it will not explicitly identify which files were replaced. Both system files and drivers provided by Microsoft are digitally signed, which makes it possible to identify any unsigned files that may exist. While WFP will ensure that system file versions are correct, it’s also possible that unsigned driver files (drivers not explicitly tested and approved by Microsoft) can also cause system instability issues. To help identify both unsigned system and driver files, Windows XP includes a utility called the File Signature Verification utility (sigverif.exe).

The easiest way to access this tool is to open sigverif.exe from the Run command or the command line. This tool is graphical, and by default will scan within the WINDOWS directory. Initiating a scan is as simple as opening the tool and pressing the Start button, although Advanced settings allow you to specify exactly which directories and file types should be scanned, as well what information should be logged. Once completed, the tool will either display a message stating that all files have been scanned and verified as digitally signed, or will display a list of unsigned files. For more information on using this tool, see the steps below.

Step 1: Click Start, and then click Run. In the Open text box, type sigverif.exe and click OK. This will open the File Signature Versification window. To perform a default scan, simply press the Start button and wait for the process to complete.

Step 2: To perform a more advanced scan, click the Advanced button. This will open the Advanced File Signature Verification Settings window. Choose an appropriate option on the Search tab, and then click the Logging tab. By default, the tool will log its finding to a file called SIGVERIF.TXT in the Windows directory.

Step 3: Once scanning options are configured, click OK, and then click Start. After the scan completes, you’ll be presented with a list of unsigned files is any have been found or a message stating all is well. To review the SIGVERIF.TXT file, click the View Log button on the Logging tab in the Advanced section.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.