Timbilt
asked on
Signed Drivers Detected As Unsigned
Can I get a very detailed (services involved etc) explanation of the Windows XP Driver Signing process? Every now and again I get a PC that has no USB functionality. Sigverif.exe claims that over 2000 drivers are not signed. A healthy computer built from the same image has far less drivers listed as unsigned. The list includes things like USBSTOR.SYS, which is definitely signed. Most of the Microsoft drivers which were seen previously as signed drivers are now seen as unsigned. I even tried replacing drivers with the original and it's still detected as unsigned.
The keyboard and mouse are non-functional when this happens. The only fix is to re-install Service Pack 3. The issue comes back approximately 3 months later on some of the computers. Thanks for your help.
The keyboard and mouse are non-functional when this happens. The only fix is to re-install Service Pack 3. The issue comes back approximately 3 months later on some of the computers. Thanks for your help.
But all the while you havent had spyware, malware or viruses? I'd think one of those could be to blame. Most oems now supply signed drivers so you wouldn't end up with so many unsigned after such a short period. Check for rootkits and also check the image that you're using. It might carry some malware with it.
ASKER
Sorry for late reply. Problem still wreaking havok. Because it happens with so many PCs, it quite possible the image. I tried to do a rootkit scan with GMER on two of the PCs (those not yet affected by the USB problem, but build from the same image) but it caused both PCs to restart during the scan. Also, what I've noticed is that the problem arises almost always after moving a PC. After reconnected the USB devices and powering it on, they keyboard and mouse and completely non-responsive. After remoting into the PC and doing a scan with Sigverif.exe, almost all the drivers that were signed are now unsigned.
Example:
Normal PC: 2500 signed drivers, 200 unsigned drivers
Affected PC: 250 signed drivers, 2700 unsigned drivers
Example:
Normal PC: 2500 signed drivers, 200 unsigned drivers
Affected PC: 250 signed drivers, 2700 unsigned drivers
Those automatic restarts dont sound healthy but it could just be coincidence. Maybe you should try running the rootkit scanner and something like Dr. Web CureIt from a live CD such as WinPE/BartPE or even Dr. Web CureIt Live CD or WinInternals. See what you will pick up and then move from there. I've have some success recently using CureIt LiveCD because it has updated definitions and it is currently free so it might be worth trying.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If a user has installed the company's USB solution drivers what happens if a second vendor's solution tries to load?
The two solutions might conflict with each other and interfere with successful printing on the user's system. The operating system cannot detect or prevent such conflicts.
Vendors should use the Microsoft USB printing solution.
If these systems are HP or DEL here lies a possible conflict
Uninstall the vendor-supplied solution completely and then install the Microsoft solution.
source
USB Printers - Architecture and Driver Support
http://www.microsoft.com/whdc/archive/usbprint.mspx
Here's a few more topics that may assist you
Windows XP Pro SP3 Image Build Process
http://www.symantec.com/connect/articles/windows-xp-sp3-out-time-rebuild-those-base-images
How to Add OEM Plug and Play Drivers to Windows XP
http://support.microsoft.com/kb/314479
Driver Signing for Windows
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/code_signing.mspx?mfr=true