Absent Authenticode timestamp counter-signature

ID PE176 Level WARNING Category Security

Description

Authenticode timestamp counter-signature is absent. The signature will become invalid if the signing certificate is revoked or when it expires.

Mitigation

  • Consider counter-signing the executable with the timestamp signature to avoid signature expiration.
  • If using signtool to sign the image, use the signtool timestamp command to add the timestamp counter-signature. Alternatively, use signtool sign with the /t or /tr options to sign and timestamp the image at the same time. See the signtool description page for more details.

Arguments

This rule has the following output arguments:

  • signature_info - Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)")