Enable digital signature of drivers. What is the digital signature of the windows driver and how to disable it

Most Windows 7 users are aware of the installation for all kinds of hardware on their computer, that the driver file has a digital signature, which is identified by the system. This is a label or label that can be used to determine the relevance of the version. installed driverand also determines its authenticity, thereby confirming its security.

The subsequent installation of the driver on Windows OS is carried out with a preliminary verification of the digital signature and if the values ​​converge, the system allows the installation of the new driver to continue. When there is a conflict, the system issues a message about this - you have the opportunity to continue the installation, but its operation may be incorrect.
  But if you turn off this feature, the driver will install perfectly, therefore, there is a need to disable signature verification.
  There are several proven and most reliable methods for disabling digital driver signatures.

Method 1

Perform a soft-reset (reset) of the PC or laptop and begin to periodically press the F8 button. This is required to call a special menu that will open the necessary settings for us. Now find the item "Disabling mandatory signature verification ...".

  On different versions Windows name  may be different, but the finding of the function is always located below. Therefore, you can simply select the bottom item and activate it by entering Enter. This method  able to disable the check, but only until the next system restart, therefore this way  can be considered as a temporary elimination of a digital signature.

Method 2

The second possibility to eliminate the digital signature of drivers is group policy. Activation of the function is done by entering the expression "gpedit.msc" which is required to be included in the start search. windows menu. Click the "Start" button and enter in the search field

"Gpedit.msc".

When you successfully launched group policy, on the left you need to open the "User Configuration" tab, then follow the link "Administration Templates",

find the parameter "System" - installation of drivers. If the “Driver installation” tab is selected in the left menu, then on the right you will notice the setting to disable their signature, which needs to be activated by double pressing.

Before closing the settings window, be sure to save the changes and exit the utility. This method is good, but, alas, does not work at all.

Method 3

The third tool to turn off the driver signature becomes the standard command entry line. You can run it through a search by entering (you can copy and paste) the string "cmd" into the string. It is necessary to enter the following values: bcdedit -set loadoptions DDISABLED_INTEGRITY_CHECKS, which will lead to a forced disconnection of the driver's embedded signature. Then, after manually entering such a combination (you can copy and paste), confirm by pressing Enter, and enter the following parameter: bcdedit -set TESTSIGNING ON.

Due to the activation of such commands, the system will give permission for the installation of any driver. Returning the previous settings is done by entering in the command line:. This is the first command that cancels the effect of the corresponding configuration, and then the bsdedit -set loadoption TESTSIGNING OFF setting is made, which allows you to return to the previous signature. They need to be made separately.

Many users have already met with unsigned drivers. You want to install the necessary driver for some program, and Windows 7 shows a hefty figure - they say, go for a walk, kid, the driver does not have a digital signature. How to solve this problem?

Actually, there are absolutely two solutions here - either to get rid of digital signature verification at all, or ... to add this signature yourself! Yeah, you probably did not know that the driver can be signed personally? Live and learn.

But first, we will learn how to turn off digital signature verification on drivers.

Disable verification of digital signatures on drivers in Windows 7

Disable this disgrace can be in a special mode Windows 7, which is selected when the system boots. As a rule, this feature is relevant for programs that install their driver without rebooting.

To disable it, open the boot menu of Windows 7, for which you use the key . Turn on the computer, wait until the BIOS flashes and start pressing the key frequently. . Click-click and you will see either the operating system selection menu (if there are several), or the boot menu.

In the first case, select the desired windows versionthen press again   (you need to have time to click before Windows boots up), after which the menu we need appears.

In this menu, select the option   and press .

As a result, Windows will be loaded in a special mode. But do not be alarmed, it differs from the usual only in that there is no check of the digital signature of the drivers in it - and nothing else. Just restart Windows and the normal check mode will be turned on again.

By the way, if you install some drivers in this mode, harmful Windows can still show a warning that the driver is not signed. Spit on it, close this warning, and the driver will still be installed.

All this is great, but I want to sign the driver myself, aha! We will discuss this in the next section.

How to manually sign a driver in Windows 7

Do DSEO (Driver Signature Enforcement Overrider) will help us do such a crime as a driver signature. With this program you can create your own driver signatures. Please note that in order for the program to work, it is absolutely necessary, otherwise the focus will not work.

The program itself is simple as a broom, and working with it is extremely simple.

  1. Run the program, click on the button. Nextthen again on the button Next.
  2. Select switch Enable Test Mode  (test mode) click Next.
  3. Select switch Sign a System File  (sign the system file) and click on the button Next.
  4. Specify the path to the driver file (like C: \\ Windows \\ System32 \\ Drivers \\ lkindrv.sys), then click on the button again Next.
  5. The same number of drivers is signed in the same way. It remains to reboot and calmly install the driver you need.

There is such a method and nuances - this test mode will be enabled all the time. By the way, it is completely officially intended for testing new drivers. Sometimes because of it, the Windows build number is displayed next to the taskbar and it is indicated that the operating system is running in test mode. Because of the inscription, you can not worry, after leaving the test mode, it will disappear.

And how to get out of it? Run DSEO, select the switch Disable Test Mode  and reboot again.

The method is very effective, and it does not change the system loader either system files  Windows However, there are alternatives that change the bootloader to automatically select a menu item. . This is the ReadyDriverPlus program and more about it in the next section.

ReadyDriverPlus

The program ReadyDriverPlus allows you to make a choice of an item   automatic. In other words, do not have to constantly push the button   when loading - a trifle, but nice.

Consider how to disable driver digital signature verification. When you try to install a file without having such a signature, errors or failure of the system to install may occur. To solve the problem can only disable the function.

To find where in your operating system there is a window with parameters for digital signatures, follow the appropriate instructions for your OS. After deactivating the option, you can easily install any programs and libraries that do not have a signature identifier.

Content:

Why do I need a digital signature driver

A digital signature is the so-called label of a file or library that guarantees its security. It is necessary so that the user can learn about the origin and developer of the application. Also, the signature is checked by itself at the initial stage of installing any executable file.

If this attribute is missing or certain errors are found in it, the installation will not start, and the user will be notified of a possible hazard that could be caused by the use of an unidentified program.

The digital signature is displayed in a pop-up window as soon as the user starts the installation of the executable file. In this window, you must provide the OS with additional permission to run the installation wizard. Here you can see the name of the certificate. It is indicated after the program name. The figure below shows an example of displaying the User Account Control window, in which digital signature  applications is the Publisher field.

Digital signature is not only sewn into standard applications  and system libraries. It can also be found in the driver software. A driver is a program that is responsible for setting up the operation of the hardware components of the PC and the devices connected to it (video card, mouse, keyboard, printer, microphone, etc.). As a rule, everything. It allows you to configure automatic configuration updates for any connected device.

Often users download drivers from third-party sources. Some of them may be custom (unofficial), so a certified signature in such files is almost always absent. In this case, the computer will detect the absence of an identifier, and you will not be able to complete the installation.

Before you disable this feature, the user should be aware of all possible threats to the operating system and computer. The system may not recognize the signature due to its fake or unsafe content. In most cases, it is better to avoid working with applications without a digital identifier.

Disable the feature in Windows 7

In Windows 7, the Group Policy Editor is responsible for the option to enable / disable signature verification. Its window can be opened using the command line. Follow the instructions:

  • Open the "Run" window by simultaneously pressing the Win and R buttons;
  • Enter the command shown in the figure and click OK;


Fig. 3 - command to open a window in a group windows policies

  • In the window that appears, open the tab "User Configuration". Then click on item "Administrative Templates". In the “System” tab, click on the option "Installing the driver";
  • In the right part of the window select the item "Digital Signature Devices";


Fig. 4 - Driver Installation tab in OS Group Policy window

  • Disable ID verification in a new window and save the changes.


Fig. 5 - disabling validation for Windows 7

Instructions for Windows 8 and 8.1

For both versions, disabling driver signature verification is the same. As in the previous version, it is necessary to work with. Enter the gpedit.msc command in the window to execute to open the settings window or enable the policy editor via the control panel. Next, follow these steps:

  • In the left part of the window, go to the “System” directory, as shown in the figure below, and go to the policy folder. In the right part of the system window, click on the item. "Digital signature"  right mouse button.


Fig. 6 - check the status of the option

  • Click on "Edit";
  • In the new window, select the "Enabled" option, and then in the "Parameters" column, set the value to "Skip";
  • Click OK and exit Group Policy Editor.

Now, even after restarting the operating system, verification of the digital signature will not be included. To enable the function, go back to the system editor window and configure the scan parameter.


Fig. 7 - disabling validation in Windows 8 and 8.1

Another way to deactivate a function is to use the command line. You can disable the option by entering one simple command. Go to the Run window and launch the Command Line with the cmd line:


Fig. 8 - command to activate the string

In the window that opens, enter the command shown in the figure below. To re-enable the option, change the OFF ID to ON.


Fig. 9 - command to disable signature verification

Windows 10 instructions

Most of the functions and parameters of the new are similar to the eighth version of the system. The option to permanently check the digital identifiers of the drivers is disabled in the group policy window:

  • Go to the editor, as shown in the instructions for Windows 8;
  • Open the on / off signature verification window;
  • Select “Disabled”;
  • Leave blank in the parameters column;
  • Save the changes.


Fig. 10 - disable parameter in Windows 10

If in the drop-down list there is no zero (empty) value, select “Skip”. To deactivate using the command line, you must use two commands. The first is for loading options, the second is for disabling the function. Both commands and their order of execution are shown in the figure below:


Fig. 11 - disable using Command Line in Windows 10

Disable Windows Defender

If after disabling driver signature verification, a system window appears about unsafe content in the file, you must disable the operation to continue its installation. windows services  Defender. Follow the instructions:

  • Open the window windows Defender;
  • Check the status of the utility, and then click on the "Settings" tab;
  • You will be redirected to the Windows system settings. It needs to disable the real-time protection and cloud protection options.


Fig.13 - disabling Windows protection

Installing drivers without a digital signature should be carried out only if you are absolutely sure that the file is safe. For example, if you are a developer and created an application that does not have a signature yet.

The installation file is reliable if you downloaded it from the developer’s site. Often, the latest driver versions may be erroneously detected by the digital signature verification server. This indicates that the developer has not yet entered the identifier data into the system or the work on improving the driver is still active. In this case, disabling the signature verification and the defender will not cause any damage to the installed operating system.

Lovers computer games Often faced with a problem in which the applications that they would like to run, do not work. People immediately rush to the forums and technical support for finding solutions. One of the methods is some command line manipulation. In this case, very few people explain exactly what these changes lead to. It's about what to do to disable the digital signature verification of Windows 7 drivers (64 bits), and other versions, too.

Signature

Let's first understand what a digital signature is. This is a label on the software and any files, which allows you to determine its creator, as well as to ensure that the software has not been changed after the signature.

In the case of drivers, the operating system verifies their authenticity as well as compatibility with this OS. In addition, the driver is checked for modifications by third-party users.

If the file or driver contains an incorrect signature or it does not exist at all, it can mean either that it was created by an unverified developer, or that this file  has been modified (for example, infected with a virus). However, the lack of a signature does not guarantee the harmfulness of drivers, and its presence is not necessarily a guarantee of security.

Example

We begin, oddly enough, with a specific example, when you may need knowledge of Windows 7 OSes. Disabling driver digital signature verification can be constantly required, for example, if you decide to play toys from Fogeym service. Previously, you needed to download a special client, just like at Mail.ru, but they decided to abandon it and embedded the entire system into the browser.

That's just along with the new technique came the new defense called Frost. In order for it to work, you need to perform the actions we are considering. And the advice of other users will be quite straightforward, but useless. As a result, there are two problems.

  1. Why does a self-respecting gaming service force users to disable protection?
  2. Why this method does not always help? And the user, upset by an unsuccessful attempt, forgets to return the settings to the initial ones.

As you can see, in Windows 7, disabling driver digital signature verification may be necessary, but how useful is this for system and security? We in any case do not recommend you not to trust the sites given in the example, however, if you have problems, it is better to contact technical support instead of user forums. You will be helped and prompted by specialists, and not by unknown people with a dubious reputation.

A warning

Before you begin the procedure, which we will discuss in this article, be absolutely certain and decide - and do you really need it? Are you absolutely sure what are you going to do and why? After all, if Windows 7 disables the digital signature verification of drivers, the security of your system is endangered.


On the one hand, there are no problems if this operation needs to be carried out to install drivers from a reliable source. For example, from a license disk, but not purchased on the market in a stall. On the other hand, applications downloaded from the Internet from unverified sites and exchangers. By downloading the driver (application) in a place and disabling protection, you can independently infect your computer with a spy who will collect data, steal passwords, or may even connect the computer to the network for DDoS attacks. In general, decide for yourself how much you need to disable the digital signature verification of Windows 7 drivers (32 bits).

First way

Finally we got to the direct consideration of the issue. There are several options for how to disable digital signature verification for Windows 7 Home Basic 64 and other versions. Both of these methods are slightly different from each other and require almost the same actions. So, let's begin.

  1. First, we need to enable command lineso you can enter the necessary commands. To do this, click "Start", then go to the "My Programs" and "Standard". You need to run this utility as an administrator. If the user account with which you work on a computer is by default unique and has full rights, you can simply enter the search button in the Start button menu.
  2. After that, enter bcdedit.exe / set nointegritychecks ON in the line. If you need to turn on driver checking again, you need to set OFF to the ON parameter. Be careful and do not confuse. It seems that ON in English - "enable", but in fact you turn on the service that prohibits checking drivers.


Second way

The following method is not much different from the previous one. To disable driver digital signature verification in Windows 7, you will need to re-enable the command line, as described in the paragraph above, and enter the following sequence. After each of them, you must confirm the entry by pressing Enter.

  1. bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
  2. bcdedit.exe -set TESTSIGNING ON

Be sure to verify that the task has been completed. This can be understood by the caption "operation completed successfully." Only then will the digital signature verification be disabled. If you need to roll back the changes that these commands have made to your computer, then you need to repeat them in reverse order, with a few exceptions. Instead of the ON -\u003e OFF command, and instead of DDISABLE - ENABLE.

Third method

This method is not suitable for everyone, because it only allows to temporarily solve the problem that we are trying to solve today. If you need to install and test drivers for any equipment, you can safely use it. But if we are talking about, as already mentioned, systems for protecting games that do not work with verification enabled, then, unfortunately, this technique will not work for you.

In order to disable driver digital signature verification in Windows 7, you will need to restart your computer. Then, at the stage when you usually enter the BIOS, you need to press the F8 key. After that, a window should appear with a choice of boot options and their settings. You should be practically interested in the bottom line, the first above the "normal launch" - Disable driver signature enforcement.

By loading operating system  With this option, you can install the driver you need, but it will stop working during normal boot. So in any case, disabling the digital signature verification of Windows 7 (64) drivers is always necessary if you want to work with the driver you need.

Fourth way

Another method involves using and configuring Group Policy in your operating system. Immediately it should be noted that this method does not work on all builds of operating systems, so it’s not a fact that it suits you. Now we perform the following actions.

  1. Open the Start menu.
  2. We enter into the search gpedit.msc.
  3. A window will open with many directories. You will need to follow the path below.
  4. First, select the item - "User Configuration". After that, go to the branch "administrative templates" and select "system". The last thing you need to do is to find the "driver installation" item.
  5. Select the option "Digital Signature". Click on it twice with the left button, or click a little to the left "Change parameter".
  6. We put the switch in the upper left corner on "Off".
  7. Accept changes.

Protection against unlicensed drivers should start working right away, but you can reboot your computer for reliability. If you are going to restore the default value, please note that if you specify "Warn" about an unsigned driver, then even if you continue installing it, it will not work.

Fifth method

We will mention this opportunity only briefly. This action is not only a little illegal, but also involves considerable risk, because we will almost forcibly install an unchecked driver into the computer.

If all previous methods did not help you, you can always sign the driver yourself. To do this, you will need the driver itself and two completely legal SDK for Windows developer programs and the Driver Kit, of course, latest versionsor pirated software, the use of which may be more dangerous for your computer than the same drivers that you are trying to "force" to install on your computer.

Before you do this, you can try to add the driver manually. To do this, run the command line in a known way and enter the command Pnputil -a c: \\ ***. Inf, where the last value is the path to the driver you need. If the computer still gives an error, you will have to sign the driver yourself.

Conclusion

And finally, whatever you do with the operating system and whatever changes you make, if they do not help you solve your problem, do not forget to return everything as it was. Remember that no matter how users criticize the operating windows system, it was created by professionals who know a lot about programming. By independently interfering with the already created, integral structure, you risk a lot.

Driver  - is a program that provides computer interaction with equipment and devices. Without drivers impossible normal work  PC-connected equipment, such as a video adapter or printer.

In most cases, drivers come with Windows, or you can find them by going to the center. windows updates  on the control panel and checking for updates. If the necessary driver is missing in Windows, it can usually be found on the manufacturer’s website.

When a new OS device is connected to the computer, Windows tries to find and install a driver for this device. Sometimes you can see a notification that the driver is not signed, changed after signing, or Windows cannot be installed. You can always decide whether to install an unsigned or modified driver.

Signed driver  is a device driver with a digital signature. Digital signature  is an electronic security label that may indicate the publisher of this software, as well as the fact of changing the driver after its signing. If the driver is signed by the publisher and the authenticity of the signature is confirmed by a certification authority, then you can be sure that the driver is released by this publisher and has not been changed.

Note: 64-bit versions of Windows OS block the installation of drivers without a valid digital signature (or modified after its application). This message appears only when you try to install such a driver on a 64-bit version of Windows. If you see such messages when installing the driver, visit the device manufacturer's website for a digitally signed device driver.

Install a driver without a digital signature or not

It is impossible to determine with certainty that the file without a valid digital signature was obtained from the specified source and was not tampered with (possibly with the help of a virus) after its publication. It is advisable to avoid opening the file if there is no confidence in the reliability of the source and the security of the file contents. Even valid digital signature  does not guarantee that the contents of the file is safe. Based on the identity of the publisher of the file and the data on the source of its download, you should decide whether you can trust the contents of the file.

Selection of actions when installing the driver

When installing a new driver, Windows will display one of the warnings:

  • This driver is not signed.
  • Windows cannot verify the publisher of this driver.
  • Windows requires a digitally signed driver

Unfortunately, there are no reliable sources of information that can indicate who published the unsigned driver. Anyone can change the contents of the unsigned driver. The original version of the unsigned driver really could have come from the device manufacturer, but if the driver is not signed, then it is possible that someone changed it. There is no way to tell if a driver has been modified by an attacker. Currently, most manufacturers sign their drivers before implementing them.

You should install an unsigned driver only if it is obtained from the manufacturer's license disk.

Disable driver digital signature verification

If you decide to disable digital signature verification, this is done like this.

Press Win + R or Start - Run and enter the command gpedit.msc

The Local Group Policy Editor opens. Find User Configuration - Administrative Templates - System - Driver Installation.

In the right half of the window we find Digital Signature Device Driver. Double click or right click on this item and select Change.


In this window, select the item Turn off. Apply and OK. If you choose Enable, then you can additionally choose how the system reacts to a driver without a digital signature


Of course, the choice is always yours, but it’s not often that you have to reinstall the drivers, so it’s better to once again read the warning and think about what to look for later.

  Trying on © 2019 Mobile and computer gadgets