cancel
Showing results for 
Search instead for 
Did you mean: 
sagarmc004
Level 7

Difference between MSI signed with updater digital certificate and MSI signed with execute only digital certificate

I have two digital certificates added to the Solidcore configuration, one configured as updater and the other with execute permission only. I am using these two certificates to sign the *.msi files.

I am unable to find any difference between these two certificates when a MSI file is installed and uninstalled.  Solidcore adds all files installed by these two msi into the whitelist and when uninstalled removes them from the whitelist.

Can anyone tell me the difference between these two certificates with respect to msi ?

Message was edited by: sagarmc004 on 1/7/14 4:00:44 AM CST
0 Kudos
1 Reply
Artfulbodger
Level 13

Re: Difference between MSI signed with updater digital certificate and MSI signed with execute only digital certificate

Hi,

Installers and Updaters are slightly different,

Updaters are authorized components that are permitted to update the system, make changes to a protected file. By signing the MSI with and updater approved trusted cert you are overriding the pkg-ctrl permitting the MSI to make changes to the system.

Allow execute would normally be used to whitelist in house applications to permit a binary to execute.

Regards

Rich

0 Kudos