Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
700 Views 5 Replies Latest reply: Aug 30, 2013 4:43 PM by rmetzger RSS
rmetzger Champion 567 posts since
Jan 4, 2005
Currently Being Moderated

Aug 26, 2013 6:53 PM

Should I trust 7179xdat.exe when not signed?

Normally, McAfee signs executables with appropriate certificates. Upon download, I check the validity of the signature to ensure that the downloaded file's integrity is complete.

 

Whenever I download any executable file from a security firm, like McAfee, I test the integrity of the download by checking it's signature. I have been doing this for well over 2 years. I use Microsoft/Sysinternal's SigCheck.exe to test signatures.

 

Lately, I have found that sometimes XXXXxdat.exe files have not been signed. Here is SigCheck's results on 7179's .exe:

 

.\7179xdat.exe:

       Verified:       Unsigned

       Link date:      5:23 AM 11/12/2010

       Publisher:      McAfee, Inc.

       Description:    SuperDAT Stub

       Product:        McAfee Core Components

       Version:        2.5

       File version:   2.5.171

       Strong Name:    Unsigned

       Original Name:  SDStub86.exe

       Internal Name:  SDStub86

       Copyright:      Copyright⌐ 2010 McAfee, Inc. All Rights Reserved.

       Comments:       n/a

       MD5:    2D6E1B1421A91DFFEF6D9E0A82170B75

       PESHA1: 5CA940C2208AD72B0DFA1B855A266BA9D974ED04

       PE256:  99B046BD199DE25B13C71270FD5D916019EEA7211E653F93020DF6268973361C

       SHA256: FA41D60D14957FD5852F7F476D6E02EAC39D822C9718D45F9B1FE31E13C8E15C

 

Here is yesterdays (7178.xdat.exe):

.\7178xdat.exe:

       Verified:       Signed

       Signing date:   2:21 AM 8/25/2013

       Publisher:      McAfee

       Description:    SuperDAT Stub

       Product:        McAfee Core Components

       Version:        2.5

       File version:   2.5.171

       Strong Name:    Unsigned

       Original Name:  SDStub86.exe

       Internal Name:  SDStub86

       Copyright:      Copyright⌐ 2010 McAfee, Inc. All Rights Reserved.

       Comments:       n/a

       MD5:    0A5BCE6902B14CB693FE4E0F67CA3568

       PESHA1: A77AA8940EADDE8674A0441AF1292521AD4790B8

       PE256:  7917E3180572D7873E3016D8F606ED43B4AA10ED8CC884AE20AC2190DC0E2528

       SHA256: 1E2BD5752186F33E152071A425887AE21D755C93583B53410394B971CF414DDB

 

Same thing happened with 7172xdat.exe.

 

Why is there a difference in the signatures?

Did someone from McAfee forget to Sign this file? (I would have thought this process, automated.)

 

Should I trust 7179xdat.exe given the Signature verification is Unsigned?

Am I just being paranoid?

 

Comments?

 

Thanks,

Ron Metzger

  • welshman Newcomer 1 posts since
    Aug 28, 2013
    Currently Being Moderated
    3. Aug 28, 2013 9:13 PM (in response to rmetzger)
    Re: Should I trust 7179xdat.exe when not signed?

    I just tried to remove an infection using the virus removal took on my McAfee screen. I ran the 7181 execution, but when I tried to view the download,

    a screen popped up saying that it could not find the something or other in McAfee something. I couldn't understand what it said, and it disappeared

    immediately.

    Have you any idea what this means?

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points