Run sigcheck via batch file


  1. gvp
    Posts : 7
    Windows 7 Ultimate x64
       New #1

    Run sigcheck via batch file


    1. download sigcheck.exe from sysinternals.com and copy it in c:\windows
    2. make a plain text file and name it "sigcheck.bat"
    3. copy the following in this file
    Code:
    @ECHO OFF

cd c:\windows
set str1="C:\Program Files (x86)\Mozilla Firefox"
FOR %%A IN (%str1%) DO set str2=%%~sfA
echo %str2%
cd c:\windows

:sigcheck -e -s -vrs C:\windows\system32
:sigcheck -e -s -vrs C:\Users\Bill\Desktop\NEWFOL~1
sigcheck -e -s -vrs %str2%

goto 10:

usage: sigcheck [-a][-h][-i][-e][-l][-n][[-s]|[-c|-ct]|[-m]][-q][-r][-u][-vt][-v[r][s]][-f catalog file] <file or directory>
usage: sigcheck [-d][-c|-ct] <file or directory>

usage: sigcheck [-t[u]] <certificate store name|*>
-a    Show extended version information. The entropy measure reported is the bits per byte of information of the file's contents.
-c    CSV output with comma delimiter
-ct    CSV output with tab delimiter
-d    Dump contents of a catalog file
-e    Scan executable images only (regardless of their extension)
-f    Look for signature in the specified catalog file
-h    Show file hashes
-i    Show catalog name and image signers
-l    Traverse symbolic links and directory junctions
-m    Dump manifest
-n    Only show file version number
-q    Quiet (no banner)
-r    Disable check for certificate revocation
-s    Recurse subdirectories
-t[u]    Dump contents of specified certificate store ('*' for all stores). Specify -tu to query the user store (machine store is the default).
-u    If VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero detection, otherwise show only unsigned files.
-v[rs]    Query VirusTotal ( www.virustotal.com) for malware based on file hash. Add 'r' to open reports for files with non-zero detection. Files reported as not previously scanned will be uploaded to VirusTotal if the 's' option is specified. Note scan results may not be available for five of more minutes.
-vt    Before using VirusTotal features, you must accept VirusTotal terms of service. See: https://www.virustotal.com/en/about/terms-of-service/. If you haven't accepted the terms and you omit this option, you will be interactively prompted.

One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command:

sigcheck -u -e c:\windows\system32

You should investigate the purpose of any files that are not signed.

:10

pause
    4. In third line of the bat file change "C:\Program Files (x86)\Mozilla Firefox" to whatever folder you want
    5. Run the bat file
      My Computer
    Quote Quote

  3. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #2

    Well if you've got sigcheck.exe then you might just as well use SigcheckGUI. You can scan any number of files, folders or all running processes and check signatures along with VirusTotal detections.

    Run sigcheck via batch file-sigcheckgui.jpg

    Then here's an example of unsigned executables:

    Run sigcheck via batch file-sigcheckgui-2.jpg

    At least the results are shown in the same window.
      My Computer
    Quote Quote

  4. gvp
    Posts : 7
    Windows 7 Ultimate x64
    Thread Starter
       New #3

    Didn't know about it ... thank you
      My Computer
    Quote Quote

 

  Related Discussions
Hi all, Any idea how to write Batch File .bat to copy file from File Sharing & FTP Hosting to local directory. Current the File Sharing & FTP Hosting is SMARTFILE. I don't want to use WINSCP as the connector. Thanks
Hiya, I'd just like to run a simple batch file at logoff to backup some settings. I plan to use Robocopy, which is what i use to more thorough backups. Two questions: 1. How make it run by clicking Start > Shutdown? (i realise i could make a shutdown batch file and run it instead, but i'd...
Ok I'm totally at a loss on how to word this so I'm just going to write it out the best that I can... :confused: First I have a batch file that I'm writing that will convert mp4 files to mp3 files (I have a lot) for a buddies band using ffmpeg. Here's the code that I'm using: ffmpeg -i...
sigcheck.exe not working
in Performance & Maintenance

I'm trying to verify that all my executables, no matter their extension, are digitally signed, by using the command: sigcheck -u -e c:\windows\system32 I'm doing this by opening all applications accessories>command prompt>"Run As" Administrator, and the result I'm getting is: 'sigcheck' is...
How to create a batch file that will move files based on the file type? My Requirement : I need a batch file to copy all .doc files in all my HardDisk to a removable disk say (Z: drive) . Can anyone make it possible using a batch file?Please...Its urgent...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:09.
Find Us