Let's consider how to disable verification of digital signatures of drivers. If you try to install a file without such a signature, errors may occur or the system may refuse to install.
The problem can be solved only by disabling the function.
To find where on your operating system the window with the digital signature settings is located, follow the instructions appropriate for your operating system.
After deactivating the option, you can easily install any programs and libraries that do not have a signature identifier.
Content:Why do i need a digital driver signature
A digital signature is a so-called label for a file or library that guarantees its security.
It is necessary so that the user can find out about the origin and developer of the application.
Also, the signature is verified at the initial stage of the installation of any executable file.
If this attribute is missing or certain errors are found in it, the installation will not start, and the user will be notified of the possible danger that could result from using an unidentified program.
The digital signature is displayed in a pop-up window as soon as the user starts the installation of the executable file.
In this window, you need to grant the OS additional permission to run the installation wizard. Here you can also see the name of the certificate.
It is indicated after the program name. The figure below shows an example of displaying the User Account Control window, in which the digital signature of the application is the Publisher field.
The digital signature is embedded not only in standard applications and system libraries. It can also be found in driver software.
A driver is a program that is responsible for configuring the operation of the hardware components of a PC and devices connected to it (video card, mouse, keyboard, printer, microphone, etc.).
Because of this, even a driver with an official digital signature can be identified as a potential security threat to the PC.
64-bit OS versions immediately block installation and delete the application file if no digital signature is found.
The Windows error window that appears may display one of the following problem variants:
- "Lack of driver signature";
- "The system cannot verify the manufacturer of the program";
- "Windows needs a digitally signed driver."
Rice. 2 - example of Windows Security error window
The easiest solution to the problem is to disable digital signature verification.
The process for configuring this setting may differ depending on.
Before disabling this function, the user must be aware of all possible threats to the operating system and computer.
The system may not recognize the signature due to counterfeit or unsafe content. In most cases, it is best to avoid working with applications without a digital ID.
Disable the function in Windows 7
In Windows 7, the option to enable / disable signature verification is the responsibility of the system group policy editor. Its window can be opened using the command line.
Follow the instructions:
- Open the "Run" window by pressing the Win and R buttons at the same time;
- Enter the command shown in the picture and click OK;
Rice. 3 - the command to open a window by the Windows policy group
- In the window that appears, open the tab "User configuration"... Then click on the item "Administrative Templates"... In the "System" tab, click on the option "Installing the Driver";
- In the right part of the window, select "Digital signature of devices";
Rice. 4 - the "Driver Installation" tab in the OS Group Policy window
- Disable ID verification in the new window and save your changes.
Rice. 5 - disable checking for Windows 7
Instructions for Windows 8 and 8.1
Enter the gpedit.msc command in the Run window to open the settings window, or enable the policy editor through the control panel. Then follow these steps:
- On the left side of the window, go to the "System" directory, as shown in the figure below, and go to the policy folder. In the right part of the system window, click on the item "Digital signature" with the right mouse button.
Rice. 6 - check the status of the option
- Click on "Change";
- In the new window, select the "Enabled" option, and then set the "Parameters" column to "Skip";
- Click OK and exit the Group Policy Editor.
Now, even after restarting the operating system, the digital signature check will not be enabled.
To enable the function, go back to the system editor window and configure the scan parameter.
Rice. 7 - disable checking in Windows 8 and 8.1
Another way to deactivate the feature is by using the command line. You can disable the option by entering one simple command.
Go to the Run window and start the Command Line with the cmd line:
Rice. 8 - the command to activate the line
In the window that opens, enter the command shown in the figure below. To re-enable the option, change the identifier OFF to ON.
Rice. 9 - command to disable signature verification
Instructions for Windows 10
Most of the functions and parameters of the new system are similar to the eighth version of the system.
Disabling the option to constantly check the digital identifiers of drivers is carried out in the group policies window:
- Go to the editor, as shown in the instructions for Windows 8;
- Open the window for enabling / disabling signature verification;
- Select the "Disabled" item;
- Leave the field blank in the parameters column;
- Save your changes.
Rice. 10 - disable setting in Windows 10
If there is no zero (empty) value in the drop-down list, select "Skip". To deactivate using the command line, you need to use two commands.
The first is to load options, the second is to disable the function. Both commands and the order of their execution are shown in the figure below:
Rice. 11 - shutdown using Command Line in Windows 10
Disable Windows Defender
Newer versions of Windows (8.1 and 10) have, which also checks the security level of any executable file.
Sometimes, disabling digital signature verification alone may not be enough, because Defender can identify a file as dangerous.
In this case, it will be immediately removed or quarantined (depending on the defender's settings).
Fig. 12 - Windows Defender main window
If, after disabling driver signature verification, a system window appears about unsafe content in a file, you should disable the Windows Defender service to continue installing it.
Follow the instructions:
- Open a Windows Defender window;
- Check the status of the utility, and then click on the "Parameters" tab;
- You will be redirected to Windows System Settings. In it, you need to disable the options for real-time protection and cloud protection.
Figure 13 - Disabling Windows Protection
Installing drivers without a digital signature should be carried out only if you are absolutely sure that the file is safe.
For example, if you are a developer and have created an application that does not have a signature yet.
The setup file is reliable if you downloaded it from the developer's site. Often, the latest driver versions can be mistakenly detected by the digital signature verification server.
This indicates that the developer has not yet entered the information about the identifier into the system or that work on improving the driver is still active.
In this case, disabling signature verification and defender will not cause any damage to the installed operating system.
Many users have already encountered unsigned drivers. You want to install the necessary driver for some program, but Windows 7 shows a hefty fig - they say, go for a walk, kid, the driver does not have a digital signature. How to solve this problem?
Actually, there are absolutely two solutions here - either get rid of digital signature verification altogether, or ... add this signature yourself! Yeah, you probably didn't know that you can sign drivers yourself? Live and learn.
But first, let's find out how you can turn off digital signature verification for drivers.
Disable digital signature verification for drivers in Windows 7
You can disable this disgrace in a special Windows 7 mode, which is selected when the system boots. As a rule, this feature is relevant for programs that install their driver without rebooting.
To disable, open the Windows 7 boot menu, for which you use the key
In the first case, select the version of Windows you need, then click again
From this menu, select the option and press the key
As a result, Windows will be loaded in a special mode. But do not be alarmed, it differs from the usual one only in that it does not verify the digital signature of the drivers - and nothing else. It is enough to restart Windows and the normal scan mode will be enabled again.
By the way, if you install some drivers in this mode, harmful Windows can still display a warning that the driver is not signed. Spit on it, close this warning and the driver will be installed anyway.
This is all great, but I want to sign the drivers myself, yeah! We'll talk about this in the next section.
How to manually sign a driver in Windows 7
The DSEO (Driver Signature Enforcement Overrider) program will help us to do such villainy as a driver signature. With this program you can create your own driver signatures. Please note that for the program to work, it is imperative, otherwise the focus will not work.
The program itself is as simple as a broom, and it is extremely easy to work with it.
- Run the program, click on the button Next, then again on the button Next.
- Select radio button Enable Test Mode(test mode), click Next.
- Select radio button Sign a system file(sign the system file) and click the button Next.
- Specify the path to the driver file (like C: \ Windows \ System32 \ Drivers \ lkindrv.sys), then click the button again Next.
- The required number of drivers is signed in the same way. It remains to reboot and calmly install the required driver for yourself.
This method also has some nuances - this test mode will be turned on all the time. By the way, it is officially intended for testing new drivers. It sometimes causes the Windows build number to appear next to the taskbar and indicates that the operating system is in test mode. You don't have to worry about the inscription, after exiting the test mode it will disappear.
How to get out of it? Launch DSEO, select radio button Disable Test Mode and reboot again.
The method is very effective, and it does not change the system bootloader or Windows system files. However, there are also alternatives that change the bootloader to automatically select the menu item ... We are talking about ReadyDriverPlus and more on it in the next section.
ReadyDriverPlus Program
ReadyDriverPlus allows you to select an item automatic. In other words, you don't have to constantly press the button.
Starting with Windows 7, Microsoft has tightened the requirements for installed drivers. Now every driver must be digitally signed by Microsoft, otherwise it cannot be installed. The digital signature of the drivers is checked at the beginning of their installation, and if it is not found, the user receives an error like "Windows cannot verify the publisher of this driver." If you try to install the driver forcibly, and for this, the corresponding option is provided in the message window, then it will still not be installed.
To resolve this issue, you will need to disable driver signature verification. It can be either one-time or on a permanent basis. In most cases, for added security, it is recommended to disable scanning before the first reboot, but if you are confident in your actions and trust the developer, you can disable it permanently. So let's see how to disable driver signature verification in Windows 7/10 using different methods.
This option for disabling digital signature verification is a one-time option. The choice of the mode with disabled scanning differs slightly in different versions of the operating system. If you're on Windows 10, go through the Settings app to the Update & Security section, switch to the Recovery tab, and click the Restart Now button located under the Special Boot Options heading.
The action selection screen will load. We do the following. Sequentially choose Troubleshooting - Advanced Options - Boot Options - Restart.
The system will reboot and you will see the boot options screen, in which you will need to press the F7 button corresponding to the option to disable mandatory driver signature verification.
Once Windows boots up, you should be able to install the unsigned driver without errors or warnings.
We act in the same way in Windows 8 and 8.1, only to boot in the disabled driver check mode, open the Charms bar, select there Change computer settings - Update and recovery - Recovery - Restart now.
Otherwise, almost everything is the same.
In Windows 7, the easiest way to get to the advanced options menu is by pressing the F8 key while starting the computer. When the menu appears, use the arrow keys to select the appropriate option from the list and press Enter.
Disable via Group Policy Editor
If you would like to permanently disable driver authentication, you can use the Local Group Policy Editor. This is a universal method and it works the same in Windows 7, 8 / 8.1 and 10 with only one condition - the edition of the system must be higher than Home. Start the editor with the command gpedit.msc and go in the left column along the path User Configuration - Administrative Templates - System - Driver Installation.
On the right, double-click the Digital Signature Device Drivers policy. In the settings window that opens, set the radio button to the "Enabled" position, and in the drop-down menu just below, select the "Skip" option.
Save your settings and restart your computer just in case. That's it, after that you can safely install an unsigned driver.
Similar results can be obtained using the usual command line, or more precisely, the console utility bcdedit... This method is also universal, the only condition is that the PC must have a regular BIOS. However, you can resort to it even if your computer is UEFI, only you will definitely need to disable the Secure Boot function. Open a classic command line or console PowerShell as administrator and run these two commands in sequence:
bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON
After executing each command, you should receive a confirmation "Operation completed successfully".
Restart your computer and install the unsigned driver. A small nuance - after rebooting in the lower right corner of the screen you will see a "Test Mode" notification indicating the version and revision of the system.
To get rid of it, you will have to re-enable driver signature verification. To do this, run these two commands:
bcdedit.exe / set loadoptions ENABLE_INTEGRITY_CHECKS
bcdedit.exe / set TESTSIGNING OFF
It is unlikely, but it may happen that the next time you reboot, the scan will turn on again. How to disable driver signature verification permanently in this case? There is another way, and it also involves using the console utility bcdedit... This time, you will need to boot Windows into Safe Mode first. It is turned on in the boot parameters (we discussed how to open them above) by pressing the F4 button. In Windows 7, the arrow keys are used to select.
Boot into safe mode, open a command prompt as administrator and run the command bcdedit.exe / set nointegritychecks on and then reboot normally.
Signature verification will also be disabled. According to the reviews of many users, this method is more reliable. For the future, if you want to re-enable verification by booting in safe mode, run the same command, only replace the key in it on key off.
In Windows 7, Microsoft has significantly tightened the requirements for installed drivers (we recommend that you read the entertaining article about). Any driver you install must now be digitally signed and verified and certified by Microsoft. Before downloading and installing a driver for any device, Windows 7 verifies the digital signature of that driver. And if, when you try to install a driver for a new device in Windows 7, you see a message: “ Windows can't verify the publisher of this driver software " then this driver is not digitally signed. In the window indicated by the dialog, you can select the option "Install this driver software anyway" ("Install this driver anyway"), however, in any case, this driver will not be installed, and therefore the device will not work.
When installing an unsigned driver, the device will be marked with an exclamation mark in Device Manager and contain the following error message:
Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)
Also, the following errors may indicate problems with the digital signature of drivers:
The digital signature verification policy for drivers works in both 32 (x86) and 64 (x64) versions of Windows 7 and the main reason for the emergence of such a policy for installing third-party drivers is the desire to improve the stability and reliability of the Windows operating system by ensuring that all released drivers have passed a certification test and a compatibility test at Microsoft.
Fortunately, in Windows 7, you can turn off driver digital signature verification. And this can be done in several ways:
- Sign the driver yourself (you can do this using special software, or according to the instructions described in the manual)
- Disable digital signature verification of drivers using Group Policy
- Change OS boot mode to boot without digital signature verification (using bcdedit)
- Boot Windows 7 without checking the digital signature (via the boot menu by pressing the F8 key)
Consider all of the above options for disabling driver signature verification
Boot Windows 7 without verifying digital signature
It is possible to temporarily disable verification of driver signatures if you reboot the system, press the key at boot F8 ... In the menu that appears with the options for loading the system, select the item DisableDriverSignatureEnforcement("Disable mandatory driver signature verification").
After loading Win 7, it will be possible to install an unsigned driver and test its work, but if you boot in normal mode, the driver will not work
Disable Driver Signature Verification in Windows 7 Using Group Policy
In the event that you want to completely disable driver signing verification in Windows 7, you can do this using Group Policy.
Open the Local Group Policy Editor by typing
In the policy menu, go to User Configuration-> Administrative Templates-> System-> Driver Installation.
Find ‘Code Signing for Device Drivers’ in the right pane and double-click it.
Select ‘Enabled’ in the window that appears and ‘Ignore’ in the lower menu. Click Ok and restart your computer. After rebooting and applying the policy, in your Windows 7 you completely disable driver signing, and you can install any, including unsigned, drivers.
Disable driver digital signature verification in Windows 7 using bcdedit
Open a command prompt as an administrator and type the following two commands in sequence:
Bcdedit.exe / set loadoptions DDISABLE_INTEGRITY_CHECKS bcdedit.exe / set TESTSIGNING ON
After executing each of the commands, a message should appear stating that the command completed successfully.
Restart your computer and try to install the unsigned driver. Voila!
If you need to cancel this mode of operation and re-enable digital signature verification in win 7, run the following commands:
Bcdedit.exe / set loadoptions ENABLE_INTEGRITY_CHECKS bcdedit.exe / set TESTSIGNING OFF
During the installation of the driver in Windows 10, it is analyzed with respect to the digital signature. It is possible to install drivers in Windows 10, created for Windows 7 and Vista, but if they are installed on the top ten, you must disable the digital signature verification of Windows 10 drivers.
Although, due to signature verification, installation problems arise with Windows 8. But there are devices for which the drivers have not been updated for a long time, due to their discontinuation.
There are special utilities that replace the signature. First, you need to install this utility in Windows 10 and then install the driver. It should also be taken into account that when you remove the digital signature spoofing utility from the system, the driver that does not have an identification digital signature will "reject" the driver that does not have an identification digital signature on the very first restart of Windows 10.
For example, as happens with the tuner TECHNOTREND TT-BUDGET S-1401. This expansion card is capable of receiving DVB-S and satellite Internet.
There is another option to install not the WDM (Windows Driver Model) driver, but the BDA (Broadcast Driver Architecture) for tuners, radio cards or video capture cards.
If the chip was massively used, then you can try to install an installer from another manufacturer, but only the driver must be developed for a device with just such a chip.
Keep in mind that by changing the settings of Windows 10 you increase its vulnerability to viruses and other malware.
So, there are three ways to turn off the validation check for driver suitability.
Using boot parameters
Acts once, on the first reboot. The next time you install, you will have to repeat the steps for new equipment again with the installer of system files that do not have an identification signature.
So, open "All options". Then select "Update and Security". On the left, go to the "Recovery" category, that in the "Special boot options" group, click "Restart now".
Once the computer restarts, open Diagnostics. Then "Advanced options" and then select "Boot options". It is supposed to click "Restart".
When you reboot, Windows 10 will display a list of start options. You will have to indicate "Disable mandatory driver signature verification" or just press F7.
Everything. Windows 10 will not authenticate the digital signature of the driver and will allow it to be installed.
Disable Local Group Policy Checking
You can only do this in Windows 10 Pro. Home is missing the option. Checking is disabled until the user changes the settings again.
So, you need to open it in the local group policy editor. To do this, you need to use the Win + R key combination and type in the line - gpedit.msc. Then you need to press Enter.
In the following program, the following directories are opened sequentially: User Configuration \ System \ Driver Installation. Now go to editing the parameter "Digital signature of device drivers", which is located on the right in the Driver Installation directory.
1. It's just enough to change the parameter to "Disabled".
2. Leave the value "Enabled", but in the category "If Windows detects an unsigned driver file" select "Skip".
Finally, press the "OK" button and close the editor.
It is also advisable to reboot the system, although this method works without restarting the operating system.
If you need to return the driver signature verification, you will have to return to this settings window and enable verification.
Method three - command line
This option also turns off the driver identification check irrevocably.
There is also a limitation in this method. Your computer must be running BIOS. Otherwise, it is when the motherboard supports UEFI, you need to disable the Secure Boot function.
Calling the "Start" context menu, then select "Command line (administrator)".
Enter from the keyboard:
bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON
At the end of the execution of commands, you still need to reboot.
Of course, Windows 10 will fully function, but at the bottom right, a notification about the test mode of functioning of Windows 10 will be displayed, due to the inaction of identifying the driver for signature.
To hide the message about this, you will have to call the command line under the administrator again and type the command for implementation:
bcdedit.exe -set TESTSIGNING OFF
And press Enter.
We hope that our article will be useful to you in case of a problem with a device driver.
