Windows

Use Windows XP's File Signature Verification tool as a troubleshooting aid

Older unsigned drivers can cause XP to crash. If you suspect this is the case, you can use the File Signature Verification tool to guide you to the culprit. Greg Shultz examines how to use this tool and what to do with the information it provides.

When you’re troubleshooting a problem with a Windows XP system, the first thing you should do is run the File Signature Verification tool. This tool will search the operating system and identify any unsigned device drivers installed on the system. It will also verify all signed device drivers. This information can be helpful for troubleshooting system instability, error messages, boot problems, and so on. In this Daily Drill Down, I’ll show you where to find the File Signature Verification tool and show you how to use it as a troubleshooting aid. I’ll also go into detail on the subject of signed vs. unsigned device drivers in Windows XP.

Signed drivers
If you’ve worked with previous versions of the Windows operating system, you know firsthand the end result of working with poorly designed device drivers—an operating system that unexplainably crashes. To remove this blight from the operating system, Microsoft instituted the Designed For Windows program. Under this program, only those hardware and software products that have been thoroughly tested and have passed Microsoft’s rigorous set of compatibility tests earn the right to display the logo shown in Figure A.

Note
For more information on the Designed For Windows program, check out the Windows Logo Program Web site.

Figure A
Only those products that pass Microsoft’s compatibility tests get to display this logo on their packages.


As a part of this program, any driver installed by the product includes a digital signature attached to it by Microsoft; the signature indicates that the driver has passed the tests, and that the driver has not been altered since Microsoft tested it. Microsoft guarantees that the driver will work correctly with the operating system.

Using unsigned drivers
While using digitally signed drivers is strongly encouraged, in some cases using an unsigned driver in Windows XP is necessary. For example, you may have a piece of legacy hardware that you can’t live without, but that is no longer supported with updated drivers. In that situation, you have no other recourse but to try to use an unsigned driver.

When you install such a driver, you’ll see a strongly worded warning message that informs you that continuing with the installation may "impair or destabilize" the operating system. If you proceed, the unsigned driver will be installed and you’ll never see another warning about the driver.

In some situations, the driver may work fine, but in others, it may not. For example, I’ve discovered that some Windows 2000 drivers will work fine in Windows XP but most Windows NT drivers don’t work in XP at all.

A way out
If you find that you must install an unsigned driver in Windows XP, keep in mind that the operating system automatically creates a System Restore point when you do so. So, you have a way out should the driver wreak havoc on your system. To make sure that you can use the System Restore point to undo any changes made by installing an unsigned driver, you shouldn’t install anything else on the system until after you’ve thoroughly tested the system. To do so, run all your applications and access all your peripheral devices very heavily for a couple of days to find out if any conflicts arise.

Running the File Signature Verification tool
To find out if a problem is indeed caused by an unsigned driver, you can use the File Signature Verification tool to track down any unsigned drivers. To do so, access the Run dialog box from the Start menu and type this command in the Open text box:
Sigverif

You’ll see the File Signature Verification tool’s main window, as shown in Figure B.

Figure B
When you launch the File Signature Verification tool, you can immediately begin a search operation or you can configure how the search will work.


Note
You can also launch the File Signature Verification tool from System Information. To do so, access the All Programs | Accessories | System Tools menu and select System Information. When you see the System Information window, pull down the Tools menu and select the File Signature Verification Utility command.

By default, the File Signature Verification tool will check for any system files that aren’t digitally signed. To specifically search for unsigned drivers, click the Advanced button. When you see the Search tab, choose the Look For Other Files That Are Not Digitally Signed option, leave the Scan This File Type list box as it is, and then use the Browse button to set the Look In This Folder text box to the C:\Windows\System32\Drivers folder, as shown in Figure C.

Figure C
To specifically search for unsigned driver files, direct the scan operation to the C:\Windows\System32\Drivers folder.


In addition, you can configure how you want the File Signature Verification tool to handle the log file on the Logging tab, as shown in Figure D. By default, the log file is named Sigverif.txt and is saved in the C:\Windows folder. You’ll also notice that the Logging tab provides you with a way to quickly open and view the contents of the log file.

Figure D
You can choose a new name for the log file and specify how you want the File Signature Verification tool to handle the existing log file.


To start the search, click the Start button. When you do, the File Signature Verification tool will begin scanning the system for any unsigned drivers. Depending on how you configure it to work, the operation may take a while to complete.

When it completes the operation, you’ll see a results window like the one shown in Figure E. For easier reading, you can maximize the window. As you can see, the File Signature Verification tool gives you detailed information about each unsigned driver file it encounters, including the file's name, location, modification date, type, and version number. You can scroll through the window and peruse the results. As you do, click on any of the column headers to sort the results for more focused analysis.

Figure E
Once the File Signature Verification tool completes the operation, it displays the results of the scan.


Viewing the log in a worksheet
Keep in mind that the text-based log file that the File Signature Verification tool creates is a complete log of the operation. That means that it shows information about every file scanned. If you look at the status bar of the results window, you can see that in our example, the File Signature Verification tool actually scanned 206 files even though only seven files are displayed. As you can imagine, having 206 entries can make the text-based log file difficult to work within Notepad.
I’ve discovered that you can easily import the log file into a worksheet with just a little editing. All you need to do is open the log file in Notepad and delete the header information contained on the first 11 lines. Now, because the main portions of the text-based results are formatted in a table format that uses spaces to delimit the columns, importing the data into a worksheet is a snap. You can then sort the list any way you need to make your analysis easier.


Using the results in troubleshooting
If you discover an unsigned driver that you think may be the cause of your problem, you can disable the driver and see if the system responds any differently. To do so, open the Control Panel, double-click the System icon, and select the Hardware tab. Then, click the Device Manager button.

Once you see the Device Manager window, locate the device in the tree and double-click on it. When you see the device’s properties dialog box, click the drop-down arrow in the Device Usage panel and select the Do Not Use This Device (Disable) option. Then click OK, close Device Manager, and restart the system. You can then run some tests to see if the problem still exists. If disabling the driver resolves the problem, you can then begin investigating whether the manufacturer has an updated driver.

Keep in mind that a device using an unsigned driver may not be visible in the Device Manager tree. If you don’t see the device, pull down the View menu and select the Show Hidden Devices option. In addition to disabling the driver in Device Manager, you have two other options for removing the suspect driver from the mix. First, you can open the C:\Windows\System32\Drivers folder in Windows Explorer, locate the driver file, and rename it. Second, you can use the Add/Remove Programs utility in the Control Panel to uninstall the software that installed the driver. If you discover multiple unsigned drivers and aren’t sure which one could be the cause of the problem, disable one driver at a time.

Preventing unsigned driver installation
Finally, if you want to prevent anyone from ever installing unsigned drivers in Windows XP, you can do so quite easily. To begin, open the Control Panel, double-click the System icon, and select the Hardware tab. Then, click the Driver Signing tab. You’ll see the Driver Signing Options dialog box shown in Figure F.

Figure F
You can prevent anyone from installing unsigned drivers in Windows XP.


As you can see, the default option will produce a warning message but will allow an unsigned driver to be installed. However, if you select the Block – Never Install Unsigned Driver Software option, no one will ever be able to install anything but a digitally signed driver file.

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

0 comments