• Disable checking for unsigned drivers in Windows 7. Disable checking the digital signature of the driver

    It cannot be said that the digital signature of the driver is akin to the widow of a retired lieutenant who flogged herself, but analogies simply suggest themselves. To the question: “What is a digital signature of drivers and why is it needed?” - the answer will be very simple. Firstly, this is a certain sequence of codes inserted into the code of the driver program by its developer himself, and which the operating system (in in this case- Windows).

    Ways to disable scanning digital signature Windows drivers.

    And secondly, it’s already quite simple and clear: when a driver is installed in the system, it checks its digital signature for authenticity. If everything matches, then the installation continues. If it doesn’t match, then, of course, it stops. The idea of ​​a digital signature is not new at all; it for a long time was used (and is still used, although more advanced mechanisms for protecting against distortion have long been developed) in information transmission systems and was often called “ checksum" In the simplest version, it was simply a byte-by-byte “modulo 2 addition” of the entire contents of the file.

    Well, then politics comes into play - for starters, the business policy of equipment manufacturing companies and, accordingly, drivers. The device has been developed, its driver has been developed, now the developer just needs to convince Microsoft to insert information about this driver into Windows so that it recognizes the device and its driver specifically from of this manufacturer. After all, there are plenty of third-party competing developers who can develop their own driver for the same device - better or worse, it doesn’t matter, the main thing is that it’s illegal, and therefore unacceptable for use in the system.

    Next. A driver is a program, and thus subject to viruses. Moreover, such a program is an unkillable card for viruses, because the driver will be launched in any case, and by the system itself. But the virus “does not know” the digital signature of the driver, and Windows will check the authenticity of the signature every time it is installed - this is a way to protect against drivers infected with viruses and another advantage of a digital signature.

    But, on the other hand, there are, indeed, plenty of drivers from “third companies” that significantly exceed the official ones in their characteristics. But they do not have a digital signature, which means they cannot be installed unless you disable driver digital signature verification in Windows. And this possibility is provided by Microsoft itself; it still did not “burn bridges behind itself.” By default, Windows boot options provide for mandatory verification of the driver’s digital signature, but this can be canceled if, of course, you understand the danger to which the system is exposed - either from a crookedly written “non-native” driver or from viruses.

    A small nuance - incidentally

    Disabling driver signature verification in Windows 10 or any other version is so important that some developers include it as a prerequisite for the functioning of their program. This is usually how all sorts of gaming applications behave. Here is a good example – games from the 4Game service. At the dawn of the service, it was necessary to first download a special client for drivers, but over time they decided to simply build everything they needed into browsers. This change led to a radical change in the protection policy, which was called “Frost”.

    The only problem is that the new policy does not work without first disabling mandatory verification driver signatures. Here, however, you will have to “turn off” your questions about how this can official service suggest disabling the official system protection against piracy and viruses. But, in the end, Microsoft itself provides this opportunity. Well, then the developer’s policy in this case is not included in the current subject of the proceedings, especially if Microsoft is “not against it.”

    Ways to disable driver digital signature verification

    There are several ways to solve the problem of how to disable digital signature of drivers in Windows 7, 8 and all subsequent versions. Many of them are very similar to each other. The first possibility is that you will need to work on a computer with system administrator rights. We start working with the command line - go to the Main menu of the system by clicking the “Start” button. Then select “My Programs” and “Standard”. In the list that opens - “Command Line”. In the “black window” that opens, in the prompt line, enter:

    • bcdedit.exe /set nointegritychecks ON to disable mandatory driver signature checking.

    To enable the check again, use a similar line, but with “OFF”:

    • bcdedit.exe /set nointegritychecks OFF

    Why disabling the check is ON, and enabling it is OFF can be understood from the name of the parameter used - “nointegritychecks”, which translates as “without carrying out internal checks”.

    Another possibility is also to use system utility bcdedit.exe at the command line. But here we act in two stages. First, type and run the utility with the value of the loadoptions parameter:

    • bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

    Then with the value of the signature testing parameter testsigning:

    • bcdedit.exe -set testsigning ON

    IN mandatory You need to wait until the “Operation completed successfully” message appears in the command window; it may appear after a short delay. Driver digital signature verification is now disabled. In order for the signature verification to work again, enter the same commands, but in reverse order and with different parameter values:

    • First bcdedit.exe -set testsigning OFF
    • Then bcdedit.exe -set loadoptions ENABLE_INTEGRITY_CHECKS

    The third option suggests disabling Windows 8 driver signature verification when the computer boots. This feature is very convenient if you just need to test the driver.

    So, when loading, use the F8 key to enter boot menu system, and there we select the boot with the cancellation of driver signature verification - Disable driver signature enforcement. When the system boots, you can install any drivers, with or without signatures, they will not be checked. Here, however, you need to understand that this opportunity only works until the system is rebooted.

    The fourth option involves using the Local Group Policy Editor operating system, although it does not work fully on all versions of Windows. We proceed as follows - in the Main menu of the system, select “Run” and in the line to execute type gpedit.msc. We launch the Group Policy program, which opens the window of the same name. In the window on the left, go sequentially along the folder path - “User Configuration” - “Administrative Templates” - “System”. Next, select “Driver Installation” and the “Digital Signature” parameter, which needs to be changed.

    To change, either double-click on the parameter with the mouse or select the inscription on the left - “Change parameter”. To disable, select the “Disabled” switch and accept the changes (OK or “Apply” button). All Group Policy settings are enabled without rebooting the system, although if you have any doubts, you can reboot and at the same time check the status of the setting again.

    We pay attention to one feature - the “Warn” switch. Selecting it when using an unsigned driver will nevertheless allow you to complete the driver installation, but it will not be accepted for work anyway.

    Well, the last, already radical option is to forcefully sign the driver, which can also be done via the command line using the pnputil utility:

    • pnputil –a<полное имя файла драйвера>. Under " full name" means a string in the format:
    • <диск>:<путь по папкам>/<имя файла>.<расширение файла>

    Conclusion

    When influencing the operating system's operating policy with digital driver signatures, you need to understand that you are interfering with the operation of the system itself, changing its environment, primarily security. And it’s not so much a matter of viruses, it’s a matter of the correct operation of the “left” driver that is supposed to be used. Errors in driver implementation can be worse than dangerous virus. The result is the same - complete inoperability of the system and the need to reinstall it. Nevertheless, manipulating this internal security tool is very useful for understanding the functioning of the operating system itself.

    Modern operating systems are not easy to install drivers; they require that these drivers have a special digital signature. Sometimes you have to bypass this requirement and install drivers without a digital signature. If you want to install some special device in Windows 7 or you have a non-proprietary driver on hand, then you have to bypass digital signature verification and require that this Windows function be disabled.

    Unfortunately, Windows 7 does not allow you to disable driver digital signature verification as easily as previous versions given operating system (for example, XP). Before downloading a driver for any device, you will definitely be required to digitally identify this program in terms of its signature. If Windows 7 does not detect the signature and the driver does not will be tested, then the most likely behavior of the OS would be to disable the device.

    On the one hand, the need to have precisely branded drivers in Windows 7 is an urgent need, but on the other hand, very often such programs do not pass verification and the user is faced with the task of installing a driver bypassing system protection.

    Sometimes the digital signature in Windows 7 turns out to be a yoke. How to make it so that this procedure did it interfere with driver installation? In other words, how to disable digital signature verification and avoid the appearance system message something like the one in the picture below:

    Let's look at possible alternatives.

    A special way to boot the system

    In Windows 7, there is one interesting opportunity to completely abandon signature verification - we are talking about special version system boot. This function can be disabled when the OS starts by pressing the F8 key. The result is something familiar to everyone. system menu, in which you need to select the item “Disable mandatory driver signature verification” or in the English version - “Disable Driver Signature Enforcement”. As soon as you log into Windows this way, all checks will be removed. In order not to be unfounded, we present the corresponding picture:

    However, this method has one drawback. You can boot in this way and test the equipment. But once you log in in the usual way– the equipment installation will fail. So this option can only be offered for testing.

    Applying a special group policy

    Another option is to enable a specific Group Policy. You need to do it like this:

    • Go to the editor group policies. To do this, in the “Run” window of the “Start” menu, type the command gpedit.msc.
    • On the left panel we find a section called “User Configuration->Administrative Templates->System->Driver Installation”.
    • In the panel on the right, double-click on the inscription “Code Signing for Device Driver s".
    • An options window will appear, in which you need to set the “Enabled” switch at the top, and select the “Ignore” value at the bottom, as in the figure:

    This will allow you to completely disable the digital signature of drivers in Windows 7 and install any hardware without problems. This option does not suffer from the disadvantages of the alternative above. If you complete the installation, you can be sure that it will be saved even after the system is rebooted.

    Working with the command line

    As always comes to the rescue Windows console. Use it to disable unnecessary function can be done like this:

    • We go to the console by cmd command in the Run window.
    • We type the following sequence of commands:

    (after each of them press “Enter”).

    Then we restart the computer and admire the result. This is exactly what we needed.

    Another thing is that the installation unsigned drivers– the event is by no means safe. Whether you need to do this or not is up to you to decide. After all, installing this kind of system programs can result in the crash of the operating system. It's good if you can roll back the system to original condition in safe mode.

    But this does not always work out. The most reasonable solution is to look for signed device drivers, and don’t fool yourself. This can be done on the websites of manufacturers of specific equipment. It happens that we don’t even think about going to a company website, but grab the first ones we come across. system programs on the first website you come across.

    To prevent this from happening, carefully read the user manual that comes with any peripheral - they will probably point you in the right direction.

    We wish you good luck in this matter!

    Windows 8 has a special security module installed that is responsible for blocking the process of installing drivers on your computer without a digital signature. What's the point? Essentially, such a firewall provides reliable protection PC from Trojans, spyware and others unwanted programs. It would seem that the advantages are obvious. However, such a precaution is unlikely to fit into the plans of users who need to update their software outdated devices. In this case, the only thing left for them is to disable the verification of its signature in OS Windows 8 during driver installation.

    You can perform a similar procedure in several ways. However, regardless of the method chosen, to disable driver digital signature detection, you must make sure that the software installed on your computer does not contain a virus or any other threat to the system, otherwise the consequences may be very unpredictable.

    Method number 1: Disable via boot options

    In order to disable digital signature verification for one specific driver in OS Windows 8 once, the easiest way is to reconfigure the system from the “Boot Options” menu. To do this, use the +I key combination to open the “Options” tab in the Charm Bar. After this, click on keyboard Shift and, holding it down, click the “Shutdown” button and select “Reboot” from the menu that appears:

    Now open the “Diagnostics” section, find the “Advanced parameters” item in it and click on it with the mouse:

    As a result, the “Download Options” window we need will appear. Now the only thing left is to press F7 or just the number 7 on the keyboard to disable checking the installed driver for a digital signature on our computer in Windows 8:

    It is worth noting that disabling security mode is only valid for one PC session. This means that the next time the system is rebooted, the process of blocking unsigned drivers in Windows 8 while they are being updated will be automatically activated. In this case, all previously installed, working “firewood” that does not have a digital signature will not be affected.

    Method number 2: Disable using the gpedit.msc command

    In the event that you need to install several unsigned “firewood” in Windows 8 in different times, it is more logical to completely disable the digital signature detection function through the Local Group Policy Editor. In order to run it, press +R on the keyboard, set the command gpedit.msc for the “Run” utility that opens and click the OK button:

    The next step is to open the “User Configuration” folder in the menu on the left in the system window that appears, select “Administrative Templates” in it and go to the “System” section. After that, go to the “Driver Installation” folder, find the “Digital signature...” parameter in it and double-click on it with the mouse:

    Now in the window that appears, check the box next to the “Enabled” option, select “Skip” as an option for Windows 8 when updating the “firewood” and click OK to save the settings:

    As a result of such simple manipulations, we will be able to perform complete shutdown registration of firewood installed on a PC. As you can see, this process is not at all complicated. The only thing is that before you completely disable the blocking of detection of unlicensed software, do not forget to check the installed programs antivirus program so as not to accidentally attract viruses to your operating system.

    Starting from Windows Vista Microsoft has introduced an additional level of protection for its 64-bit systems - Device Driver Signature Enforcement. This means that you can only install and use drivers that have been certified by Microsoft. In addition to increasing the level of security, this, of course, led to the fact that quite large number devices running in 32-bit Seven do not work in 64-bit (driver certification is not a free procedure). This article is about how you can try to get around this limitation.


    0. Before you start, download the DSEO (Driver Signature Enforcement Overrider) utility from the developer’s website - http://www.ngohq.com/home.php?page=dseo (no installation required).

    1. We log into Windows as an “administrator” (I used the main Administrator account with the RID-500; in the Professional version it’s not difficult to enable it, but that’s not the point - a regular “administrator” is quite enough).

    2. and reboot.

    3. After reboot, open the command line. The easiest way to start it is: Start -<вводим в графе поиска cmd> — <после того как поиск найдёт cmd> — click on the shortcut cmd. Alternative option: Start -> All Programs -> Accessories -> Command Prompt.

    4. In the window command line run the following command:

    bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS , where DDISABLE is not a typo!

    5. Launch the utility DSEO. You can run it from any directory, any drive :)

    After launch, as usual, “accept license agreement" - yes, and then select the option "Enable Test Mode" (enable test mode) and click “Next”:

    The program will warn you that you can only load “self-signed” drivers in “Test Mode”, but for it to take effect you need to reboot again:

    To exit the program, select the “Exit” option and click “Next”.

    Let's reboot.

    6. After the reboot, run DSEO again and select the “Sign a System File"(sign the system file) and "Next":

    7. The program will ask you to specify the path to the signed driver. To do this, copy the “problem” driver files from the installation CD or extract them from the archive (if you downloaded them from the Internet) somewhere on hard drive- the main thing is to remember and/or copy the exact address of the drivers from address bar“Explorer”, not forgetting to indicate the name of the driver itself (a driver is a file with the .sys extension) since they can be located not only in the directory where you copied/extracted, but also in its subdirectories!!! After specifying the driver location, click OK. Perform this operation for all drivers - only the file name, or a subdirectory with the name will change in the address:

    P.S. If the device is already installed, but does not work without a blocked driver, then you most likely need to look for the driver in C:\Windows\system32\drivers, look in the “Device Manager” (Start - Control Panel - Administrative Tools - Computer Management) next to which device is located question mark - then there will be a device without a driver. Double-click on the name of this device and select “Driver” - “Information” in properties, where you will see the address(es) of the driver(s).

    Actually, I don’t recommend doing this, because if you try to install the driver without Windows signatures Not only does it not load it into RAM memory for execution, but it also erases the link to it from the “HKLM\SYSTEM\CurrentControlSet\services\” branch of the registry as a service!!! Normal operation such a device without service configuration (such as startup and settings) is hardly possible (in fact, it simply isn’t :(!!!), so it’s better to remove this device completely by any means, and then sign the drivers and install it again!!!

    8. After signing all the drivers, you can check that the operation was completed correctly: select the signed driver, open it context menu, select Properties and then Digital Signatures. If you did everything correctly, you should see something like this:

    9. Now the driver can be installed. As a rule, we click on “Setup.exe” and off we go…………..

    If Windows “swears” (and it obviously won’t miss such a moment) and displays a dialog box like this:

    - then we are not afraid and answer stupid questions accordingly!

    10. After completing the installation process, you can (and should) make sure that the driver is installed correctly - to do this, look at the Windows “System” log in “Computer Management”; if in the “minutes of installation time” there is only “Information” - then everything is in order (true not always - there may be “deplorable” information), but as a rule, “failure” is displayed as “Warning” or “Error” - then everything is bad:

    If you no longer use the DSEO utility, then turn on “Control accounts“For the security of the system, if you are planning to “sign” something else, it is better to do it right away, since with “User Account Control” enabled, DSEO will not start!!!

    Notes:

    1. To prevent our “self-signed” drivers from being blocked by Windows, we cannot disable the test mode (never!!!), which is evidenced by the “not very pleasant” information about the OS build version in the lower right corner of the Desktop, which, however, you can get rid of - DSEO has this option - “Remove Watermarks”.

    2. Not all drivers “prepared according to this recipe” can be installed without problems, for example, ASUS’s drivers turned out to be “the most persistent” in “disobeying” the installation - at least on my machine, which itself is ASUS.

    As I understand it, this is most likely not because of the signatures, but because of the peculiarity of their low-level operation - since I received errors not about the signatures, but simply - “a window with a red cross” (and one button - OK) - impossible put it and that's it! Although earlier, when I was working under XP, everything was as it should be - I didn’t see a single “BSOD” because of them, but Microsoft sometimes got “naughty”. This is about the question of correctness... but Microsoft knows better :) :) :)

    3. With “Test Mode” turned on all the time, and especially when working on the Internet, there is a certain risk of installing on your machine the same drivers “prepared” by someone in the same way, and kernel mode drivers - and this is no longer funny!!!

    So, under no circumstances should you go online as “Administrator”, because the most best antivirus— a head on his shoulders, with a thinking brain, of course!

    Let's look at how to disable checking digital signatures of drivers. If you try to install a file without such a signature, errors may occur or the system may refuse to install. The only way to solve the problem is to disable the function.

    To find where the digital signature settings window is located in your operating system, follow the instructions that apply to your operating system. After deactivating the option, you can easily install any programs and libraries that do not have a signature ID.

    Why is a driver digitally signed?

    A digital signature is a so-called mark on a file or library that guarantees its security. It is necessary so that the user can find out about the origin and developer of the application. The signature is also verified by the operating system itself. initial stage installation of any executable file.

    If this attribute is missing or certain errors are found in it, the installation will not begin, and the user will be notified of the possible danger that may result from using an unidentified program.

    The digital signature is displayed in a pop-up window as soon as the user starts installing the executable file. In this window, you must give the OS additional permission to run the installation wizard. Here you can see the name of the certificate. It is indicated after the program name. The figure below shows an example of window display User Account Control, in which the application's digital signature is the Publisher field.

    Rice. 1 – example of a program certificate verification window

    The digital signature is embedded not only in standard applications And system libraries. It can also be found in driver software. A driver is a program that is responsible for configuring the operation of PC hardware components and devices connected to it (video card, mouse, keyboard, printer, microphone, etc.). As a rule, all drivers are installed through the Device Manager window. It can be configured automatic update configurations for any connected device.

    Users often download drivers from third party sources. Some of them may be custom (unofficial), so a certified signature is almost always missing in such files. In this case, the computer will detect the absence of an identifier and you will not be able to complete the installation.

    Also, configuration errors may occur on Windows. Because of this, even a driver with an official digital signature can be detected as potential threat security for PC. 64-bit versions of the OS immediately block installation and delete the application file if the digital signature is not detected.

    The window that appears Windows errors may display one of the following problems:

    • “No driver signature”;
    • “The system cannot verify the program manufacturer”;
    • "Windows requires a digitally signed driver."

    Rice. 2 – example of a Windows Security error window

    The easiest solution to the problem is to disable digital signature verification. The process for configuring this setting may vary depending on the version of Windows installed on your computer.

    Before disabling this feature, the user must be aware of all possible threats for the operating system and computer. The system may not recognize the signature due to its forgery or unsafe content. In most cases, it's best to avoid using apps without a digital ID.

    Disabling the function in Windows 7

    In Windows 7, the system Group Policy Editor is responsible for the option to enable/disable signature verification. Its window can be opened using the command line. Follow the instructions:

    • Open the Run window by pressing the Win and R buttons simultaneously;
    • Enter the command shown in the figure and click OK;

    Rice. 3 – command to open a window with a Windows policy group

    • In the window that appears, open the “User Configuration” tab. Then click on “Administrative Templates”. In the “System” tab, click on the “Driver Installation” option;
    • In the right part of the window, select “Digital signing of devices”;

    Rice. 4 – “Driver Installation” tab in the OS Group Policy window

    • Disable ID verification in the new window and save your changes.

    Rice. 5 – disable scanning for Windows 7

    Instructions for Windows 8 and 8.1

    For both Windows versions 8, disabling driver signature verification occurs in the same way. As in the previous option, you need to work with the Local Group Policy Editor. Enter the gpedit.msc command in the Run window to open the Settings window or enable the Policy Editor through the Control Panel. Next, follow these steps:

    • On the left side of the window, go to the “System” directory, as shown in the figure below, and go to the driver installation policy folder. In the right part of the system window, click on the “Digital signature” item with the right mouse button.

    Rice. 6 – check option status

    • Click on "Edit";
    • In the new window, select the “Enabled” option, and then set the “Options” column to “Skip”;
    • Click OK and exit the Group Policy Editor.

    Now, even after rebooting the operating system, checking for a digital signature will not be enabled. To enable the function, go back to the system editor window and configure the verification parameter.

    Rice. 7 – disable scanning in Windows 8 and 8.1

    Another way to disable the function is to use the command line. You can disable the option by entering one simple command. Go to the Run window and launch Command Line using the cmd line:

    Rice. 8 – command to activate the line

    In the window that opens, enter the command shown in the figure below. For restart options change the identifier OFF to ON.

    Rice. 9 – command to disable signature verification

    Instructions for Windows 10

    Most features and options new Windows 10 are similar to the eighth version of the system. Disabling the option constant checking digital driver identifiers are carried out in the Group Policy window:

    • Go to the editor as shown in the instructions for Windows 8;
    • Open the window for enabling/disabling signature verification;
    • Select "Disabled";
    • Leave the field empty in the parameters column;
    • Save your changes.

    Rice. 10 – disable the option in Windows 10

    If there is no zero (empty) value in the drop-down list, select “Skip”. To deactivate using the command line, you need to use two commands. The first is for loading options, the second is for disabling the function. Both commands and the order in which they are executed are shown in the figure below:

    Rice. 11 – Disable using Command Line in Windows 10

    Disabling Windows Defender

    Newer versions of Windows OS (8.1 and 10) have a built-in defender, which also checks the security level of any executable file. Sometimes, simply disabling digital signature verification may not be enough, because Defender may identify the file as dangerous. In this case, it will be immediately deleted or quarantined (depending on the defender settings).

    Fig. 12 – Windows Defender main window

    If, after disabling driver signature verification, a system window appears about unsafe content in a file, you must disable the service to continue installing it Windows Defender. Follow the instructions:

    • Open a Windows Defender window;
    • Check the utility's operating status, and then click on the “Options” tab;
    • You will be redirected to settings Windows systems. In it you need to disable the real-time protection and cloud protection options.

    Fig. 13 - disabling Windows protection

    Installing drivers without a digital signature should only be done if you are absolutely sure that the file is safe. For example, if you are a developer and have created an application that does not yet have a signature.

    The installation file is reliable if you downloaded it from the developer's site. Often latest versions drivers may be incorrectly detected by the digital signature verification server. This indicates that the developer has not yet entered the identifier data into the system or that work on improving the driver is still active. In this case, disabling signature verification and the protector will not cause any damage to the installed operating system.

    Disabling the function via BIOS

    You can disable the signature verification function through the BIOS while loading the operating system. This method is only suitable for those drivers that install components without the need to further reboot the device. Follow the instructions:

    • Turn on your computer and activate the BIOS. To do this, in the first few seconds after pressing the Power key, click on F8 or another key that is indicated in the boot window;
    • Navigate the menu using the up and down keys. Selecting is pressing the Enter key. Go to the window additional parameters downloads;
    • Select "Disable Driver Signature Verification".

    Fig. 14 - disabling scanning in BIOS

    As a result of selecting this field, Windows will reboot and start in a mode that does not provide for checking the digital signature of the driver software. You can now install the component. The installation error and prohibition window will not appear.

    It is worth noting that this mode will only be active until the next reboot of the computer. Make sure that the driver is working correctly, otherwise it may be deactivated after turning on the system again. If the warning window still appears during the installation phase, simply close it and the process will continue automatically without changes.

    Create a digital signature manually

    If for some reason you were unable to disable the function or the system still requires a digital signature for the installation file, you should assign this identifier to the driver yourself. You can use a number of special applications for this.

    DSEO is a popular utility for installing and editing digital signatures for any type of software. Follow the instructions:

    • After installing DSEO, open the program as an administrator;
    • In the main window, select Test Mode and go to the next window by pressing the Next button;
    • Click on the Sign a System Mode option to sign a specific system file and click on Next again;
    • In the pop-up window, select the file for which a suitable digital signature will be created and click OK;
    • Wait for the process to finish running and close the program.

    Now you can install the selected driver on your computer.

    Fig. 15 – working in the DSEO program

    Video instructions

    Disabling digital signature verification of Windows 7 x64 drivers

    How to disable driver digital signature verification in Windows

    Read more: