Package Failed Authenticode Verification

Purpose

When attempting to download a package (automatically or manually) from the Package Library in PDQ Deploy you receive the following error, or similar, "Package Failed Authenticode Verification".

Resolution

The error is caused by the Microsoft Authenticode signature failing to be verified on the package being downloaded from the Package Library.

Causes and resolutions for this failure can include the following:

Cause: The root certificates Windows uses to verify Authenticode signatures are corrupt or missing. See this Microsoft Knowledge Base article for more information.
Resolution:

  1. Ensure the root certificates are installed (see the KB article mentioned above). Since root certificates are installed from Windows Update, ensure the PDQ console computer is fully patched with all root certificate updates.
    • The two Trusted Root certificates specifically needed for Package downloads are:
      • DigiCert Trusted Root G4
      • VeriSign Class 3 Public Primary Certification Authority - G51.png
  2. Ensure the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate does not exist or is set with a DWORD value of 0 (a setting of "1" will prevent new root CA updates on the PDQ console computer).

Cause: The PDQ server is unable to check for publisher's certificate Revocation and Check for signatures on downloaded programs.
Resolution: Ensure the "State" value in the following registry location on your PDQ server is set with a hex value of "23c00" (This value corresponds to the Internet Explorer security setting Check for publisher's certificate Revocation and Check for signatures on downloaded programs).
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

2.png

Cause: You are running a version of PDQ Deploy older than version 14.2.
Resolution: Update to PDQ Deploy version 14.2 or the latest release version (recommended).

Cause: The file(s) being downloaded were altered or corrupted during download.
Resolution: Ensure nothing is corrupting the file(s) being downloaded, such as an edge device/antivirus, and try the download again.

In other cases not covered by the above, the error message will contain additional information that should narrow down the possible cause.

See Also

Article - Recommended Antivirus/Antimalware Exclusions for PDQ Products

Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.