Re: Security warning

Raffaele,

Well, that depends on how and from where you downloaded those files.
When you downloaded a file from the Web on SP2 machine, Windows automatically marks the file attachment with its zone information
(such as Restricted, local, internet..). Based on file's zone information Windows assigns a proper risk level (High, Moderate, or
Low).

To prevent Windows from checking Zone Information in files when user tries to open them in Windows Explorer you can set up the
following key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;" (or
whatever types you want to see here)

On the machine where you are trying to download the files to prevent Windows from preserving Zone Information in file attachments
you may want to set the following key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:1

But I'd go and try the first key on your XPe image to not even worry about the file signatures for the defined types.

--
=========
Regards,
KM


"crus" <crus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:O6d8WzkDHHA.952@xxxxxxxxxxxxxxxxxxxxxxx
I find also that all .EXE that gives security warning when run show a
security message in their Property :
"this file comes from an other computer and might be blocket to protect this
computer"
a button "unblock" is on side to make disappear this message and to allows
free use of the file.
As I said in my first message all files that behaves this way are installed
by components some already available and some ( as igfxcfg.exe ) that I made from Intel device drivers with CD.


"KM" <konstmor@xxxxxxxxxxxxxxxx> ha scritto nel messaggio
news:%23YNWRZaDHHA.4928@xxxxxxxxxxxxxxxxxxxxxxx
Raffaele,

I'd say that you fixed that the right way on an embedded system where you
control what Exe's are to be launched.
You could also fix it by modifying the following reg.entries directly:
[HKCU\Software\Policies\Microsoft\Internet
Explorer\Download],"RunInvalidSignatures"
[HKCU\Software\Policies\Microsoft\Internet
Explorer\Download],"CheckExeSignatures"

If you want to know why you're seeing the warning you probably want first
to debug what file [exe] is the "wrong" one. (just remove all the agent
apps from the Run key and launch them at run time manually to see which
one shows the warning)


--
=========
Regards,
KM


"crus" <crus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e5mr4QJDHHA.3660@xxxxxxxxxxxxxxxxxxxxxxx
I've got a new SP2 image, everything is working but during start-up
appear some
-Security Warning Dialog boxes - saying that:
"The publisher could not be verified. ......"
Then I press the run button for all messages and than I have the full
system OK.
This should means that files are not digitally signed.
After that I can install applications, even old ones, but this warning
doesn't appears any more, until next startup.
Files that are indicated as digitally unsigned get executed at start up
and are listed in the registry key
HKLM\Microsoft\Windows\CurrentVersion\Run
they are tray applications loaded by driver components as
hwincal.exe, (touch) igfxtray.exe,( intel video driver) hkcmd.exe,
igfxpers.exe

To check this behavior I started the GroupPolicy Editor ( gpedit.msc)
where I find everything undefined, and set the Attachment Manager
"inclusion list for low files types" to disable warning for ALL .exe
files. With this setting the warning box is not shown, but this is not
the way to understand what is wrong.

I looked in FBA log and found RegSetKeySecurity Failed Error: 0x6
that seems someway related.
I hope that someone can give help to understand what's happening.
Raffaele









.