Tool: PSScriptPad
Version: 2023.9.0
the exe file created by PSScriptPad triggered anti malware alert and got removed by windows defender.
I had to sign the exe file with my code signing certificate, which I didn’t have to do earlier.
questions follows:
thanks!!
Hi,
When you want to automatically sign by creating a exe, check: Package.psd1 - PowerShell Pro Tools (poshtools.com)
Scroll down to the header, “certificate” and if that’s done the exe will be signed automatically. Also possible to automatically sign your Powershell files on save in VS-Code and VS-Studio
and in Powershell Universal (I can’t find the documentation page, but I’m sure I did see it somewhere these days.
Also instead of using Signtool, I like more the Powershell command: Set-AuthenticodeSignature
$cert = (Get-ChildItem -Path "Cert:\CurrentUser\My" `
-CodeSigningCert)[0]
Set-AuthenticodeSignature -Certificate $cert `
-FilePath "Your full path to ps1, psm1, psd1" `
-TimestampServer "http://timestamp.yourcodesigner"
Set-AuthenticodeSignature -Certificate $cert `
-FilePath "Your full path to exe" `
-TimestampServer "http://timestamp.yourcodesigner"
Set-AuthenticodeSignature -Certificate $cert `
-FilePath "Your full path to dll" `
-TimestampServer "http://timestamp.yourcodesigner"
Set-AuthenticodeSignature -Certificate $cert `
-FilePath "Your full path to your MSI" `
-TimestampServer "http://timestamp.yourcodesigner"
And off course you can use it in combination with foreach, from “get-childitem” with a filter before and after compiling.
I like “Set-AuthenticodeSignature” more, because It’s a official Powershell command and runs with default Powershell input and output.
If you have a USB dongle, with SafeNet Authentication. You can set “Single Sign On”, so you don’t need to insert your password on every sign. Only some time’s a day.
Thanks, I saw Package.psd1 has implemented the signing function and your powershell suggestions are nice as well!!