On Sat, May 3, 2025 at 8:21 PM Roland Mainz <roland.ma...@nrubsig.org> wrote: > Is it somehow possible that the CI+Release binaries (*.exe, *.dll) can > be signed with signtool > (https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) ? > It seems that Microsoft Defender has become overly aggressive to some > Cygwin binaries (mostly /usr/bin/hostname, /usr/bin/find, /usr/bin/tar > etc.) in the last couple of weeks and just blocks them. > > Our IT supports that they can "whitelist" binaries based on their > cryptographic signature... but neither the binaries from the CI nor > the Release binaries have any signatures...
BTW: The Windows Defender rule which causes /usr/bin/find.exe, /usr/bin/hostname.exe etc. to be blocked is "Block use of copied or impersonated system tools" (C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB) ... ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.ma...@nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;) -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
