I suggest you ...

Support automatic Code Integrety Certificate Management

Securing Win10 systems with Device Guard properly will include the need for enterprises to implement the generation and management of digitally signed catalog files for applications that are not delivered as signed (or also in cases where they don't trust the vendor signing).

App-V could be an excellent place to help the enterprise do this. As part of sequencing, the sequencer knows what all of the binary components are. It can generate the hashes and create the catalog file as part of the capture (what PackageInspector.exe does today). The sequencer VM could be pre-prepped with the code signing cert in the store, the sequencer (perhaps when a new "advanced" checkbox is selected along with a place to enter the password required to use the private key?) signs the catalog file placing it in the scripts folder. It then adds an add & remove script automatically to the internal AppXManifest file to cause copy/remove of the catalog file to the appropriate client system catroot/GUID folder.

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base