en-US

Enable Certificate Padding

Supported on: At least Windows Server 2008 R2 or Windows 7

Registry

HKLM Software\Microsoft\Cryptography\Wintrust\Config

Description

Enabling this setting will cause the WinVerifyTrust function to perform strict Windows Authenticode signature verification for Portable Executable files (PE files). After you opt in, PE files will be considered "unsigned" if Windows identifies content in them that does not conform to the Authenticode specification. This may impact some installers. If you are using an installer that is impacted, Microsoft recommends using an installer that only extracts content from validated portions of the signed file. Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900