Npcap OEM 0.9990: Driver install warning/prompt on WS2008R2; silent install fails #107
Description
Greetings,
On a fully patched Windows Server 2008 R2 x64 (including the all-important SHA2 patch, KB3033929), I am still getting failures of silent installation thanks to "untrusted" drivers. Comodo's CA certs are added to Windows trusted root and intermediate cert stores, and Insecure.com LLC certificate is added to the trusted publishers store. Npcap 0.9984 (the last version signed by DigiCert, as opposed to Comodo) does not suffer from this problem. The below logs indicate that Windows can't build the certificate chain up to a trusted root (which is, for kernel drivers, apparently only "Microsoft Code Verification Root"). But I can't seem to find any fault with the driver package; its npcap.cat seems to include all intermediate certificates, including COMODO RSA Certification Authority cross-signed by Microsoft Code Verification Root. What's worse, signtool.exe /kp validates the package just fine on the target system!
Note that the prompt is different than an unsigned driver prompt that you'd see on Windows Server 2008 (non-R2) which does not support SHA2 signatures.
Contents of NPFInstall.log:
NPFInstall.log
[00000C68] 2020-04-16 18:41:23 --> wmain
[00000C68] 2020-04-16 18:41:23 _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000C68] 2020-04-16 18:41:23 _tmain: executing, argv[1] = -n.
[00000C68] 2020-04-16 18:41:23 _tmain: executing, argv[2] = -c.
[00000C68] 2020-04-16 18:41:23 --> ClearDriverStore
[00000C68] 2020-04-16 18:41:23 --> executeCommand
[00000C68] 2020-04-16 18:41:23 executeCommand: executing, strCmd = pnputil.exe -e.
[00000C68] 2020-04-16 18:41:23 executeCommand: result = Microsoft PnP Utility
Published name : oem0.inf
Driver package provider : Microsoft
Class : Printers
Driver date and version : 06/21/2006 6.1.7600.16385
Signer name : Microsoft Windows
Published name : oem1.inf
Driver package provider : Microsoft
Class : Printers
Driver date and version : 06/21/2006 6.1.7601.17514
Signer name : Microsoft Windows
Published name : oem2.inf
Driver package provider : Citrix Systems, Inc.
Class : Storage controllers
Driver date and version : 06/15/2012 6.0.2.56921
Signer name : Microsoft Windows Hardware Compatibility Publisher
Published name : oem3.inf
Driver package provider : Citrix Systems, Inc.
Class : System devices
Driver date and version : 07/19/2011 5.9.960.49119
Signer name : Microsoft Windows Hardware Compatibility Publisher
Published name : oem4.inf
Driver package provider : Citrix Systems, Inc.
Class : System devices
Driver date and version : 03/15/2012 6.0.2.54160
Signer name : Microsoft Windows Hardware Compatibility Publisher
Published name : oem5.inf
Driver package provider : Citrix Systems, Inc.
Class : Network adapters
Driver date and version : 07/19/2011 5.9.960.49119
Signer name : Microsoft Windows Hardware Compatibility Publisher
Published name : oem6.inf
Driver package provider : Citrix Systems, Inc.
Class : System devices
Driver date and version : 01/20/2012 6.0.2.52988
Signer name : Microsoft Windows Hardware Compatibility Publisher
.
[00000C68] 2020-04-16 18:41:23 <-- executeCommand
[00000C68] 2020-04-16 18:41:23 --> getInfNamesFromPnpUtilOutput
[00000C68] 2020-04-16 18:41:23 <-- getInfNamesFromPnpUtilOutput
[00000C68] 2020-04-16 18:41:23 <-- ClearDriverStore
[00000C68] 2020-04-16 18:41:23 _tmain: succeed, nStatus = 0.
[00000C68] 2020-04-16 18:41:23 <-- wmain
[00000EF8] 2020-04-16 18:41:23 --> wmain
[00000EF8] 2020-04-16 18:41:23 _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000EF8] 2020-04-16 18:41:23 _tmain: executing, argv[1] = -n.
[00000EF8] 2020-04-16 18:41:23 _tmain: executing, argv[2] = -iw.
[00000EF8] 2020-04-16 18:41:23 --> InstallWFPCallout
[00000EF8] 2020-04-16 18:41:23 --> GetWFPCalloutInfFilePath
[00000EF8] 2020-04-16 18:41:23 lpFilename = C:\Program Files\Npcap\NPCAP_wfp.inf
[00000EF8] 2020-04-16 18:41:23 <-- GetWFPCalloutInfFilePath
[00000EF8] 2020-04-16 18:41:23 --> isFileExist
[00000EF8] 2020-04-16 18:41:23 FindFirstFile: succeed, szFileFullPath = C:\Program Files\Npcap\NPCAP_wfp.inf.
[00000EF8] 2020-04-16 18:41:23 <-- isFileExist
[00000EF8] 2020-04-16 18:41:23 LaunchINFSectionEx: executing, szCmd = C:\Program Files\Npcap\NPCAP_wfp.inf,DefaultInstall,,36,N.
[00000EF8] 2020-04-16 18:41:23 <-- InstallWFPCallout
[00000EF8] 2020-04-16 18:41:23 _tmain: succeed, nStatus = 0.
[00000EF8] 2020-04-16 18:41:23 <-- wmain
[00000578] 2020-04-16 18:41:23 --> wmain
[00000578] 2020-04-16 18:41:23 _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000578] 2020-04-16 18:41:23 _tmain: executing, argv[1] = -n.
[00000578] 2020-04-16 18:41:23 _tmain: executing, argv[2] = -i.
[00000578] 2020-04-16 18:41:23 --> PacketInstallDriver60
[00000578] 2020-04-16 18:41:23 --> InstallDriver
[00000578] 2020-04-16 18:41:23 --> GetServiceInfFilePath
[00000578] 2020-04-16 18:41:23 lpFilename = C:\Program Files\Npcap\NPCAP.inf
[00000578] 2020-04-16 18:41:23 <-- GetServiceInfFilePath
[00000578] 2020-04-16 18:41:23 --> InstallSpecifiedComponent
[00000578] 2020-04-16 18:41:23 --> HrGetINetCfg
[00000578] 2020-04-16 18:41:23 <-- HrGetINetCfg
[00000578] 2020-04-16 18:41:23 --> HrInstallNetComponent
[00000578] 2020-04-16 18:41:24 SetupCopyOEMInfW: error, errCode = 0xe0000247.
[00000578] 2020-04-16 18:41:24 <-- HrInstallNetComponent
[00000578] 2020-04-16 18:41:25 Error 0xe0000247: Couldn't install the network component.
[00000578] 2020-04-16 18:41:25 --> HrReleaseINetCfg
[00000578] 2020-04-16 18:41:25 <-- HrReleaseINetCfg
[00000578] 2020-04-16 18:41:25 <-- InstallSpecifiedComponent
[00000578] 2020-04-16 18:41:25 Error 0xe0000247: InstallSpecifiedComponent
[00000578] 2020-04-16 18:41:25 <-- InstallDriver
[00000578] 2020-04-16 18:41:25 <-- PacketInstallDriver60
[00000578] 2020-04-16 18:41:25 _tmain: error, nStatus = -1.
[00000578] 2020-04-16 18:41:25 <-- wmain
Contents of SetupAPI.dev.log:
>>> [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]
>>> Section start 2020/04/16 18:41:23.881
cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i
sto: {Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 18:41:23.959
sto: Importing driver package into Driver Store:
sto: Driver Store = C:\Windows\System32\DriverStore (Online | 6.1.7601)
sto: Driver Package = C:\Program Files\Npcap\NPCAP.inf
sto: Architecture = amd64
sto: Locale Name = neutral
sto: Flags = 0x00000008
sto: Copying driver package files to 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'.
inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000000
flq: SourceRootPath - 'C:\Program Files\Npcap'
flq: SourceFilename - 'npcap.cat'
flq: TargetDirectory- 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000000
flq: SourceRootPath - 'C:\Program Files\Npcap'
flq: SourceFilename - 'NPCAP.inf'
flq: TargetDirectory- 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000000
flq: SourceRootPath - 'C:\Program Files\Npcap'
flq: SourceFilename - 'npcap.sys'
flq: TargetDirectory- 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {_commit_file_queue}
flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
flq: {_commit_copy_subqueue}
flq: subqueue count=3
flq: source media:
flq: SourcePath - [C:\Program Files\Npcap]
flq: SourceFile - [npcap.cat]
flq: Flags - 0x00000000
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Program Files\Npcap\npcap.cat'
flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA6.tmp'
flq: MoveFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA6.tmp'
flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.cat'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Program Files\Npcap\NPCAP.inf'
flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA7.tmp'
flq: MoveFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAA7.tmp'
flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Program Files\Npcap\npcap.sys'
flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAB8.tmp'
flq: MoveFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\SETDAB8.tmp'
flq: to: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.sys'
flq: {_commit_copyfile exit OK}
flq: {_commit_copy_subqueue exit OK}
flq: {_commit_file_queue exit OK}
pol: {Driver package policy check} 18:41:24.022
pol: {Driver package policy check - exit(0x00000000)} 18:41:24.022
sto: {Stage Driver Package: C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf} 18:41:24.022
inf: Opened INF: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf' ([strings])
inf: Opened INF: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf' ([strings])
sto: Copying driver package files:
sto: Source Path = C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}
sto: Destination Path = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000010
flq: SourceRootPath - 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'
flq: SourceFilename - 'npcap.cat'
flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000010
flq: SourceRootPath - 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'
flq: SourceFilename - 'NPCAP.inf'
flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000010
flq: SourceRootPath - 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}'
flq: SourceFilename - 'npcap.sys'
flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {_commit_file_queue}
flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
flq: {_commit_copy_subqueue}
flq: subqueue count=3
flq: source media:
flq: SourcePath - [C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}]
flq: SourceFile - [npcap.cat]
flq: Flags - 0x00000000
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.cat'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF4.tmp'
flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF4.tmp'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.cat'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\NPCAP.inf'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF5.tmp'
flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDAF5.tmp'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Windows\TEMP\{50e8902f-52c9-5639-1400-867485aeea30}\npcap.sys'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDB06.tmp'
flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\SETDB06.tmp'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.sys'
flq: {_commit_copyfile exit OK}
flq: {_commit_copy_subqueue exit OK}
flq: {_commit_file_queue exit OK}
sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE} 18:41:24.068
inf: Opened INF: 'C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf' ([strings])
sig: {_VERIFY_FILE_SIGNATURE} 18:41:24.068
sig: Key = NPCAP.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.cat
! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 18:41:24.895
sig: {_VERIFY_FILE_SIGNATURE} 18:41:24.895
sig: Key = NPCAP.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\NPCAP.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp\{728b893f-9701-7e58-e556-b66e7a175516}\npcap.cat
! sig: Verifying file against specific Authenticode(tm) catalog failed! (0x800b010a)
! sig: Error 0x800b010a: A certificate chain could not be built to a trusted root authority.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b010a)} 18:41:24.895
!!! sto: An unexpected error occurred while validating driver package. Assuming that driver package is unsigned. Catalog = npcap.cat, Error = 0x800B010A
!!! sto: Driver package is considered unsigned.
!!! ndv: Driver package failed signature validation. Error = 0xE0000247
sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0xe0000247)} 18:41:24.911
!!! sto: Driver package failed signature verification. Error = 0xE0000247
!!! sto: Failed to import driver package into Driver Store. Error = 0xE0000247
sto: {Stage Driver Package: exit(0xe0000247)} 18:41:24.911
!!! sto: Failed to stage driver package to Driver Store. Error = 0xE0000247, Time = 920 ms
sto: {Import Driver Package: exit(0xe0000247)} 18:41:24.911
inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
! inf: Add to Driver Store unsuccessful
! inf: Error 0xe0000247: A problem was encountered while attempting to add the driver to the store.
!!! inf: returning failure to SetupCopyOEMInf
<<< Section end 2020/04/16 18:41:24.989
<<< [Exit status: FAILURE(0xe0000247)]
Contents of SetupAPI.dev.log with version 0.9984 on the same system:
>>> [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]
>>> Section start 2020/04/17 03:57:21.087
cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i
sto: {Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 03:57:21.087
sto: Importing driver package into Driver Store:
sto: Driver Store = C:\Windows\System32\DriverStore (Online | 6.1.7601)
sto: Driver Package = C:\Program Files\Npcap\NPCAP.inf
sto: Architecture = amd64
sto: Locale Name = neutral
sto: Flags = 0x00000000
sto: Copying driver package files to 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'.
inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000000
flq: SourceRootPath - 'C:\Program Files\Npcap'
flq: SourceFilename - 'npcap.cat'
flq: TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000000
flq: SourceRootPath - 'C:\Program Files\Npcap'
flq: SourceFilename - 'NPCAP.inf'
flq: TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000000
flq: SourceRootPath - 'C:\Program Files\Npcap'
flq: SourceFilename - 'npcap.sys'
flq: TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {_commit_file_queue}
flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
flq: {_commit_copy_subqueue}
flq: subqueue count=3
flq: source media:
flq: SourcePath - [C:\Program Files\Npcap]
flq: SourceFile - [npcap.cat]
flq: Flags - 0x00000000
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Program Files\Npcap\npcap.cat'
flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC463.tmp'
flq: MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC463.tmp'
flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.cat'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Program Files\Npcap\NPCAP.inf'
flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC464.tmp'
flq: MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC464.tmp'
flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Program Files\Npcap\npcap.sys'
flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC465.tmp'
flq: MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\SETC465.tmp'
flq: to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.sys'
flq: {_commit_copyfile exit OK}
flq: {_commit_copy_subqueue exit OK}
flq: {_commit_file_queue exit OK}
pol: {Driver package policy check} 03:57:21.118
pol: {Driver package policy check - exit(0x00000000)} 03:57:21.118
sto: {Stage Driver Package: C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf} 03:57:21.118
inf: Opened INF: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf' ([strings])
inf: Opened INF: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf' ([strings])
sto: Copying driver package files:
sto: Source Path = C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}
sto: Destination Path = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000010
flq: SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'
flq: SourceFilename - 'npcap.cat'
flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000010
flq: SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'
flq: SourceFilename - 'NPCAP.inf'
flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {FILE_QUEUE_COPY}
flq: CopyStyle - 0x00000010
flq: SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}'
flq: SourceFilename - 'npcap.sys'
flq: TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}'
flq: {FILE_QUEUE_COPY exit(0x00000000)}
flq: {_commit_file_queue}
flq: CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
flq: {_commit_copy_subqueue}
flq: subqueue count=3
flq: source media:
flq: SourcePath - [C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}]
flq: SourceFile - [npcap.cat]
flq: Flags - 0x00000000
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.cat'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC482.tmp'
flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC482.tmp'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.cat'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\NPCAP.inf'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC483.tmp'
flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC483.tmp'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf'
flq: {_commit_copyfile exit OK}
flq: {_commit_copyfile}
flq: CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{55d512a3-f8b2-47da-76aa-da48bd0ab66a}\npcap.sys'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC494.tmp'
flq: MoveFile: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\SETC494.tmp'
flq: to: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.sys'
flq: {_commit_copyfile exit OK}
flq: {_commit_copy_subqueue exit OK}
flq: {_commit_file_queue exit OK}
sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE} 03:57:21.149
inf: Opened INF: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf' ([strings])
sig: {_VERIFY_FILE_SIGNATURE} 03:57:21.149
sig: Key = NPCAP.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.cat
! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 03:57:21.181
sig: {_VERIFY_FILE_SIGNATURE} 03:57:21.181
sig: Key = NPCAP.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\npcap.cat
sig: Success: File is signed in Authenticode(tm) catalog.
sig: Error 0xe0000241: The INF was signed with an Authenticode(tm) catalog from a trusted publisher.
sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 03:57:21.196
sto: Validating driver package files against catalog 'npcap.cat'.
sto: Driver package is valid.
sto: {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0x00000000)} 03:57:21.196
sto: Verified driver package signature:
sto: Digital Signer Score = 0xFF000000
sto: Digital Signer Name = <unknown>
sto: {DRIVERSTORE_IMPORT_NOTIFY_BEGIN} 03:57:21.196
inf: Opened INF: 'C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}\NPCAP.inf' ([strings])
sto: Create system restore point:
sto: Description = Device Driver Package Install: Nmap Project Network Service
sto: Time = 0ms
sto: Status = 0x0000007E (FAILURE)
sto: {DRIVERSTORE_IMPORT_NOTIFY_BEGIN: exit(0x00000000)} 03:57:21.212
sto: Importing driver package files:
sto: Source Path = C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}
sto: Destination Path = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f
sto: {Copy Directory: C:\Windows\System32\DriverStore\Temp\{03e30e7f-d2cf-3817-c8fa-2562e2a43377}} 03:57:21.212
sto: Target Path = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f
sto: {Copy Directory: exit(0x00000000)} 03:57:21.212
sto: {Index Driver Package: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f\NPCAP.inf} 03:57:21.212
idb: Registered driver store entry 'npcap.inf_amd64_neutral_b8e999af81612f8f'.
idb: Published 'npcap.inf_amd64_neutral_b8e999af81612f8f\npcap.inf' to 'C:\Windows\INF\oem9.inf'
idb: Published driver store entry 'npcap.inf_amd64_neutral_b8e999af81612f8f'.
sto: Published driver package INF 'oem9.inf' was changed.
sto: Active published driver package is 'npcap.inf_amd64_neutral_b8e999af81612f8f'.
sto: {Index Driver Package: exit(0x00000000)} 03:57:21.664
sto: {DRIVERSTORE_IMPORT_NOTIFY_END} 03:57:21.664
ndv: No system restore point was set earlier.
sto: {DRIVERSTORE_IMPORT_NOTIFY_END: exit(0x00000000)} 03:57:21.664
sto: {Stage Driver Package: exit(0x00000000)} 03:57:21.664
ndv: Doing device matching lookup!
sto: Driver package was staged to Driver Store. Time = 593 ms
sto: Imported driver package into Driver Store:
sto: Filename = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f\NPCAP.inf
sto: Time = 624 ms
sto: {Import Driver Package: exit(0x00000000)} 03:57:21.711
inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
inf: Driver Store location: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_b8e999af81612f8f\NPCAP.inf
inf: Published Inf Path: C:\Windows\INF\oem9.inf
inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
inf: Installing catalog npcap.cat as: oem9.CAT
inf: OEM source media location: C:\Program Files\Npcap\
<<< Section end 2020/04/17 03:57:21.727
<<< [Exit status: SUCCESS]
Output of signtool.exe verify /kp /v npcap.cat (0.9990):
Verifying: npcap.cat
Hash of file (sha256): D6193B2E57CB7C22D712007CB450A421992670D470CFACEA399E31A46FE4B273
Signing Certificate Chain:
Issued to: COMODO RSA Certification Authority
Issued by: COMODO RSA Certification Authority
Expires: Tue Jan 19 00:59:59 2038
SHA1 hash: AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Issued to: COMODO RSA Extended Validation Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Mon Dec 03 00:59:59 2029
SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7
Issued to: Insecure.Com LLC
Issued by: COMODO RSA Extended Validation Code Signing CA
Expires: Sun Nov 06 00:59:59 2022
SHA1 hash: 1C58BD08D220F81B21FB2837E3AB65AEE5EFD727
The signature is timestamped: Mon Feb 03 18:46:22 2020
Timestamp Verified by:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 01:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert SHA2 Assured ID Timestamping CA
Issued by: DigiCert Assured ID Root CA
Expires: Tue Jan 07 13:00:00 2031
SHA1 hash: 3BA63A6E4841355772DEBEF9CDCF4D5AF353A297
Issued to: TIMESTAMP-SHA256-2019-10-15
Issued by: DigiCert SHA2 Assured ID Timestamping CA
Expires: Thu Oct 17 01:00:00 2030
SHA1 hash: 0325BD505EDA96302DC22F4FA01E4C28BE2834C5
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 14:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: COMODO RSA Certification Authority
Issued by: Microsoft Code Verification Root
Expires: Sun Apr 11 23:16:20 2021
SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38
Issued to: COMODO RSA Extended Validation Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Mon Dec 03 00:59:59 2029
SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7
Issued to: Insecure.Com LLC
Issued by: COMODO RSA Extended Validation Code Signing CA
Expires: Sun Nov 06 00:59:59 2022
SHA1 hash: 1C58BD08D220F81B21FB2837E3AB65AEE5EFD727
Successfully verified: npcap.cat
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
Output of signtool.exe verify /kp /v npcap.cat (0.9984):
Verifying: npcap.cat
Hash of file (sha1): AB5AF9CD89A49741718DBC86158F533818B139F8
Signing Certificate Chain:
Issued to: DigiCert High Assurance EV Root CA
Issued by: DigiCert High Assurance EV Root CA
Expires: Mon Nov 10 01:00:00 2031
SHA1 hash: 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Issued to: DigiCert EV Code Signing CA
Issued by: DigiCert High Assurance EV Root CA
Expires: Sun Apr 18 13:00:00 2027
SHA1 hash: 846896AB1BCF45734855C61B63634DFD8719625B
Issued to: Insecure.Com LLC
Issued by: DigiCert EV Code Signing CA
Expires: Thu Nov 07 13:00:00 2019
SHA1 hash: 83B2DDFEF9F7004438D7AA66C524344F71A70B48
The signature is timestamped: Sat Nov 02 04:02:13 2019
Timestamp Verified by:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 01:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert Assured ID CA-1
Issued by: DigiCert Assured ID Root CA
Expires: Wed Nov 10 01:00:00 2021
SHA1 hash: 19A09B5A36F4DD99727DF783C17A51231A56C117
Issued to: DigiCert Timestamp Responder
Issued by: DigiCert Assured ID CA-1
Expires: Tue Oct 22 01:00:00 2024
SHA1 hash: 614D271D9102E30169822487FDE5DE00A352B01D
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 14:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: DigiCert High Assurance EV Root CA
Issued by: Microsoft Code Verification Root
Expires: Thu Apr 15 20:55:33 2021
SHA1 hash: 2F2513AF3992DB0A3F79709FF8143B3F7BD2D143
Issued to: DigiCert EV Code Signing CA
Issued by: DigiCert High Assurance EV Root CA
Expires: Sun Apr 18 13:00:00 2027
SHA1 hash: 846896AB1BCF45734855C61B63634DFD8719625B
Issued to: Insecure.Com LLC
Issued by: DigiCert EV Code Signing CA
Expires: Thu Nov 07 13:00:00 2019
SHA1 hash: 83B2DDFEF9F7004438D7AA66C524344F71A70B48
Successfully verified: npcap.cat
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
I can't seem to find any fault with 0.9990 as opposed to 0.9984, other than that it's signed by a different CA and uses SHA256 to sign (rather than SHA1) -- but in theory this should not matter. Perhaps it's the fact that the signing certificate is by Comodo, but the timestamp signature is still by DigiCert? Perhaps it should be switched to Comodo as well, per instructions at https://support.comodoca.com/Com_KnowledgeDetailPageSectigo?Id=kA01N000000zFK6 ?