This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NorthernNetGuy
Advisor
yesterday

SNX failing Driver validation

I've found on my windows 10 22H2 clients that SNX is failing the windows driver validation checks (Secure boot + Driver Signature Enforcement).

checking the setupapi.dev.log file shows the following errors:

Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Driver package failed signature verification. Error = 0xE0000247

Failed to import driver package into Driver Store. Error = 0xE0000247

 

When i Check out the SNX security catalog file, it shows that it is not valid, being signed by an old microsoft CA that expired in 2021.

I've attached screenshot of the certs and catalog.

TAC + R&D has indicated that the driver being signed by an expired CA is fine, and that this is likely an issue with a custom CRL on my clients, but I've never applied a custom CRL.

 

I'm wondering if anyone else has seen this isue on win10 22H2 and later versions of windows. The proposed workaround of disabling secure boot + validation checks will be rejected by the business.

 

Preview file
33 KB
Preview file
11 KB
Preview file
26 KB
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
yesterday

What version of snx is installed?
What gateway version/JHF is relevant here?

0 Kudos
NorthernNetGuy
Advisor
yesterday
In response to PhoneBoy

R81.20, JHF 84

 

SNX version 7.01.0000

Mobile Access Portal Agent 800.007.049

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to NorthernNetGuy

The SNX version should be a build like 800008302, which you can get with snx -h on the CLI.
The latest appears to be 80008409, which should be applied with the latest R81.20 JHF.

Assuming you're on the most recent release, you're saying it is signed with an old certificate?
Can you send me the relevant SR in a PM?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events