問題描述
關於唯一下載的未知發布者警告 (unknown publisher warning on unique downloads)
We have an exe file delivered by an ASP.NET application. This binary is actually modified on the fly in memory. Is there any way to sign the modified exe with authenticode in memory without writing to disk? There's probably no way to sign the original exe and still keep the signature valid after modification. We thought about using ram disk to help on disk i/o if we have to, but just wondering if there are any other options.
The problem is really how to get rid of the unknown publisher warning. So if there is any other way that does not involve signing or changing policy settings on the client's computer, please let me know as well.
‑‑‑‑‑
參考解法
方法 1:
I don't know the answer to this offhand, but I've seen it done by Just Great Software. They make customized installers for RegexBuddy and every time I've downloaded mine it's got its signature.
I'm curious though ‑ why don't you want to persist the file to disk? You don't need to leave it there ‑ persist it, sign it, load it back into memory and delete it. Or, persist it, and have an agent or cron job delete it after a couple days.