During Windows Update, the order of file creation is new files first, certificate catalog representing these files last. During the update, created files are touched or even loaded in memory causing our protection technologies to scan. These scans result in certificate resolution, and since the catalog file is not present, we cache the unsigned state. For performance reasons, our cached result for the certificate presence (or lack thereof) is going to be retained until the file in question is modified. This causes us to not look for the certificate presence for the file because it is not modified again. This causes incorrect information about cscript.exe not being signed by Microsoft and the problems associated with it. Microsoft is aware of this issue.
Sonar Engine 11.5 resolves this issue.
Subscribing will provide email updates when this Article is updated. Login is required.