11

I have a 3rd party firewall that alerted me that msiexec.exe was replaced by another version. The timing didn't correspond to an OS update, so I was worried a bad actor replaced the exe. How can I verify the signature of the exe?

EDIT: I found this link at Microsoft which shows this, and it matches on byte size and file date:

Versions and Sizes of files

I'd feel better if it had a hash too, but it looks like it's not nefarious.

As suggested in harrymc's answer, I ran sfc /scannnow and it came out clean. Thanks!

Dale
  • 531
  • 3
  • 17

1 Answers1

14

Windows XP Embedded POSReady is now on extended support until April 9, 2019. This means no new features and fewer bug fixes and patches. It is entirely possible that this update was legitimate, but is better checked. It is also possible that the firewall detected just now a change that happened some time in the past.

Possible checks:

  • Verify the history in Windows Update,
  • Run sfc /scannow to check system integrity.

Reboot the device before starting, just in case.

harrymc
  • 498,455