Symptom
- You cannot deploy a patch with Shavlik Protect
- You see the error: Patch does not appear to be digitally signed
Cause
Protect verifies the patch is digitally signed by Microsoft. If the signature cannot be verified the deployment process will stop with an error If a patch download fails repeatedly, it is possible that the partially downloaded patch is cached in a proxy server between your console and the vendor download center. This issue may also occur if the partial patch is cached in the console's Internet Explorer browser cache. Antivirus software can also prevent the patch from downloading and will give an error of 'patch' fails digital signature check. This can also occur if the Microsoft root certificate is corrupt or out of date on the Protect server or target machine.
Resolution
Verify there are no URL filtering on .exe .dll .msu .msi
- Open Internet Explorer on the console machine.
- Click Tools> Internet Options> Temporary Internet Files.
- Click Delete Files.
- Go in the patch folder and delete the patch file.
By default, the patch files are located at:
- v.9x on Windows Vista, 2008, Windows 7 - C:\ProgramData\LANDesk\Shavlik Protect\Console\Patches
- v.9x on Windows XP, Windows 2003 - C:\Documents & Settings\All Users\Application Data\LANDesk\Shavlik Protect\Console\Patches
If you have changed the default directory, you can verify this by navigating within Protect under the following directory:
- v.9x: Tools > Operations > Downloads > Patch download directory - Try downloading the patch again.
If you want to manually check if the file is digitally signed:
- Right-click the file and click Properties.
- Click the Digital Signatures tab. If the file is signed, a Digital Signature exists. If the file is not signed, you do not see the Digital Signatures tab.
If patch fails digital signature check:
- Update out of date root certificates.
- Disable antivirus and try downloading the patch from Protect Console again.
Affected Product(s)
Shavlik Protect 9.x