Digital signing of executable files (Windows)
Data Protection for SAP executable files (except .JAR files) for Windows systems have a digital signature.
- Passport Advantage® package for Windows
- Data Protection for SAP installation files:
- version-TIV-TSMERPDB2-WinX64.exe
- The Data Protection for SAP application files:
- backom.exe
- prole.exe
- tdpdb2.dll
Code signing employs digital IDs, also known as certificates.
Having a valid digital signature ensures the authenticity and integrity of an executable file. It identifies the software publisher as IBM® Corporation to the person who downloads or starts it. However, it does not mean that the user or a system administrator implicitly trusts the publisher. A user or administrator must decide to install or run an application on a case-by-case basis. The factors of their decision are based on their knowledge of the software publisher and application. By default, a publisher is trusted only if its certificate is installed in the Trusted Publishers certificate store.
- The digital signature can be viewed from the Digital Signature tab of Properties of the signed file. If you select the IBM Corporation item and click Details, more information is displayed about the IBM Certificate and the entire chain of trusted certificate authority signatures.
- For the installation wizard, there is also the possibility to see the IBM digital signature from the software publisher link that is displayed in the Security Warning window.
A warning is shown if the certificate is expired and if a time stamp is not present. A warning is also shown if the installation executable file is downloaded from a site that is not listed as a trusted site. The security warning is not related to the fact that executable files contain digital certificates. It is related to the security zone policy of the site you download the file from.
The executable file must be stored on an NTFS disk. The Internet Explorer Enhanced Security Configuration component (also known as Microsoft Internet Explorer hardening) reduces the server vulnerability to attacks from web content by applying more restrictive Internet Explorer security settings. As a consequence, Internet Explorer Enhanced Security Configuration might prevent some websites from displaying properly. It might also prevent users and administrators from accessing resources with Universal Naming Convention (UNC) paths on a corporate intranet. For more information about managing Internet Explorer Enhanced Security Configuration, see http://www.microsoft.com/en-us/download/details.aspx?id=15013 A security warning might be displayed whenever you run an executable file that is downloaded using the Internet Explorer from a URL or UNC that is not a member of the trusted security zone.
- High risk: Blocks the file from being opened when the file is
from the restricted zone. The following security warning is shown:
Windows Security Warning: Windows found that this file is potentially harmful. To help protect your computer, Windows has blocked access to this file. - Moderate risk: Prompts with a warning before the file is opened
when the file is from the Internet zone.
Open File - Security Warning: The publisher could not be verified. Are you sure you want to run this software? - Low risk: Opens the file with no warnings.
Warning messages do not prevent the file from being used. This is different from configuring the web server with a digital certificate.