If a device-installation program attempts to replace a protected system file, SetupAPI performs one of the following actions, depending on how the Driver Signing option is set in Device Manager.
If Block is set, SetupAPI informs the user that the driver package cannot be installed because it is unsigned.
If Warn is set, SetupAPI informs the user that the driver package is unsigned, and it allows the user to cancel the installation.
If Ignore is set, SetupAPI changes the Driver Signing option that is applied to the installation from Ignore to Warn. SetupAPI then performs the actions just mentioned for the Warn setting.
SetupAPI logs the following message if it successfully negotiates with Windows File Protection to replace a protected system file.
@ 18:28:35.146 #E243 Exemption obtained for protected system file "…\Some_System_File_Name_And_Extension".
SetupAPI logs the following message if it changes the Driver Signing option that is applied to the installation from Ignore to Warn.
@ 18:28:35.200 #E245 The device installation digital signature failure policy has been elevated from Ignore to Warn due to a proposed replacement of a protected system file.
Share with your friends: |