Microsoft is trying its best to improve the stability of its system. One way to make this aspiration a reality is to introduce compatibility testing of manufacturers' products. The system now checks the legitimacy of the files being installed. However, because of this, you can often come across a notification: “Unable to verify the digital signature of drivers (Code 52)”, which occurs in Windows 7, 8, 10. Today we will tell you what to do when this notification appears and what is wrong with the drivers .

Destination?

Thanks to digital signature developer (CPR), the average user is able to install only hardware, devices and firewood for them that have been tested for compatibility. CPR eliminates many possible problems and reduces the threat of installing unwanted software (including viruses), but also limits, because connecting equipment without electronic certificate will not work.

The phenomenon is accompanied by a message about the absence of such a signature (Code 52) and a notification that if last change an incorrectly signed file was installed, or malware unknown origin. Even if you select "Install anyway", then the equipment will still be unstable at the end.

To resolve the issue, you will need to disable the scan option in Windows. Here's when you have to turn off scan monitoring:

1. Using an outdated device that comes with firewood that has not been tested for compatibility with the OS.
2. When installing custom drivers.
3. To establish the functioning of non-standard devices, but their number is small.

How to fix Code 52 in Windows (7, 8, 10)

If you are confident in the software supplier and take all risks upon yourself, then we will deactivate the tracking system. Disabled monitoring can be dangerous, because in the process the user can install malicious software without knowing it. Therefore, it is recommended to cancel the check only while operating/testing certain functions and equipment. Manual shutdown methods:

• change local group policy;
• modification of operating system loading;
• self-signing of firewood (for experienced users).

By the way, read this article too: NiceHash does not see the video card and processor - what to do

When the check is turned back on, the use of this equipment will again become impossible.

For one-time testing

Don't want to risk stability and security? Suitable Method – Mode without checking digital signatures. Here brief instructions:

This is a suitable solution in situations where the equipment needs to be used only occasionally or even once.

Occasional use

If you need to deactivate the check for certain time, then two options are suitable.

Group Policy adjustments:

Don't want to wander through the jungle of settings? Then there is a simpler method.

Changing boot options:

In this case, the reverse switching procedure looks like this.

1. Enable the console from Administrator.
2. Register: bcdedit.exe /set loadoptions ENABLE_INTEGRITY_CHECKS. Wait for completion.
3. Register: bcdedit.exe /set TESTSIGNING OFF. Wait for completion and restart the operating system.

Self-signature

As in the previous case, there are several options. A simpler method is to use appropriate software that performs the signing procedure. For example, Driver Signature Enforcement Overrider. How to make a signature using it, see here:

Conclusion

There are more complex ones, but effective methods to fix the error “Unable to verify the digital signature of drivers (Code 52).” Self-signing programs Microsoft Windows SDK for Windows And Windows Driver Kit allows you to subsequently use the equipment more comfortably, so if you are setting up the operation of equipment that will be used by others, then this option is preferable. To perform the necessary manipulations you will also need .NET Framework 4 .

Please note that self-signing does not disable the security mechanisms of the operating system, which makes it possible to use the equipment longer.

It cannot be said that the digital signature of the driver is akin to that widow of a retired lieutenant who flogged herself, but analogies simply suggest themselves. To the question: “What is a digital signature of drivers and why is it needed?” - the answer will be very simple. Firstly, this is a certain sequence of codes inserted into the code of the driver program by its developer himself, and which the operating system (in this case, Windows) knows about (or knows the algorithm for obtaining these codes).

Ways to disable digital signature verification of Windows drivers.

And secondly, it’s already quite simple and clear: when a driver is installed in the system, it checks its digital signature for authenticity. If everything matches, then the installation continues. If it doesn’t match, then, of course, it stops. The very idea of ​​a digital signature is not new at all; it has been used for a long time (and is still used today, although more advanced mechanisms for protecting against distortion have long been developed) in information transmission systems and was often called a “checksum”. In the simplest version, it was simply a byte-by-byte “modulo 2 addition” of the entire contents of the file.

Well, then politics comes into play - for starters, the business policy of equipment manufacturing companies and, accordingly, drivers. The device has been developed, its driver has been developed, now the developer just needs to convince Microsoft to insert information about this driver into Windows so that it recognizes the device and its driver from this particular manufacturer. After all, there are plenty of third-party competing developers who can develop their own driver for the same device - better or worse, it doesn’t matter, the main thing is that it’s illegal, and therefore unacceptable for use in the system.

Further. A driver is a program, and thus subject to viruses. Moreover, such a program is an unkillable card for viruses, because the driver will be launched in any case, and by the system itself. But the virus “does not know” the digital signature of the driver, and Windows will check the authenticity of the signature every time it is installed - this is a way to protect against drivers infected with viruses and another advantage of a digital signature.

But, on the other hand, there are, indeed, plenty of drivers from “third companies” that significantly exceed the official ones in their characteristics. But they do not have a digital signature, which means they cannot be installed unless you disable driver digital signature verification in Windows. And this possibility is provided by Microsoft itself; it did not “burn bridges behind itself” here. By default, Windows boot options provide for mandatory verification of the driver’s digital signature, but this can be canceled if, of course, you understand the danger to which the system is exposed - either from a crookedly written “non-native” driver or from viruses.

A small nuance - incidentally

Disabling driver signature verification in Windows 10 or any other version is so important that some developers include it as a prerequisite for the functioning of their program. This is usually how all sorts of gaming applications behave. Here is a good example – games from the 4Game service. At the dawn of the service, it was necessary to first download a special client for drivers, but over time they decided to simply build everything necessary into browsers. This change led to a radical change in the protection policy, which was called “Frost”.

The only problem is that the new policy does not work without first disabling mandatory driver signature verification. Here, however, you will have to “turn off” your questions about how an official service can offer to disable the official system protection against piracy and viruses. But, in the end, Microsoft itself provides this opportunity. Well, then the developer’s policy in this case is not included in the current subject of the proceedings, especially if Microsoft is “not against it.”

Ways to disable driver digital signature verification

There are several ways to solve the problem of how to disable digital signature of drivers in Windows 7, 8 and all subsequent versions. Many of them are very similar to each other. The first possibility is that you will need to work on a computer with system administrator rights. We start working with the command line - go to the Main menu of the system by clicking the “Start” button. Then select “My Programs” and “Standard”. In the list that opens - “Command Line”. In the “black window” that opens, in the prompt line, enter:

• bcdedit.exe /set nointegritychecks ON to disable mandatory driver signature checking.

To enable the check again, use a similar line, but with “OFF”:

• bcdedit.exe /set nointegritychecks OFF

Why disabling the check is ON, and enabling it is OFF can be understood from the name of the parameter used - “nointegritychecks”, which translates as “without carrying out internal checks”.

Another possibility is also to use system utility bcdedit.exe at the command line. But here we act in two stages. First, we type and run the utility with the value of the loadoptions parameter:

• bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

Then with the value of the signature testing parameter testsigning:

• bcdedit.exe -set testsigning ON

It is imperative to wait until the “Operation completed successfully” message appears in the command window; it may appear after a short delay. Driver digital signature verification is now disabled. In order for the signature verification to work again, enter the same commands, but in reverse order and with different parameter values:

• First bcdedit.exe -set testsigning OFF
• Then bcdedit.exe -set loadoptions ENABLE_INTEGRITY_CHECKS

The third option suggests disabling Windows 8 driver signature verification when the computer boots. This feature is very convenient if you just need to test the driver.

So, when loading, press the F8 key to enter the system boot menu, and there we select the boot with the cancellation of driver signature enforcement - Disable driver signature enforcement. When the system boots, you can install any drivers, with or without signatures, they will not be checked. Here, however, you need to understand that this opportunity only works until the system is rebooted.

The fourth option involves using the local group policy editor of the operating system, although it does not work fully on all Windows versions. We proceed as follows - in the Main menu of the system, select “Run” and in the line to execute type gpedit.msc. We launch the Group Policy program, which opens the window of the same name. In the window on the left, go sequentially along the folder path - “User Configuration” - “Administrative Templates” - “System”. Next, select “Driver Installation” and the “Digital Signature” parameter, which needs to be changed.

To change, either double-click on the parameter with the mouse or select the inscription on the left - “Change parameter”. To disable, select the “Disabled” switch and accept the changes (OK or “Apply” button). All Group Policy settings are enabled without rebooting the system, although if you have any doubts, you can reboot and at the same time check the status of the setting again.

We pay attention to one feature - the “Warn” switch. Selecting it when using an unsigned driver will nevertheless allow you to complete the driver installation, but it will not be accepted for work anyway.

Well, the last, already radical option is to forcefully sign the driver, which can also be done through command line using the pnputil utility:

• pnputil –a<полное имя файла драйвера>. Under " full name" means a string in the format:
• <диск>:<путь по папкам>/<имя файла>.<расширение файла>

Conclusion

When influencing the operating system's operating policy with digital driver signatures, you need to understand that you are interfering with the operation of the system itself, changing its environment, primarily security. And it’s not so much a matter of viruses, it’s a matter of the correct operation of the “left” driver that is supposed to be used. Errors in driver implementation can be worse than dangerous virus. The result is the same - complete inoperability of the system and the need to reinstall it. Nevertheless, manipulating this internal security tool is very useful for understanding the functioning of the operating system itself.

As a rule, disabling driver signature verification in Windows 10 is necessary when the downloaded device driver does not have a digital signature confirming the security of the program. Driver signing ensures that the file comes from a trusted source and is not a virus.

Installing drivers without a digital signature is not always safe, but there are situations when it is the only way. For example, the driver may simply not have been tested for compatibility with your version of Windows. This article will teach you how to disable driver signing in Windows 10.

Disabling Windows 10 Driver Signature Verification One Time

This method allows you to disable driver signature verification one-time, until the next computer restart. That is, we disabled the verification, installed the driver, rebooted Windows and that’s it, the signature verification service works again.

Click on the "Start" menu and go to " Windows Settings"(gear icon).

Go to the "Update and Security" section.

Go to the “Recovery” tab and in the “Special boot options” section, click “Restart now”.

Next, go to the “Download Options” item.

A menu will open with a choice of options Windows boot 10. Click on the item “Disable mandatory driver signature verification”.

You can either click on this item or simply press the F7 key on your keyboard. After this, Windows 10 will boot without checking driver signatures, and you can safely install it. The next time you boot your computer, signature verification will work again.

Disable Windows 10 Driver Signature Verification Permanently

If there are three solutions, how can you disable driver signature verification forever.

Disable via Group Policy.

Disabling signature verification through the Group Policy Editor is only possible in Windows 10 Professional. If you have a home version, then the method described in the next chapter of this article will suit you.

Launch the Windows 10 Local Group Policy Editor. To do this, right-click on the Start menu and left-click on “Run”. Or just press the Win+R key combination.

Write gpedit.msc in the window that opens and press OK or Enter.

In the Group Policy editor that opens, go to the following registry branches: “User Configuration” - “Administrative Templates” - “System” - “Driver Installation”. Double-click on the line on the right “Digital signature of device drivers”.

In this setting, you can choose two options in which you will solve your problem with driver signature verification. By default, the setting is “not configured”. If you enable the setting, then select the “skip” subsetting. In this case, if Windows detects a driver file without a digital signature, it will still allow you to install it. You can also explicitly select “disabled” and in this state the check will be disabled in principle.

Once you have changed the settings click “Apply” and “OK”. After restarting the computer, driver signature verification will not be performed. If you need to return driver signature verification again, you will have to return to this menu and select the setting status “enabled” and “block”.

Disabling via command line

Disabling driver signature verification via the command line has a limitation. This feature is only available if your computer is running BIOS. If you have UEFI, then you must first disable Secure Boot.

The procedure is as follows. Right-click on the Start menu and open Command Prompt with administrator rights.

In the command prompt that opens, type the following command and press Enter.

bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS

Now enter the second command and also press Enter.
bcdedit.exe -set TESTSIGNING ON

After the commands work (as in the screenshot above), restart your computer. Checking driver signatures will be disabled, but a sign about test mode will always hang in the lower right corner of the screen Windows operation 10.

To remove it, you will need to open a command prompt with administrator rights and enter the following line there:

bcdedit.exe -set TESTSIGNING OFF

Disable via Safe Mode and bcedit

This proven method is, in my opinion, the most convenient. Start your computer in .

Right-click on the Start menu and launch Command Prompt with administrator rights.

At the command prompt, enter the following line: bcdedit.exe /set nointegritychecks on and press Enter. Reboot your computer, after which signature verification will be disabled.

To enable the check again, perform the same operations, but enter the line bcdedit.exe /set nointegritychecks off.

In Windows 7, Microsoft has significantly tightened the requirements for installed drivers (we recommend reading this interesting article about). Now any driver you install must be digitally signed, verified and certified by Microsoft. Before downloading and installing any driver Windows devices 7 verifies the digital signature of this driver. And if, when you try to install a driver for a new device in Windows 7, you see the message: “ Windows can’t verify the publisher of this driver software", Means, this driver does not have a digital signature. In the dialog box indicated, you can select the option ”Install this driver software anyway” ("Install this driver anyway"), however, in any case, this driver will not be installed, which means the device will not work.

When installing an unsigned driver, in Device Manager this device will be marked exclamation mark and contain the following error message:

Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)

The following errors may also indicate problems with the digital signature of drivers:

The digital signature verification policy for drivers works in both 32 (x86) and 64 (x64) versions of Windows 7, and the main reason for the appearance of such a policy for installing third-party drivers is the desire to improve the stability and reliability of the Windows OS, ensuring that All released drivers passed through a certification test and compatibility test at Microsoft.

Fortunately, in Windows 7 you can disable driver digital signature verification. And you can do this in several ways:

• Sign the driver yourself (you can do this using special software, or according to the instructions described in the manual)
• Disable driver signature verification using Group Policy
• Change the OS boot mode to boot without digital signature verification (using bcdedit)
• Boot Windows 7 without checking the digital signature (via the boot menu using the F8 key)

Let's consider all the listed options for disabling driver signature verification

Booting Windows 7 without verifying digital signature

It is possible to temporarily disable driver signature verification if you reboot the system and press the key at boot F8 . In the menu that appears with system boot options, select DisableDriverSignatureEnforcement(“Disable mandatory driver signature verification”).

After booting Win 7, you can install an unsigned driver and test its operation, but if you boot into normal mode, the driver will not work

Disable driver signature verification in Windows 7 using Group Policy

If you want to completely disable driver signing verification in Windows 7, you can do this using Group Policy.

Open the Local Group Policy Editor by typing

In the policies menu, go to User Configuration->Administrative Templates->System->Driver Installation.

In the right pane, find the item ‘Code Signing for Device Drivers’ and double-click on it.

In the window that appears, select 'Enabled', and in the lower menu - 'Ignore'. Click OK and restart your computer. After rebooting and applying the policy, you will completely disable driver signing in your Windows 7 and will be able to install any drivers, including unsigned ones.

Disable driver digital signature verification in Windows 7 using bcdedit

Open a command prompt with administrator rights and type the following two commands in sequence:

Bcdedit.exe /set loadoptions DDISABLE_INTEGRITY_CHECKS bcdedit.exe /set TESTSIGNING ON

After executing each command, a message should appear indicating that the command was completed successfully.

Restart your computer and try installing an unsigned driver. Voila!

If you need to cancel this operating mode and re-enable digital signature verification in win 7, run the following commands:

Bcdedit.exe /set loadoptions ENABLE_INTEGRITY_CHECKS bcdedit.exe /set TESTSIGNING OFF

– Igor (Administrator)

As part of this note, I will tell you how to disable driver digital signature verification in Windows 7 using several methods.

Sometimes when installing any drivers or programs with drivers, the Windows operating system pauses the installer and asks the user “whether to continue installing the driver without a digital signature.” Of course, for security purposes this is very good decision. However, if we are talking about programs whose installation takes about 30 minutes, then this can be unpleasant (they turned it on, went away for tea, returned, and there was a window and 1% of the installation). In addition, if you do not select anything for a long time, the installer may freeze and you have to install the program again.

To prevent this from happening, let's consider this issue in more detail.

What is digital signature of drivers and why is it needed?

Digital signature of drivers is a special digital tag that allows the operating room Windows system determine whether the driver is correct, that is, whether it has been modified by intruders. This signature allows you to verify data such as the integrity of the driver (using a hash), the driver version, its author, and others. Thus, if there is a virus inside the driver, it will be quickly detected by the system.

Note: If you are interested in learning more about digital signatures, here is an overview.

What is the main danger of unsigned drivers? The fact is that drivers are launched with maximum rights and therefore can execute operating system almost everything. Thus, if such a driver contains a virus, it will be much more difficult for antiviruses to remove it, especially if we are talking about a rootkit or Trojan.

Therefore, I strongly recommend that you think about whether to disable this check. However, not all drivers are digitally signed, and this is not always due to viruses (for example, drivers for some specific devices).

Disable driver digital signature verification in Windows 7

Disable driver digital signature verification using Group Policy:

1. Open the Start menu.

2. In the search bar, write "gpedit.msc" (without quotes) and press enter.

3. In the window that appears on the left side, first expand “User Configuration”, then “Administrative Templates”, then “System”, then select “Driver Installation”.

4. In the right part of the window, find “Digital signature of device drivers” and double-click on it with the left mouse button (or first right-click, and then select “Edit” in the context menu that appears).

5. A small window will open, where in the upper left part you need to select “Disable” and click OK.

6. Restart your computer.

7. Driver signature verification is disabled in Windows 7.

Note: To enable, you need to do all the steps, but in the 5th, select “Enable”.

Disable signature verification using the command line:

2. Enter the following command:

bcdedit.exe /set nointegritychecks ON

3. Press enter and restart your computer.

Note: If you need to return the check back, then instead of ON, you need to write OFF.

Note: For convenience, you can use the methods from the note How to paste text into the Windows command line.

Disable signature verification using the command line (second option):

1. Open a command prompt as an administrator.

2. Enter the following command:

bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

3. Press enter.

4. Enter the following command:

bcdedit.exe -set TESTSIGNING ON

5. Press enter and restart your computer.

Note: If you need to turn the check back on, then instead of DDISABLE_INTEGRITY_CHECKS you need to specify ENABLE_INTEGRITY_CHECKS, and instead of ON, you need to write OFF.