Problem:

Software vendors can use code signing to add a digital signature to executables at the time of creation. This digital signature allows users to verify the author's identity and ensure that the application's integrity has not been compromised. Unfortunately, code signing is not foolproof. Current operating systems may warn or prevent execution if an application's signature has become untrusted, but not if the executable has been competently stripped of its signature. To increase security, a checksum can be calculated, including the digital signature, to ensure the integrity of a file even after it has been transmitted or downloaded.

Solution:

• Only download executables from the software author's website, FTP site, or other trusted sources (Tech Support).
  
• Once downloaded, verify the signer's name that appears in the Digital Signature tab of the file's properties.
  
• Verify the executable has not been tampered with by ensuring the checksum of the file matches that published by the vendor.
  

Follow the instructions below to verify Kepware checksums.

1. Open a command prompt.

2. Run the following command: certutil -hashfile <path/to/file> SHA256.

3. Compare the resulting hash to the checksum for the software and version below.

• KEPServerEX Patch 6.3.279.14: 62 0a 69 5c b6 74 3e ef 47 66 9a 87 27 aa 50 4c 31 83 b2 0d 69 8a b6 a5 20 ed 10 01 c1 4b eb 63
  

Note: If a checksum or version is not listed above, log in to the My Kepware customer self-service portal to submit a support ticket.