Verifying Windows 10 RS1 ISO

Discussion in 'Windows 10' started by blinkomatic, Aug 2, 2016.

  1. blinkomatic

    blinkomatic MDL Novice

    Aug 10, 2009
    39
    12
    0
    #1 blinkomatic, Aug 2, 2016
    Last edited by a moderator: Apr 20, 2017
    I was wondering... I retrieved an ISO file from a known (in this forum) source by the name of
    Code:
    SW_DVD5_WIN_ENT_10_1607_64BIT_English_MLF_X21-07102.ISO
    While checking exe and DLL files (digital signature check) I wondered why a few files no longer appear signed, while they originally were (e.g. bthmigplugin.dll and a few other somewhat networking-related DLL files).

    1) Was that by design (=Microsoft), or did I stumple upon an elegantly manipulated rootkit'ed ISO of the newest Windows 10?
    2) Is there any other way to verify the contents of such an iso file? (Ideally scripted... I'm not a fan of checking a few hundred or more files manually.)

    Sadly, there aren't any official signatures for this ISO file...

    Thanks!

    PS: I did a simple
    Code:
    Get-ChildItem -Recurse *.dll | % {Get-AuthenticodeSignature $_} | where {$_.status -ne "Valid"}
    and the same for .exe files to check which files were either not signed or (which thankfully didn't happen) had an invalid signature.
     
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    7,158
    21,912
    240
    1) by design (=Microsoft)

    2) Wait for MSDN ISOs, Enterprise should be the same, Pro/Edu = compare files