so recently some browsers and antiviruses started to sniff if user has SHA-2 patch installed but what values and where do they look for this ? is this a specific registry entry or what ?
Do they check for KB4474419 specifically, or just query crypto api for sha2 support? Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB4474419~31bf3856ad364e35~amd64~~6.1.3.2] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Servicing\Codesigning\SHA2] "SHA2-Codesigning-Support"=dword:00000001 "SHA2-Core-Codesigning-Support"=dword:00000001
yea but update contains alot of sys files, including kernel so how the hell you check the necessary ones or better to ask which ones are necessary ones ?
I don't think antivirus just looks to registry or file. Application itself should have implemented this check.