I acquired a firewall immediate this morning to permit entry to "Microsoft OneDriveFile Co-Authoring Executable" entry by way of firewall.
It has listed within the dialog field "filecoauth.exe" which is in my native appdata path and that IS signed.
However the course of that seems to boost the UAC once I go to permit entry is SHPAFACT.DLL which is situated in system32 and isn’t signed.
VirustTotal exhibits it as unsigned and if I’m going to file properties of the file in system32 it additionally exhibits as unsigned.
I've checked out just a few different Home windows 10 installs I’ve round and none of these are signed, however I additionally haven't gotten the immediate to open firewall on them both.
Additionally this field did set up an replace final evening that was launched on patch Tuesday so in all probability associated, however shpafact.dll is dated from March 2019 on installs that did and didn’t apply that replace but.
2019-09 Cumulative Replace for Home windows 10 Model 1903 for x64-based Programs (KB4515384)
Simply makes me uneasy. If that's actually the DLL in command of elevating the UAC then having it unsigned appears loopy to me, however I'm in no way versed in how these things works.
ps, fwiw, I used to be alerted to the DLL title by AutoElevate which flags it as unsigned as nicely.
submitted by /u/poncewattle