How to Fix “The signature of this program is corrupt or invalid”

April 3, 2016 updated by Admin Leave a reply »

When you download a software with Microsoft Edge or Internet Explorer, you might receive the error message saying “The signature of this program is corrupt or invalid“.

edge-warn-signature-corrupt

ie-warn-signature-corrupt

Recently we’ve also heard of our customers having this issue when downloading the Lock My Folders program in Windows 10, so we spend lots of time trying to reproduce this issue. We finally got to the bottom of the issue (we believe).

The signature was never corrupt or even invalid. Microsoft released a cumulative security update KB3140745 for Windows 10 that deprecated support for SHA1 code signing certificate. Any programs signed with SHA1 certificate after January 1st, 2016 will be flagged as an invalid signature. In this tutorial we’ll explain how to check if your downloaded program is signed with SHA1 or not, then discuss the methods to get around the download issue.

How do I know if a program is signed with SHA1?

  1. Right-click on your program and select Properties.
  2. Click on the Digital Signatures tab.
  3. Select the signature and click on the Details button.
  4. Click the View Certificate button.
  5. Click the Details tab.
  6. Look at the Signature hash algorithm.

    sha1-certificate

Methods to fix “The signature of this program is corrupt or invalid”

If you are the software developer, just contact the CA to re-issue or replace your SHA1 certificate with a new stronger SHA2 certificate, then sign your program with SHA2 certificate and the issue will be resolved.

If you download software from a reliable website and get the “The signature of this program is corrupt or invalid” error message, here are 3 ways to work around this problem:

  • When you see the a pop-up message that says the signature is corrupt or invalid, click on View downloads button.

    edge-warn-signature-corrupt

    Next right-click on the file in downloads and choose Run anyway.

    edge-run-anyway

    If Windows 10 Smart Screen displays a warning that the app cannot be recognized, click More Info and click Run Anyway to install.

  • Uninstall the Windows update that causes this issue. I can reproduce the problem by installing KB3140745 on Windows 10. I then uninstall this single update and it fixed the problem. If you’ve turned on automatic updating, you can block that specific update in Windows 10 so it won’t be installed any longer.
  • Only the browsers from Microsoft block SHA1 code signing certificate now. Chrome and Firefox still accepts SHA1 certificate. So you can get around this problem by downloading with Chrome or Firefox browsers.