[GH-ISSUE #120] Set-OutlookSignatures.ps1 and SimulateAndDeploy.ps1 HashMismatch

kerem commented

2026-02-27 20:31:01 +03:00

Owner

Originally created by @koliwbr on GitHub (Jul 25, 2024).
Original GitHub issue: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/120

Originally assigned to: @koliwbr on GitHub.

Issue happens in the latest release

I confirm that the issue happens in the latest release of Set-OutlookSignatures

Previously solved issues and documentation

I have searched through previous issues and documentation, but have not found an answer to my issue

Code of Conduct

I agree to follow this project's Code of Conduct

What happened?

I downloaded the latest release (the zip hash matches), when trying to run powershell it reports an error related to the signature. I checked the file hash and it matches the one in hashes.txt I checked the file signature with the command from the release description and files Set-OutlookSignatures.ps1 and SimulateAndDeploy.ps1 have a status of HashMismatch.
I checked two older releases and the same files had the same problems.
How can I fix this?

$ Get-AuthenticodeSignature .\Set-OutlookSignatures.ps1

SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  HashMismatch                                                                    Set-OutlookSignatures.ps1

$ Get-FileHash -Algorithm SHA256 .\Set-OutlookSignatures.ps1

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
SHA256          39D79359E36743722172E250F07DE4AA995E0DCA4ED80D441A08F7988BF1D095       C:\Users\mwojtkie\Documents\Set-OutlookSignatures_v4.13.0\Set-OutlookSignatures.ps1

From hashes.txt:

".\Set-OutlookSignatures.ps1";"39D79359E36743722172E250F07DE4AA995E0DCA4ED80D441A08F7988BF1D095"

Originally created by @koliwbr on GitHub (Jul 25, 2024). Original GitHub issue: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/120 Originally assigned to: @koliwbr on GitHub. ### Issue happens in the latest release - [X] I confirm that the issue happens in the latest release of Set-OutlookSignatures ### Previously solved issues and documentation - [x] I have searched through previous issues and documentation, but have not found an answer to my issue ### Code of Conduct - [X] I agree to follow this project's Code of Conduct ### What happened? I downloaded the latest release (the zip hash matches), when trying to run powershell it reports an error related to the signature. I checked the file hash and it matches the one in `hashes.txt` I checked the file signature with the command from the release description and files `Set-OutlookSignatures.ps1` and `SimulateAndDeploy.ps1` have a status of `HashMismatch`. I checked two older releases and the same files had the same problems. How can I fix this? ```powershell $ Get-AuthenticodeSignature .\Set-OutlookSignatures.ps1 SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 HashMismatch Set-OutlookSignatures.ps1 ``` ```powershell $ Get-FileHash -Algorithm SHA256 .\Set-OutlookSignatures.ps1 Algorithm Hash Path --------- ---- ---- SHA256 39D79359E36743722172E250F07DE4AA995E0DCA4ED80D441A08F7988BF1D095 C:\Users\mwojtkie\Documents\Set-OutlookSignatures_v4.13.0\Set-OutlookSignatures.ps1 ``` From `hashes.txt`: ``` ".\Set-OutlookSignatures.ps1";"39D79359E36743722172E250F07DE4AA995E0DCA4ED80D441A08F7988BF1D095" ```

kerem closed this issue

2026-02-27 20:31:01 +03:00

kerem commented

2026-02-27 20:31:01 +03:00

Author

Owner

@GruberMarkus commented on GitHub (Jul 25, 2024):

Hi @koliwbr,

are you sure that you are using the correct files?

The following code downloads a copy of v4.13.0 to a temporary file, decompresses it to a temporary folder and checks all ps*1 and dll files for digital signatures. All test systems the code has been run on reported valid signatures.

Please test the code on your own systems and report the results.

$versionToUse = 'v4.13.0'

Clear-Host

$tempFile = New-TemporaryFile | Rename-Item -NewName { [IO.Path]::ChangeExtension($_, '.zip') } -PassThru
$tempDir = (New-Item -Path ([System.IO.Path]::GetTempPath()) -Name (New-Guid).Guid -ItemType Directory).FullName

Add-Type -Assembly System.IO.Compression.FileSystem

Invoke-WebRequest -Uri "https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/releases/download/$($versionToUse)/Set-OutlookSignatures_$($versionToUse).zip" -UseBasicParsing -OutFile $tempFile

$zip = [IO.Compression.ZipFile]::OpenRead($tempFile)

$entries = $zip.Entries | Where-Object { $_.FullName -ilike "Set-OutlookSignatures_$($versionToUse)/*" } | Sort-Object

$entries | ForEach-Object {
    $dest = $(Join-Path -Path $tempDir -ChildPath ($_.FullName -ireplace "^$([regex]::escape("Set-OutlookSignatures_$($versionToUse)/"))"))

    if (($_.FullName.EndsWith('/')) -or (-not (Test-Path (Split-Path $dest)))) {
        $null = New-Item -Path $dest -ItemType Directory -Force
    } else {
        [IO.Compression.ZipFileExtensions]::ExtractToFile($_, $dest, $true)
    }
}

$zip.Dispose()

Remove-Item -LiteralPath $tempFile -Force

if ($IsWindows -or (-not (Test-Path 'variable:IsWindows'))) {
    Get-ChildItem $tempDir -Recurse | Unblock-File
}

Get-ChildItem $tempDir -Include @('*.ps*1', '*.dll') -File -Recurse | Get-AuthenticodeSignature

@GruberMarkus commented on GitHub (Jul 25, 2024): Hi @koliwbr, are you sure that you are using the correct files? The following code downloads a copy of v4.13.0 to a temporary file, decompresses it to a temporary folder and checks all ps*1 and dll files for digital signatures. All test systems the code has been run on reported valid signatures. Please test the code on your own systems and report the results. ``` $versionToUse = 'v4.13.0' Clear-Host $tempFile = New-TemporaryFile | Rename-Item -NewName { [IO.Path]::ChangeExtension($_, '.zip') } -PassThru $tempDir = (New-Item -Path ([System.IO.Path]::GetTempPath()) -Name (New-Guid).Guid -ItemType Directory).FullName Add-Type -Assembly System.IO.Compression.FileSystem Invoke-WebRequest -Uri "https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/releases/download/$($versionToUse)/Set-OutlookSignatures_$($versionToUse).zip" -UseBasicParsing -OutFile $tempFile $zip = [IO.Compression.ZipFile]::OpenRead($tempFile) $entries = $zip.Entries | Where-Object { $_.FullName -ilike "Set-OutlookSignatures_$($versionToUse)/*" } | Sort-Object $entries | ForEach-Object { $dest = $(Join-Path -Path $tempDir -ChildPath ($_.FullName -ireplace "^$([regex]::escape("Set-OutlookSignatures_$($versionToUse)/"))")) if (($_.FullName.EndsWith('/')) -or (-not (Test-Path (Split-Path $dest)))) { $null = New-Item -Path $dest -ItemType Directory -Force } else { [IO.Compression.ZipFileExtensions]::ExtractToFile($_, $dest, $true) } } $zip.Dispose() Remove-Item -LiteralPath $tempFile -Force if ($IsWindows -or (-not (Test-Path 'variable:IsWindows'))) { Get-ChildItem $tempDir -Recurse | Unblock-File } Get-ChildItem $tempDir -Include @('*.ps*1', '*.dll') -File -Recurse | Get-AuthenticodeSignature ```

kerem commented

2026-02-27 20:31:01 +03:00

Author

Owner

@koliwbr commented on GitHub (Jul 25, 2024):

Set-OutlookSignatures.ps1 and SimulateAndDeploy.ps1 still have a status of HashMismatch



    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\AngleSharp.Css\netstandard2.0


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           AngleSharp.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Buffers.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Memory.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Numerics.Vectors.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Runtime.CompilerServices.Unsafe.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Text.Encoding.CodePages.dll


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\EWS\netstandard2.0


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Microsoft.Exchange.WebServices.Data.dll


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\MSAL.PS\internal


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           ConvertFrom-SecureStringAsPlainText.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           ConvertTo-Dictionary.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Export-Config.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Get-DeviceRegistrationStatus.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Get-ObjectPropertyValue.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Import-Config.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Select-PsBoundParameters.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Set-Config.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Write-HostPrompt.ps1


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\MSAL.PS\netstandard2.0


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Microsoft.Identity.Client.Desktop.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Microsoft.Identity.Client.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Microsoft.Identity.Client.Extensions.Msal.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Microsoft.Identity.Client.NativeInterop.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Microsoft.IdentityModel.Abstractions.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Buffers.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Diagnostics.DiagnosticSource.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.IO.FileSystem.AccessControl.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Memory.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Numerics.Vectors.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Runtime.CompilerServices.Unsafe.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Security.AccessControl.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Security.Cryptography.ProtectedData.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Security.Principal.Windows.dll


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\MSAL.PS


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Clear-MsalTokenCache.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Enable-MsalTokenCacheOnDisk.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Get-MsalAccount.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Get-MsalClientApplication.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Get-MsalFeatureSupport.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Get-MsalToken.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           MSAL.PS.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           MSAL.PS.psd1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           MSAL.PS.psm1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           New-MsalClientApplication.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Remove-MsalClientApplication.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Select-MsalClientApplication.ps1


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\PreMailer.Net\net462


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           PreMailer.Net.dll
D8FB0CC66A08061B42D46D03546F0D42CBC49B7C  Valid                                                                           System.Buffers.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Memory.dll
D8FB0CC66A08061B42D46D03546F0D42CBC49B7C  Valid                                                                           System.Numerics.Vectors.dll
D8FB0CC66A08061B42D46D03546F0D42CBC49B7C  Valid                                                                           System.Runtime.CompilerServices.Unsafe.dll
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           System.Text.Encoding.CodePages.dll


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\config


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           default replacement variables.ps1


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\sample code


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Create-EntraApp.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Intune-SetOutlookSignatures-Detect.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Intune-SetOutlookSignatures-Remediate.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  HashMismatch                                                                    SimulateAndDeploy.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           SimulationModeHelper.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           SwitchTo-ClassicOutlookForMac.ps1
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  Valid                                                                           Test-ADTrust.ps1


    Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9


SignerCertificate                         Status                                                                          Path
-----------------                         ------                                                                          ----
61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0  HashMismatch                                                                    Set-OutlookSignatures.ps1

@koliwbr commented on GitHub (Jul 25, 2024): `Set-OutlookSignatures.ps1` and `SimulateAndDeploy.ps1` still have a status of `HashMismatch` ``` Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\AngleSharp.Css\netstandard2.0 SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid AngleSharp.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Buffers.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Memory.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Numerics.Vectors.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Runtime.CompilerServices.Unsafe.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Text.Encoding.CodePages.dll Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\EWS\netstandard2.0 SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Microsoft.Exchange.WebServices.Data.dll Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\MSAL.PS\internal SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid ConvertFrom-SecureStringAsPlainText.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid ConvertTo-Dictionary.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Export-Config.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Get-DeviceRegistrationStatus.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Get-ObjectPropertyValue.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Import-Config.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Select-PsBoundParameters.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Set-Config.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Write-HostPrompt.ps1 Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\MSAL.PS\netstandard2.0 SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Microsoft.Identity.Client.Desktop.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Microsoft.Identity.Client.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Microsoft.Identity.Client.Extensions.Msal.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Microsoft.Identity.Client.NativeInterop.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Microsoft.IdentityModel.Abstractions.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Buffers.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Diagnostics.DiagnosticSource.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.IO.FileSystem.AccessControl.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Memory.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Numerics.Vectors.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Runtime.CompilerServices.Unsafe.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Security.AccessControl.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Security.Cryptography.ProtectedData.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Security.Principal.Windows.dll Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\MSAL.PS SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Clear-MsalTokenCache.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Enable-MsalTokenCacheOnDisk.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Get-MsalAccount.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Get-MsalClientApplication.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Get-MsalFeatureSupport.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Get-MsalToken.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid MSAL.PS.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid MSAL.PS.psd1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid MSAL.PS.psm1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid New-MsalClientApplication.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Remove-MsalClientApplication.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Select-MsalClientApplication.ps1 Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\bin\PreMailer.Net\net462 SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid PreMailer.Net.dll D8FB0CC66A08061B42D46D03546F0D42CBC49B7C Valid System.Buffers.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Memory.dll D8FB0CC66A08061B42D46D03546F0D42CBC49B7C Valid System.Numerics.Vectors.dll D8FB0CC66A08061B42D46D03546F0D42CBC49B7C Valid System.Runtime.CompilerServices.Unsafe.dll 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid System.Text.Encoding.CodePages.dll Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\config SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid default replacement variables.ps1 Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9\sample code SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Create-EntraApp.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Intune-SetOutlookSignatures-Detect.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Intune-SetOutlookSignatures-Remediate.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 HashMismatch SimulateAndDeploy.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid SimulationModeHelper.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid SwitchTo-ClassicOutlookForMac.ps1 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 Valid Test-ADTrust.ps1 Directory: C:\Users\MYUSERNAME\AppData\Local\Temp\676eedcf-e676-4491-aa4a-b90ea669eee9 SignerCertificate Status Path ----------------- ------ ---- 61AFA7CA815AC895EE59A2F5E95ADE80DCDF8BA0 HashMismatch Set-OutlookSignatures.ps1 ```

kerem commented

2026-02-27 20:31:01 +03:00

Author

Owner

@GruberMarkus commented on GitHub (Jul 25, 2024):

My tests

I tested the code from https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/120#issuecomment-2250148266 on three completely independent Windows systems (Windows 11 24H2), a Linux system (Ubuntu 24.04 LTS) and on macOS (14.5).

PowerShell 7.4.3 was used on all platforms, on Windows also PowerShell 5.1.

The signatures were valid every single time on Windows.

PowerShell on Linux and macOS does not support Get-AuthenticodeSignature yet, but Get-FileHash reported the correct hashes ( the signature is part of the file, so it is also part of the hash - see next section for thoughts on this).

In other words: I am not able to reproduce the problem.

My thoughts

The SHA 256 file hash of Set-OutlookSignatures is 39D79359E36743722172E250F07DE4AA995E0DCA4ED80D441A08F7988BF1D095 in all possible sources: The GitHub download, hashes.txt, our build system, your test system.

The digital signature is part of Set-OutlookSignatures.ps1, it's the commented block at the end of the file. So the file hash includes the certificate.

Additionally, the file hash of the downloaded ZIP file containing Set-OutlookSignatures matches the hash in the release notes, which in turn equals the file hash in our build system.

Considering all these fact, I guess it is safe to assume that the code has not been modified. At least I have no idea where and how this could happen.

The file hash on your system is not different from the release notes and my systems. I have no idea how you can get a "HashMismatch".

Your environment and your thoughts

What do your test systems look like?

What does (file) Explorer say about the validity of the signature?

@GruberMarkus commented on GitHub (Jul 25, 2024): ## My tests I tested the code from https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/120#issuecomment-2250148266 on three completely independent Windows systems (Windows 11 24H2), a Linux system (Ubuntu 24.04 LTS) and on macOS (14.5). PowerShell 7.4.3 was used on all platforms, on Windows also PowerShell 5.1. The signatures were valid every single time on Windows. PowerShell on Linux and macOS does not support Get-AuthenticodeSignature yet, but Get-FileHash reported the correct hashes ( the signature is part of the file, so it is also part of the hash - see next section for thoughts on this). In other words: I am not able to reproduce the problem. ## My thoughts The SHA 256 file hash of Set-OutlookSignatures is 39D79359E36743722172E250F07DE4AA995E0DCA4ED80D441A08F7988BF1D095 in all possible sources: The GitHub download, hashes.txt, our build system, your test system. The digital signature is part of Set-OutlookSignatures.ps1, it's the commented block at the end of the file. So the file hash includes the certificate. Additionally, the file hash of the downloaded ZIP file containing Set-OutlookSignatures matches the hash in the release notes, which in turn equals the file hash in our build system. Considering all these fact, I guess it is safe to assume that the code has not been modified. At least I have no idea where and how this could happen. The file hash on your system is not different from the release notes and my systems. I have no idea how you can get a "HashMismatch". ## Your environment and your thoughts What do your test systems look like? What does (file) Explorer say about the validity of the signature?

kerem commented

2026-02-27 20:31:01 +03:00

Author

Owner

@koliwbr commented on GitHub (Jul 26, 2024):

I checked the signature in Explorer and it shows that it is incorrect. This computer is in the domain, so on another outside the domain I checked the file is correct and it is still not valid.

From your description I understood that you checked the signature on one windows machine and whether the file is identical on linux/mac os. Is it the same machine that is used to sign these files? Perhaps you have extra certificates installed or something similar which marks the file as correctly signed.
When I ran Windows Sandbox and moved the file there it was marked as incorrect.

Can you confirm that in Windows Sandbox or a clean system installation the file is still marked as valid? Maybe this will help you reproduce the problem.

My OS is Windows 10 Enterprise 22H2

@koliwbr commented on GitHub (Jul 26, 2024): I checked the signature in Explorer and it shows that it is incorrect. This computer is in the domain, so on another outside the domain I checked the file is correct and it is still not valid. From your description I understood that you checked the signature on one windows machine and whether the file is identical on linux/mac os. Is it the same machine that is used to sign these files? Perhaps you have extra certificates installed or something similar which marks the file as correctly signed. When I ran [Windows Sandbox](https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview) and moved the file there it was marked as incorrect. Can you confirm that in Windows Sandbox or a clean system installation the file is still marked as valid? Maybe this will help you reproduce the problem. My OS is Windows 10 Enterprise 22H2 ![image](https://github.com/user-attachments/assets/e46ac2ac-93d6-44f8-b5b1-830230f8e998) ![image](https://github.com/user-attachments/assets/8a7c43d9-619f-451e-94f9-2d734dcd26f4)

kerem commented

2026-02-27 20:31:01 +03:00

Author

Owner

@GruberMarkus commented on GitHub (Jul 26, 2024):

Tests were performed on five systems in total: Three independent Windows 11 systems, one Linux system, one macOS system.

The Windows systems are not domain or Entra ID joined. One system runs in AWS, one in Azure, one on a local Hyper-V system. All three have been automatically installed from scratch using the most recent Microsoft W11 image a few days ago. Nothing more than the configuration options required for setup has been modified.

I even installed a fresh Windows 10 22H2 VM just now. Same result: The certificate is valid.

Test and dev environment are, of course, separated. No system has additional certificates installed locally, as the signing certificates are stored in a HSM module, and only the build system has access to them.

Following your proposal, I installed Windows Sandbox on one of the three test systems mentioned. The signatures are valid.
The great people from our partner (ExplicIT Consulting)[https://explicitconsulting.at] were so nice to run the validation script in their production and test environments. Thanks, Bettina!
Windows 10, Windows 11, and in Windows Sandbox on Windows 10 all tests were positive.
ExplicIT also confirmed that they are not aware about any issue with the certificate, and they have multiple clients where AppLocker actively checks the signature before Set-OutlookSignatures is allowed to run.

It seems there must be something on your end that leads to the problem.

Maybe you uninstalled a root certificate that comes with Windows, or did not install the corresponding updates. Your screenshots do not show details about the error or the certificate chain.
Upload the problematic Set-OutlookSignatures.ps1 file in your answer to this comment, and I have a look at it on some of my test systems.

@GruberMarkus commented on GitHub (Jul 26, 2024): Tests were performed on five systems in total: Three independent Windows 11 systems, one Linux system, one macOS system. The Windows systems are not domain or Entra ID joined. One system runs in AWS, one in Azure, one on a local Hyper-V system. All three have been automatically installed from scratch using the most recent Microsoft W11 image a few days ago. Nothing more than the configuration options required for setup has been modified. I even installed a fresh Windows 10 22H2 VM just now. Same result: The certificate is valid. Test and dev environment are, of course, separated. No system has additional certificates installed locally, as the signing certificates are stored in a HSM module, and only the build system has access to them. Following your proposal, I installed Windows Sandbox on one of the three test systems mentioned. The signatures are valid. The great people from our partner (ExplicIT Consulting)[https://explicitconsulting.at] were so nice to run the validation script in their production and test environments. Thanks, Bettina! Windows 10, Windows 11, and in Windows Sandbox on Windows 10 all tests were positive. ExplicIT also confirmed that they are not aware about any issue with the certificate, and they have multiple clients where AppLocker actively checks the signature before Set-OutlookSignatures is allowed to run. It seems there must be something on your end that leads to the problem. - Maybe you uninstalled a root certificate that comes with Windows, or did not install the corresponding updates. Your screenshots do not show details about the error or the certificate chain. - Upload the problematic Set-OutlookSignatures.ps1 file in your answer to this comment, and I have a look at it on some of my test systems.

kerem commented

2026-02-27 20:31:01 +03:00

Author

Owner

@koliwbr commented on GitHub (Jul 26, 2024):

Thank you for checking, I will continue to look for the problem on my side. I don't see the point in uploading the file - the hash confirms that we have the same file. I am closing this issue, and thank you again for your time.

@koliwbr commented on GitHub (Jul 26, 2024): Thank you for checking, I will continue to look for the problem on my side. I don't see the point in uploading the file - the hash confirms that we have the same file. I am closing this issue, and thank you again for your time.

kerem referenced this issue

2026-02-27 20:31:15 +03:00

[PR #52] [MERGED] v3.3.0 #99

Rows
Columns

[GH-ISSUE #120] Set-OutlookSignatures.ps1 and SimulateAndDeploy.ps1 HashMismatch #52

Issue happens in the latest release

Previously solved issues and documentation

Code of Conduct

What happened?

My tests

My thoughts

Your environment and your thoughts