SEBWIN-672: Implemented basic signature verification for application monitoring.

SafeExamBrowser.Configuration/ConfigurationData/DataMapping/ApplicationDataMapper.cs

@@ -161,6 +161,11 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 								application.ShowInShell = showInShell;
 							}
 
+							if (applicationData.TryGetValue(Keys.Applications.Signature, out v) && v is string signature)
+							{
+								application.Signature = signature;
+							}
+
 							settings.Applications.Whitelist.Add(application);
 						}
 					}

SafeExamBrowser.Configuration/ConfigurationData/Keys.cs

@@ -29,6 +29,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 			internal const string OperatingSystem = "os";
 			internal const string OriginalName = "originalName";
 			internal const string ShowInShell = "iconInTaskbar";
+			internal const string Signature = "signature";
 			internal const string Whitelist = "permittedProcesses";
 		}
 

SafeExamBrowser.Monitoring/Applications/ApplicationMonitor.cs

@@ -21,15 +21,16 @@ namespace SafeExamBrowser.Monitoring.Applications
 {
 	public class ApplicationMonitor : IApplicationMonitor
 	{
-		private IList<BlacklistApplication> blacklist;
+		private readonly IList<BlacklistApplication> blacklist;
+		private readonly ILogger logger;
+		private readonly INativeMethods nativeMethods;
+		private readonly IProcessFactory processFactory;
+		private readonly Timer timer;
+		private readonly IList<WhitelistApplication> whitelist;
+
 		private Guid? captureHookId;
 		private Guid? foregroundHookId;
-		private ILogger logger;
-		private INativeMethods nativeMethods;
 		private IList<IProcess> processes;
-		private IProcessFactory processFactory;
-		private Timer timer;
-		private IList<WhitelistApplication> whitelist;
 		private Window activeWindow;
 
 		public event ExplorerStartedEventHandler ExplorerStarted;
@@ -132,7 +133,7 @@ namespace SafeExamBrowser.Monitoring.Applications
 
 			foreach (var process in started)
 			{
-				logger.Debug($"Process {process} has been started.");
+				logger.Debug($"Process {process} has been started [{process.GetAdditionalInfo()}].");
 				processes.Add(process);
 
 				if (process.Name == "explorer.exe")
@@ -217,19 +218,36 @@ namespace SafeExamBrowser.Monitoring.Applications
 		private bool BelongsToApplication(IProcess process, WhitelistApplication application)
 		{
 			var ignoreOriginalName = string.IsNullOrWhiteSpace(application.OriginalName);
+			var ignoreSignature = string.IsNullOrWhiteSpace(application.Signature);
 			var sameName = process.Name.Equals(application.ExecutableName, StringComparison.OrdinalIgnoreCase);
 			var sameOriginalName = process.OriginalName?.Equals(application.OriginalName, StringComparison.OrdinalIgnoreCase) == true;
+			var sameSignature = process.Signature?.Equals(application.Signature?.ToLower(), StringComparison.OrdinalIgnoreCase) == true;
 
-			return sameName && (ignoreOriginalName || sameOriginalName);
+			return sameName && (ignoreOriginalName || sameOriginalName) && (ignoreSignature || sameSignature);
 		}
 
 		private bool BelongsToSafeExamBrowser(IProcess process)
 		{
-			var isRuntime = process.Name == "SafeExamBrowser.exe" && process.OriginalName == "SafeExamBrowser.exe";
+			var isClient = true;
-			var isClient = process.Name == "SafeExamBrowser.Client.exe" && process.OriginalName == "SafeExamBrowser.Client.exe";
+			var isRuntime = true;
-			var isWebView = process.Name == "msedgewebview2.exe" && process.OriginalName == "msedgewebview2.exe";
+			var isWebView = true;
 
-			return isRuntime || isClient || isWebView;
+			isClient &= process.Name == "SafeExamBrowser.Client.exe";
+			isClient &= process.OriginalName == "SafeExamBrowser.Client.exe";
+
+			isRuntime &= process.Name == "SafeExamBrowser.exe";
+			isRuntime &= process.OriginalName == "SafeExamBrowser.exe";
+
+			isWebView &= process.Name == "msedgewebview2.exe";
+			isWebView &= process.OriginalName == "msedgewebview2.exe";
+
+#if !DEBUG
+			isClient &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
+			isRuntime &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
+			isWebView &= process.Signature == "a4baabd12432ab9c7c297385260e95c3dae83bf2";
+#endif
+
+			return isClient || isRuntime || isWebView;
 		}
 
 		private void Close(Window window)
@@ -338,7 +356,7 @@ namespace SafeExamBrowser.Monitoring.Applications
 		private bool IsAllowed(Window window)
 		{
 			var processId = Convert.ToInt32(nativeMethods.GetProcessIdFor(window.Handle));
-			
+
 			if (processFactory.TryGetById(processId, out var process))
 			{
 				if (BelongsToSafeExamBrowser(process) || IsWhitelisted(process, out _))
@@ -358,7 +376,7 @@ namespace SafeExamBrowser.Monitoring.Applications
 
 		private bool IsWhitelisted(IProcess process, out Guid? applicationId)
 		{
-			applicationId = default(Guid?);
+			applicationId = default;
 
 			foreach (var application in whitelist)
 			{

SafeExamBrowser.Settings/Applications/WhitelistApplication.cs

@@ -36,7 +36,7 @@ namespace SafeExamBrowser.Settings.Applications
 		/// Determines whether the application will be automatically started when initializing a session.
 		/// </summary>
 		public bool AutoStart { get; set; }
-		
+
 		/// <summary>
 		/// Specifies whether the application may be automatically terminated when starting a session. Is ignored if <see cref="AllowRunning"/> is set.
 		/// </summary>
@@ -56,7 +56,7 @@ namespace SafeExamBrowser.Settings.Applications
 		/// The file name of the main executable of the application.
 		/// </summary>
 		public string ExecutableName { get; set; }
-		
+
 		/// <summary>
 		/// The path where the main executable of the application is located.
 		/// </summary>
@@ -77,6 +77,11 @@ namespace SafeExamBrowser.Settings.Applications
 		/// </summary>
 		public bool ShowInShell { get; set; }
 
+		/// <summary>
+		/// The signature of the main executable of the application, if available.
+		/// </summary>
+		public string Signature { get; set; }
+
 		public WhitelistApplication()
 		{
 			Arguments = new List<string>();

SafeExamBrowser.WindowsApi.Contracts/IProcess.cs

@@ -35,11 +35,26 @@ namespace SafeExamBrowser.WindowsApi.Contracts
 		/// </summary>
 		string OriginalName { get; }
 
+		/// <summary>
+		/// The full path of the process executable.
+		/// </summary>
+		string Path { get; }
+
+		/// <summary>
+		/// The thumbprint of the certificate used to sign the process executable, or <c>default(string)</c> if the executable isn't signed.
+		/// </summary>
+		string Signature { get; }
+
 		/// <summary>
 		/// Event fired when the process has terminated.
 		/// </summary>
 		event ProcessTerminatedEventHandler Terminated;
 
+		/// <summary>
+		/// Returns a string with the most important additional information about the process (not already contained in <c>ToString()</c>).
+		/// </summary>
+		string GetAdditionalInfo();
+
 		/// <summary>
 		/// Attempts to gracefully terminate the process by closing its main window. This will only work for interactive processes which have a main
 		/// window. Optionally waits the specified amount of time for the process to terminate. Returns <c>true</c> if the process has terminated,

SafeExamBrowser.WindowsApi/Process.cs

@@ -7,6 +7,7 @@
  */
 
 using System;
+using System.Text;
 using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.WindowsApi.Contracts;
 using SafeExamBrowser.WindowsApi.Contracts.Events;
@@ -15,9 +16,10 @@ namespace SafeExamBrowser.WindowsApi
 {
 	internal class Process : IProcess
 	{
+		private readonly ILogger logger;
+		private readonly System.Diagnostics.Process process;
+
 		private bool eventInitialized;
-		private ILogger logger;
-		private System.Diagnostics.Process process;
 
 		public bool HasTerminated
 		{
@@ -31,6 +33,8 @@ namespace SafeExamBrowser.WindowsApi
 
 		public string Name { get; }
 		public string OriginalName { get; }
+		public string Path { get; }
+		public string Signature { get; }
 
 		private event ProcessTerminatedEventHandler TerminatedEvent;
 
@@ -40,12 +44,25 @@ namespace SafeExamBrowser.WindowsApi
 			remove { TerminatedEvent -= value; }
 		}
 
-		internal Process(System.Diagnostics.Process process, string name, string originalName, ILogger logger)
+		internal Process(System.Diagnostics.Process process, string name, string originalName, ILogger logger, string path, string signature)
 		{
 			this.logger = logger;
 			this.process = process;
 			this.Name = name;
 			this.OriginalName = originalName;
+			this.Path = path;
+			this.Signature = signature?.ToLower();
+		}
+
+		public string GetAdditionalInfo()
+		{
+			var info = new StringBuilder();
+
+			info.Append($"Original Name: {(string.IsNullOrWhiteSpace(OriginalName) ? "n/a" : $"'{OriginalName}'")}, ");
+			info.Append($"Path: {(string.IsNullOrWhiteSpace(Path) ? "n/a" : $"'{Path}'")}, ");
+			info.Append($"Signature: {(string.IsNullOrWhiteSpace(Signature) ? "n/a" : Signature)}");
+
+			return info.ToString();
 		}
 
 		public bool TryClose(int timeout_ms = 0)
@@ -121,8 +138,10 @@ namespace SafeExamBrowser.WindowsApi
 			if (!eventInitialized)
 			{
 				eventInitialized = true;
+
 				process.Exited += Process_Exited;
 				process.EnableRaisingEvents = true;
+
 				logger.Debug("Initialized termination event.");
 			}
 		}

SafeExamBrowser.WindowsApi/ProcessFactory.cs

@@ -14,6 +14,7 @@ using System.IO;
 using System.Linq;
 using System.Management;
 using System.Runtime.InteropServices;
+using System.Security.Cryptography.X509Certificates;
 using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.WindowsApi.Constants;
 using SafeExamBrowser.WindowsApi.Contracts;
@@ -23,7 +24,7 @@ namespace SafeExamBrowser.WindowsApi
 {
 	public class ProcessFactory : IProcessFactory
 	{
-		private IModuleLogger logger;
+		private readonly IModuleLogger logger;
 
 		public IDesktop StartupDesktop { private get; set; }
 
@@ -42,9 +43,9 @@ namespace SafeExamBrowser.WindowsApi
 			{
 				if (names.Any(n => n.processId == process.Id))
 				{
-					var (_, name, originalName) = names.First(n => n.processId == process.Id);
+					var (_, name, originalName, path, signature) = names.First(n => n.processId == process.Id);
 
-					processes.Add(new Process(process, name, originalName, LoggerFor(process, name)));
+					processes.Add(new Process(process, name, originalName, LoggerFor(process, name), path, signature));
 				}
 			}
 
@@ -66,8 +67,8 @@ namespace SafeExamBrowser.WindowsApi
 				raw = StartNormal(path, args);
 			}
 
-			var (name, originalName) = LoadProcessNamesFor(raw);
+			var (name, originalName, _, signature) = LoadProcessNamesFor(raw);
-			var process = new Process(raw, name, originalName, LoggerFor(raw, name));
+			var process = new Process(raw, name, originalName, LoggerFor(raw, name), path, signature);
 
 			logger.Info($"Successfully started process '{path}' with ID = {process.Id}.");
 
@@ -76,14 +77,14 @@ namespace SafeExamBrowser.WindowsApi
 
 		public bool TryGetById(int id, out IProcess process)
 		{
-			process = default(IProcess);
+			process = default;
 
 			try
 			{
 				var raw = System.Diagnostics.Process.GetProcessById(id);
-				var (name, originalName) = LoadProcessNamesFor(raw);
+				var (name, originalName, path, signature) = LoadProcessNamesFor(raw);
 
-				process = new Process(raw, name, originalName, LoggerFor(raw, name));
+				process = new Process(raw, name, originalName, LoggerFor(raw, name), path, signature);
 			}
 			catch (Exception e)
 			{
@@ -93,9 +94,9 @@ namespace SafeExamBrowser.WindowsApi
 			return process != default(IProcess);
 		}
 
-		private IEnumerable<(int processId, string name, string originalName)> LoadAllProcessNames()
+		private IEnumerable<(int processId, string name, string originalName, string path, string signature)> LoadAllProcessNames()
 		{
-			var names = new List<(int, string, string)>();
+			var names = new List<(int, string, string, string, string)>();
 
 			try
 			{
@@ -109,18 +110,20 @@ namespace SafeExamBrowser.WindowsApi
 						using (process)
 						{
 							var name = Convert.ToString(process["Name"]);
+							var originalName = default(string);
+							var path = Convert.ToString(process["ExecutablePath"]);
 							var processId = Convert.ToInt32(process["ProcessId"]);
-							var executablePath = Convert.ToString(process["ExecutablePath"]);
+							var signature = default(string);
 
-							if (File.Exists(executablePath))
+							if (File.Exists(path))
 							{
-								names.Add((processId, name, FileVersionInfo.GetVersionInfo(executablePath).OriginalFilename));
+								TryLoadOriginalName(path, out originalName);
-							}
+								TryLoadSignature(path, out signature);
-							else
-							{
-								names.Add((processId, name, default(string)));
 							}
+
+							names.Add((processId, name, originalName, path, signature));
 						}
+
 					}
 				}
 			}
@@ -132,10 +135,12 @@ namespace SafeExamBrowser.WindowsApi
 			return names;
 		}
 
-		private (string name, string originalName) LoadProcessNamesFor(System.Diagnostics.Process process)
+		private (string name, string originalName, string path, string signature) LoadProcessNamesFor(System.Diagnostics.Process process)
 		{
 			var name = process.ProcessName;
 			var originalName = default(string);
+			var path = default(string);
+			var signature = default(string);
 
 			try
 			{
@@ -143,13 +148,13 @@ namespace SafeExamBrowser.WindowsApi
 				using (var results = searcher.Get())
 				using (var processData = results.Cast<ManagementObject>().First())
 				{
-					var executablePath = Convert.ToString(processData["ExecutablePath"]);
-
 					name = Convert.ToString(processData["Name"]);
+					path = Convert.ToString(processData["ExecutablePath"]);
 
-					if (File.Exists(executablePath))
+					if (File.Exists(path))
 					{
-						originalName = FileVersionInfo.GetVersionInfo(executablePath).OriginalFilename;
+						TryLoadOriginalName(path, out originalName);
+						TryLoadSignature(path, out signature);
 					}
 				}
 			}
@@ -158,7 +163,7 @@ namespace SafeExamBrowser.WindowsApi
 				logger.Error($"Failed to load process names for {process.ProcessName}!", e);
 			}
 
-			return (name, originalName);
+			return (name, originalName, path, signature);
 		}
 
 		private ILogger LoggerFor(System.Diagnostics.Process process, string name)
@@ -201,5 +206,38 @@ namespace SafeExamBrowser.WindowsApi
 
 			throw new Win32Exception(errorCode);
 		}
+
+		private bool TryLoadOriginalName(string path, out string originalName)
+		{
+			originalName = default;
+
+			try
+			{
+				originalName = FileVersionInfo.GetVersionInfo(path).OriginalFilename;
+			}
+			catch
+			{
+			}
+
+			return originalName != default;
+		}
+
+		private bool TryLoadSignature(string path, out string signature)
+		{
+			signature = default;
+
+			try
+			{
+				using (var certificate = X509Certificate.CreateFromSignedFile(path))
+				{
+					signature = certificate.GetCertHashString();
+				}
+			}
+			catch
+			{
+			}
+
+			return signature != default;
+		}
 	}
 }

SebWindowsConfig/Entities/PermittedApplicationInformation.cs

@@ -6,5 +6,6 @@
 		public string Executable { get; set; }
 		public string OriginalName { get; set; }
 		public string Path { get; set; }
+		public string Signature { get; set; }
 	}
 }

SebWindowsConfig/SEBSettings.cs

@@ -260,6 +260,7 @@ namespace SebWindowsConfig
 		public const String KeyArguments = "arguments";
 		public const String KeyArgument = "argument";
 		public const String KeyWindowHandlingProcess = "windowHandlingProcess";
+		public const String KeySignature = "signature";
 
 		// Group "Network"
 		public const String KeyEnableURLFilter = "enableURLFilter";
@@ -781,6 +782,7 @@ namespace SebWindowsConfig
 			SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeyIdentifier, "");
 			SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeyWindowHandlingProcess, "");
 			SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeyArguments, new ListObj());
+			SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeySignature, "");
 
 			// Default settings for prohibited process data
 			SEBSettings.prohibitedProcessDataDefault.Clear();

SebWindowsConfig/SebWindowsConfigForm.Designer.cs

@@ -30,8 +30,8 @@ namespace SebWindowsConfig
         {
 			this.components = new System.ComponentModel.Container();
 			System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(SebWindowsConfigForm));
-			System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle1 = new System.Windows.Forms.DataGridViewCellStyle();
+			System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle7 = new System.Windows.Forms.DataGridViewCellStyle();
-			System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle2 = new System.Windows.Forms.DataGridViewCellStyle();
+			System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle8 = new System.Windows.Forms.DataGridViewCellStyle();
 			this.openFileDialogSebConfigFile = new System.Windows.Forms.OpenFileDialog();
 			this.saveFileDialogSebConfigFile = new System.Windows.Forms.SaveFileDialog();
 			this.imageListTabIcons = new System.Windows.Forms.ImageList(this.components);
@@ -179,7 +179,6 @@ namespace SebWindowsConfig
 			this.label2 = new System.Windows.Forms.Label();
 			this.textBoxPermittedProcessExecutables = new System.Windows.Forms.TextBox();
 			this.checkBoxPermittedProcessStrongKill = new System.Windows.Forms.CheckBox();
-			this.buttonPermittedProcessCodeSignature = new System.Windows.Forms.Button();
 			this.dataGridViewPermittedProcessArguments = new System.Windows.Forms.DataGridView();
 			this.ArgumentActive = new System.Windows.Forms.DataGridViewCheckBoxColumn();
 			this.ArgumentParameter = new System.Windows.Forms.DataGridViewTextBoxColumn();
@@ -270,6 +269,7 @@ namespace SebWindowsConfig
 			this.labelBrowserExamKey = new System.Windows.Forms.Label();
 			this.label3 = new System.Windows.Forms.Label();
 			this.tabPageDownUploads = new System.Windows.Forms.TabPage();
+			this.checkBoxShowFileSystemElementPath = new System.Windows.Forms.CheckBox();
 			this.checkBoxTemporaryDownloadDirectory = new System.Windows.Forms.CheckBox();
 			this.checkBoxAllowCustomDownloadLocation = new System.Windows.Forms.CheckBox();
 			this.checkBoxAllowPDFPlugIn = new System.Windows.Forms.CheckBox();
@@ -463,7 +463,8 @@ namespace SebWindowsConfig
 			this.editDuplicateToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
 			this.configureClientToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
 			this.applyAndStartSEBToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
-			this.checkBoxShowFileSystemElementPath = new System.Windows.Forms.CheckBox();
+			this.label27 = new System.Windows.Forms.Label();
+			this.textBoxPermittedProcessSignature = new System.Windows.Forms.TextBox();
 			this.tabPageHookedKeys.SuspendLayout();
 			this.groupBoxFunctionKeys.SuspendLayout();
 			this.groupBoxSpecialKeys.SuspendLayout();
@@ -1885,8 +1886,8 @@ namespace SebWindowsConfig
 			// 
 			// Type
 			// 
-			dataGridViewCellStyle1.BackColor = System.Drawing.Color.Silver;
+			dataGridViewCellStyle7.BackColor = System.Drawing.Color.Silver;
-			this.Type.DefaultCellStyle = dataGridViewCellStyle1;
+			this.Type.DefaultCellStyle = dataGridViewCellStyle7;
 			this.Type.HeaderText = "Type";
 			this.Type.Name = "Type";
 			this.Type.ReadOnly = true;
@@ -2337,6 +2338,8 @@ namespace SebWindowsConfig
 			// 
 			// groupBoxPermittedProcess
 			// 
+			this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessSignature);
+			this.groupBoxPermittedProcess.Controls.Add(this.label27);
 			this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessOriginalName);
 			this.groupBoxPermittedProcess.Controls.Add(this.PermittedProcessOriginalNameLabel);
 			this.groupBoxPermittedProcess.Controls.Add(this.checkBoxPermittedProcessIconInTaskbar);
@@ -2344,7 +2347,6 @@ namespace SebWindowsConfig
 			this.groupBoxPermittedProcess.Controls.Add(this.label2);
 			this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessExecutables);
 			this.groupBoxPermittedProcess.Controls.Add(this.checkBoxPermittedProcessStrongKill);
-			this.groupBoxPermittedProcess.Controls.Add(this.buttonPermittedProcessCodeSignature);
 			this.groupBoxPermittedProcess.Controls.Add(this.dataGridViewPermittedProcessArguments);
 			this.groupBoxPermittedProcess.Controls.Add(this.labelPermittedProcessIdentifier);
 			this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessIdentifier);
@@ -2424,7 +2426,7 @@ namespace SebWindowsConfig
 			// label2
 			// 
 			this.label2.AutoSize = true;
-			this.label2.Location = new System.Drawing.Point(107, 138);
+			this.label2.Location = new System.Drawing.Point(846, 266);
 			this.label2.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0);
 			this.label2.Name = "label2";
 			this.label2.Size = new System.Drawing.Size(129, 13);
@@ -2434,10 +2436,10 @@ namespace SebWindowsConfig
 			// 
 			// textBoxPermittedProcessExecutables
 			// 
-			this.textBoxPermittedProcessExecutables.Location = new System.Drawing.Point(246, 135);
+			this.textBoxPermittedProcessExecutables.Location = new System.Drawing.Point(985, 263);
 			this.textBoxPermittedProcessExecutables.Margin = new System.Windows.Forms.Padding(2, 1, 2, 1);
 			this.textBoxPermittedProcessExecutables.Name = "textBoxPermittedProcessExecutables";
-			this.textBoxPermittedProcessExecutables.Size = new System.Drawing.Size(517, 20);
+			this.textBoxPermittedProcessExecutables.Size = new System.Drawing.Size(122, 20);
 			this.textBoxPermittedProcessExecutables.TabIndex = 90;
 			this.toolTip1.SetToolTip(this.textBoxPermittedProcessExecutables, "Process executable which is actually handling the main window.");
 			this.textBoxPermittedProcessExecutables.Visible = false;
@@ -2457,18 +2459,6 @@ namespace SebWindowsConfig
 			this.checkBoxPermittedProcessStrongKill.UseVisualStyleBackColor = true;
 			this.checkBoxPermittedProcessStrongKill.CheckedChanged += new System.EventHandler(this.checkBoxPermittedProcessStrongKill_CheckedChanged);
 			// 
-			// buttonPermittedProcessCodeSignature
-			// 
-			this.buttonPermittedProcessCodeSignature.Location = new System.Drawing.Point(781, 153);
-			this.buttonPermittedProcessCodeSignature.Margin = new System.Windows.Forms.Padding(2, 1, 2, 1);
-			this.buttonPermittedProcessCodeSignature.Name = "buttonPermittedProcessCodeSignature";
-			this.buttonPermittedProcessCodeSignature.Size = new System.Drawing.Size(112, 25);
-			this.buttonPermittedProcessCodeSignature.TabIndex = 14;
-			this.buttonPermittedProcessCodeSignature.Text = "Code Signature...";
-			this.buttonPermittedProcessCodeSignature.UseVisualStyleBackColor = true;
-			this.buttonPermittedProcessCodeSignature.Visible = false;
-			this.buttonPermittedProcessCodeSignature.Click += new System.EventHandler(this.buttonPermittedProcessCodeSignature_Click);
-			// 
 			// dataGridViewPermittedProcessArguments
 			// 
 			this.dataGridViewPermittedProcessArguments.ColumnHeadersHeightSizeMode = System.Windows.Forms.DataGridViewColumnHeadersHeightSizeMode.AutoSize;
@@ -3560,6 +3550,17 @@ namespace SebWindowsConfig
 			this.tabPageDownUploads.Text = "Down/Uploads";
 			this.tabPageDownUploads.UseVisualStyleBackColor = true;
 			// 
+			// checkBoxShowFileSystemElementPath
+			// 
+			this.checkBoxShowFileSystemElementPath.AutoSize = true;
+			this.checkBoxShowFileSystemElementPath.Location = new System.Drawing.Point(114, 167);
+			this.checkBoxShowFileSystemElementPath.Name = "checkBoxShowFileSystemElementPath";
+			this.checkBoxShowFileSystemElementPath.Size = new System.Drawing.Size(213, 17);
+			this.checkBoxShowFileSystemElementPath.TabIndex = 91;
+			this.checkBoxShowFileSystemElementPath.Text = "Show path of file system elements (Win)";
+			this.checkBoxShowFileSystemElementPath.UseVisualStyleBackColor = true;
+			this.checkBoxShowFileSystemElementPath.CheckedChanged += new System.EventHandler(this.checkBoxShowFileSystemElementPath_CheckedChanged);
+			// 
 			// checkBoxTemporaryDownloadDirectory
 			// 
 			this.checkBoxTemporaryDownloadDirectory.AutoSize = true;
@@ -4626,8 +4627,8 @@ namespace SebWindowsConfig
 			// spellCheckerDictionaryFilesColumn
 			// 
 			this.spellCheckerDictionaryFilesColumn.AutoSizeMode = System.Windows.Forms.DataGridViewAutoSizeColumnMode.Fill;
-			dataGridViewCellStyle2.WrapMode = System.Windows.Forms.DataGridViewTriState.True;
+			dataGridViewCellStyle8.WrapMode = System.Windows.Forms.DataGridViewTriState.True;
-			this.spellCheckerDictionaryFilesColumn.DefaultCellStyle = dataGridViewCellStyle2;
+			this.spellCheckerDictionaryFilesColumn.DefaultCellStyle = dataGridViewCellStyle8;
 			this.spellCheckerDictionaryFilesColumn.HeaderText = "Files";
 			this.spellCheckerDictionaryFilesColumn.Name = "spellCheckerDictionaryFilesColumn";
 			this.spellCheckerDictionaryFilesColumn.ReadOnly = true;
@@ -6025,16 +6026,23 @@ namespace SebWindowsConfig
 			this.applyAndStartSEBToolStripMenuItem.Visible = false;
 			this.applyAndStartSEBToolStripMenuItem.Click += new System.EventHandler(this.applyAndStartSEBToolStripMenuItem_Click);
 			// 
-			// checkBoxShowFileSystemElementPath
+			// label27
 			// 
-			this.checkBoxShowFileSystemElementPath.AutoSize = true;
+			this.label27.AutoSize = true;
-			this.checkBoxShowFileSystemElementPath.Location = new System.Drawing.Point(114, 167);
+			this.label27.Location = new System.Drawing.Point(141, 138);
-			this.checkBoxShowFileSystemElementPath.Name = "checkBoxShowFileSystemElementPath";
+			this.label27.Name = "label27";
-			this.checkBoxShowFileSystemElementPath.Size = new System.Drawing.Size(213, 17);
+			this.label27.Size = new System.Drawing.Size(52, 13);
-			this.checkBoxShowFileSystemElementPath.TabIndex = 91;
+			this.label27.TabIndex = 96;
-			this.checkBoxShowFileSystemElementPath.Text = "Show path of file system elements (Win)";
+			this.label27.Text = "Signature";
-			this.checkBoxShowFileSystemElementPath.UseVisualStyleBackColor = true;
+			// 
-			this.checkBoxShowFileSystemElementPath.CheckedChanged += new System.EventHandler(this.checkBoxShowFileSystemElementPath_CheckedChanged);
+			// textBoxPermittedProcessSignature
+			// 
+			this.textBoxPermittedProcessSignature.Location = new System.Drawing.Point(199, 135);
+			this.textBoxPermittedProcessSignature.Name = "textBoxPermittedProcessSignature";
+			this.textBoxPermittedProcessSignature.Size = new System.Drawing.Size(565, 20);
+			this.textBoxPermittedProcessSignature.TabIndex = 97;
+			this.toolTip1.SetToolTip(this.textBoxPermittedProcessSignature, "The hash / thumbprint of the certificate used to sign the executable.");
+			this.textBoxPermittedProcessSignature.TextChanged += new System.EventHandler(this.textBoxPermittedProcessSignature_TextChanged);
 			// 
 			// SebWindowsConfigForm
 			// 
@@ -6361,7 +6369,6 @@ namespace SebWindowsConfig
         private System.Windows.Forms.CheckBox checkBoxProhibitedProcessCurrentUser;
         private System.Windows.Forms.CheckBox checkBoxProhibitedProcessActive;
         private System.Windows.Forms.Button buttonProhibitedProcessCodeSignature;
-        private System.Windows.Forms.Button buttonPermittedProcessCodeSignature;
         private System.Windows.Forms.DataGridView dataGridViewEmbeddedCertificates;
         private System.Windows.Forms.Button buttonRemoveCertificate;
         private System.Windows.Forms.ComboBox comboBoxChooseIdentityToEmbed;
@@ -6601,6 +6608,8 @@ namespace SebWindowsConfig
 		private System.Windows.Forms.CheckBox checkBoxAllowPrint;
 		private System.Windows.Forms.CheckBox checkBoxEnableFindPrinter;
 		private System.Windows.Forms.CheckBox checkBoxShowFileSystemElementPath;
+		private System.Windows.Forms.TextBox textBoxPermittedProcessSignature;
+		private System.Windows.Forms.Label label27;
 	}
 }
 

SebWindowsConfig/SebWindowsConfigForm.cs

@@ -2476,6 +2476,7 @@ namespace SebWindowsConfig
 			textBoxPermittedProcessExecutables.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeyWindowHandlingProcess];
 			textBoxPermittedProcessPath.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeyPath];
 			textBoxPermittedProcessIdentifier.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeyIdentifier];
+			textBoxPermittedProcessSignature.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeySignature];
 
 			// Reset the ignore widget event flags
 			ignoreWidgetEventPermittedProcessesActive = false;
@@ -2671,6 +2672,7 @@ namespace SebWindowsConfig
 			processData[SEBSettings.KeyPath] = "";
 			processData[SEBSettings.KeyIdentifier] = "";
 			processData[SEBSettings.KeyArguments] = new ListObj();
+			processData[SEBSettings.KeySignature] = "";
 
 			// Insert new process into process list at position index
 			SEBSettings.permittedProcessList.Insert(SEBSettings.permittedProcessIndex, processData);
@@ -2719,6 +2721,7 @@ namespace SebWindowsConfig
 				textBoxPermittedProcessOriginalName.Text = permittedApplicationInformation.OriginalName;
 				textBoxPermittedProcessTitle.Text = permittedApplicationInformation.Title;
 				textBoxPermittedProcessPath.Text = permittedApplicationInformation.Path;
+				textBoxPermittedProcessSignature.Text = permittedApplicationInformation.Signature;
 			}
 		}
 
@@ -2731,6 +2734,7 @@ namespace SebWindowsConfig
 				textBoxPermittedProcessOriginalName.Text = permittedApplicationInformation.OriginalName;
 				textBoxPermittedProcessTitle.Text = permittedApplicationInformation.Title;
 				textBoxPermittedProcessPath.Text = permittedApplicationInformation.Path;
+				textBoxPermittedProcessSignature.Text = permittedApplicationInformation.Signature;
 			}
 		}
 
@@ -2787,6 +2791,18 @@ namespace SebWindowsConfig
 				permittedApplicationInformation.Path = filePath;
 				permittedApplicationInformation.OriginalName = FileVersionInfo.GetVersionInfo(filename).OriginalFilename;
 
+				try
+				{
+					using (var certificate = X509Certificate.CreateFromSignedFile(filename))
+					{
+						permittedApplicationInformation.Signature = certificate.GetCertHashString()?.ToLower();
+					}
+				}
+				catch (Exception e)
+				{
+					MessageBox.Show(this, $"Failed to load the signature for the permitted process! {e}", "Signature Load Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
+				}
+
 				return permittedApplicationInformation;
 			}
 			return null;
@@ -2941,8 +2957,13 @@ namespace SebWindowsConfig
 			SEBSettings.permittedProcessData[SEBSettings.KeyWindowHandlingProcess] = textBoxPermittedProcessExecutables.Text;
 		}
 
-		private void buttonPermittedProcessCodeSignature_Click(object sender, EventArgs e)
+		private void buttonPermittedProcessCodeSignature_Click(object sender, EventArgs args)
 		{
+			if (SEBSettings.permittedProcessIndex < 0) return;
+
+			SEBSettings.permittedProcessList = (ListObj) SEBSettings.settingsCurrent[SEBSettings.KeyPermittedProcesses];
+			SEBSettings.permittedProcessData = (DictObj) SEBSettings.permittedProcessList[SEBSettings.permittedProcessIndex];
+
 
 		}
 
@@ -4689,5 +4710,13 @@ namespace SebWindowsConfig
 		{
 			SEBSettings.settingsCurrent[SEBSettings.KeyShowFileSystemElementPath] = checkBoxShowFileSystemElementPath.Checked;
 		}
+
+		private void textBoxPermittedProcessSignature_TextChanged(object sender, EventArgs e)
+		{
+			if (SEBSettings.permittedProcessIndex < 0) return;
+			SEBSettings.permittedProcessList = (ListObj) SEBSettings.settingsCurrent[SEBSettings.KeyPermittedProcesses];
+			SEBSettings.permittedProcessData = (DictObj) SEBSettings.permittedProcessList[SEBSettings.permittedProcessIndex];
+			SEBSettings.permittedProcessData[SEBSettings.KeySignature] = textBoxPermittedProcessSignature.Text;
+		}
 	}
 }