Signed Drivers and Unsigned Drivers

February 19th, 2010

When you install a device driver in Windows, you might have seen a warning that the driver is not signed. In that case you need to manually authorize the installation and use of that device driver.

In Vista for example you would see the message below indicating that Windows can’t verify the publisher of this driver software.

Unsigned driver install message

But what is the difference between signed and unsigned drivers?

A signed driver is basically a digitally signed driver, which means that the driver software is associated with a digital certificate that allows identification of the publisher of the driver. It also ensures that the driver has never been modified by anyone else, as that would corrupt the signed status and make it unsigned.

So using a signed driver will ensure that Windows can automatically install the driver and prevents malicious software to be installed along with the driver. Considering that drivers operate at a very high security level in the operating system, it is very important to use safe drivers.

Windows Vista, Windows 2008 server and Windows 7 already enforce unsigned drivers to be installed using administrator level access, but how can you know for sure that an unsigned driver is safe?

Well, you cannot really. So always make sure that your security software is up to date and active, and make a backup or create a system restore point before you make any changes to your system, especially when installing device drivers.

Verify unsigned drivers in Windows XP

In Windows XP, the enforcement of signed drivers is not present, so the risk of installing unsigned drivers with all associated risks is much higher.

One thing you can do in Windows XP is to find the unsigned drivers in Windows XP and, if possible, replace them by newer, signed drivers.

Microsoft has detailed instructions on how to use the Windows XP Signature Verification Tool to check the unsigned driver files. This also describes the common problem with power management in unsigned drivers, so you can try to update or replace the unsigned drivers by signed drivers, or disable the unsigned drivers if they do cause such problems.

Disable Unsigned Driver Warnings

It is not something we recommend, but as a user you can actually disable the warnings regarding unsigned drivers in Windows XP. Right-click the My Computer icon, and select Properties in the popup menu. Now select the Hardware tab, and click the Driver Signing button. Next, select the Ignore option and click OK.

Ignore unsigned drivers in Windows XP

If you are using Windows XP Professional, you can also change the security policies to do the same.

Type “secpol.msc” at the Run option in the Start menu and press Enter. Then browse to Local Policies -> Security Options. Now find and change the option “Devices: Unsigned driver installation behavior” to “Silently succeed”. This requires a reboot of the computer.

Use unsigned drivers in Windows 7

Windows 7 will not allow you to install unsigned drivers as well. Although it is good to protect an operating system from installing potentially unreliable drivers, in some cases there simply are no signed drivers available, and the unsigned drivers are the only way to make a device work.
In Windows 7 you can disable driver signing from the Start menu (F8), but that will need to be done during each boot.
Other options are to use the Group Policy editor, which will work for the Ultimate (and I also believe the Pro versions):
- start the Group Policy Editor using the gpedit.msc command on the start menu.
- select User Config -> Admin Templ. -> System -> Driver installation
- select IGNORE in the dropdown box

If the Group Policy Editor option is not available, you can use this method:
- start a command prompt with admin rights (right click and select Run as Administrator)
- type bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS and press Enter
- type bcdedit.exe -set TESTSIGNING ON and press Enter

After this you should be able to install unsigned drivers in Windows 7.

In case you want to revert the changes, use DENABLE_INTEGRITY_CHECKS as the last option in the first command and OFF instead of ON in the second command.

If all this does not work for you, you can try signing the driver yourself. Windows supports a test mode which allows signed (but not digitally verified) drivers to be loaded. A utility called Driver Signature Enforcement Overrider can be used for this purpose.
To update your drivers in a few simple steps, you can use a driver update tool.


Entry Filed under: Device Drivers

3 Comments Add your own

  • 1. Social Bookmarking  |  May 4th, 2010 at 8:41 am

    - thanks again for the contribution to this will definitely help someone out someday. Glad it had both XP, and & information-

  • 2. Amit Kumar  |  January 8th, 2013 at 12:57 am

    Hello i am an application packager working on Windows 7 Platform. I got this unsigned driver while installing the application named as “ClearOne Coverge console” but i want to use it as signed driver so that it could be used in my package as unattended and the user should not have to interact with the installation of this Unsigned Driver. please give me feasible solution for . Thank you

  • 3. Andy  |  January 9th, 2013 at 4:39 am

    @Amit Kumar – The only way I know that will work in all cases is to sign the driver. So you’ll need a code signing certificate for that.

Leave a Comment


Required, hidden


Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Subscribe to

Subscribe to the latest device & driver news!


Useful Driver Tools


Recent Posts

Recent Comments