Error "The signature of Virtualbox-5.0.14-105127-Win.exe is

[EricLevinson]

Corrupt or invalid."

Please advise. I cannot execute the installer because Windows is telling me the signature is corrupt or invalid.

Thanks,
Eric

[BoldyBoddinton]

I also am getting this 'corrupt or invalid' signature error.

Windows: 10 x86_64
AV: Windows Defender

Smart Screen does not allow installer to run.

[BillG]

Download the installation file and then run it locally. If Edge won't let you download it, use IE11 or some other browser. I use ie11 and had no problems (even though it did complain about the sig).

[Sh0ckTheM0nk3y]

I also get this message with IE11 on Win8.1. I had to use Firefox to download this file.

[GregB3]

I am also getting a Smart Screen warning about this version of VirtualBox. I downloaded the installer twice and Windows Server 2012 R2 is throwing up a blue bar saying that the installation is being blocked by Smart Screen. The error message says that the installer is from an unknown publisher. I'm running the installation file directly from File Explorer.

[chevalasco]

Same problem.

[barery24]

Google "Microsoft Security Advisory 3123479"
(sorry I'm new guy here so I can't post link )

Seems like they should update code sign

[sieve]

Microsoft deprecated signing with SHA-1 cert just now https://technet.microsoft.com/library/security/2880823

Recent: https://technet.microsoft.com/library/security/3123479

[socratis]

• SHA-1 is going nowhere, it's simply that SmartScreen doesn't like it anymore.
• It's a warning only.
• SmartScreen is an InternetExplorer feature. Only. You can always use another browser.
• You can always disable SmartScreen. From Microsoft themselves and the article you linked:

  This status does not prevent customers from downloading the file or running these browsers on their computers. But customers are warned of the not trusted status of the file.

• I bet it will be fixed soon, it's simply not neccessary to have 40 users and their mothers complain about it.

P.S. Your links don't actually work. They should have been:
- https://technet.microsoft.com/en-us/lib ... 80823.aspx
- https://technet.microsoft.com/en-us/lib ... 23479.aspx

[chevalasco]

it's simply not neccessary to have 40 users and their mothers complain about it.

Dear socratis, it's much better have 40 users etc. complaing and reporting a problem (not necessarly a bug) than having that problem arised by just 2 or 3 "orphans".
I'm new to windows 10. I use Firefox and I had never seen a "smart screen" alert before. So, just two words to instruct on the disable procedure, had been much more useful than your sarcasm.

To disable SmartScreen in Win 10: Control Panel -> Security -> choose "Change Windows SmartScreen settings" from left panel -> disable it -> done (at one's own risk)!

[Just2Evil]

Dear Socratis,

First there links work fine, but if SHA-1 is not going anywhere why are nearly every browser from chrome, firefox and microsoft including I.E and Edge heading in the direction of no longer supporting it and with the intentions of removing SHA-1 support altogether. It may only be a warning, but a very serious warning due the serious vulnerability with in SHA-1. Nearly all browser are warning of the issue with SHA-1.

SHA-1 has been depreciated by most browser and is heading of no longer being support. So SHA-1 is heading somewhere.

Regards,

[socratis]

Dear chevalasco and Just2Evil, a couple of points:

• If a report of a problem is confirmed, that's a good thing(™). If the problem is as obvious as the daylight, you do not need at least three separate threads and (OK, almost...) 40 messages to confirm the obvious, most of them "me too" messages. It increases the noise to signal ratio and it shows that there are users that prefer to register and login to say "me too" than do a 30 sec search on their favorite search engine.
• One man's humor, is another man's sarcasm. Can't do anything about it.
• SHA-1 is not going anywhere. Unless the powers to be decide to replace each and every certificate for each and every server out there. Mind you that some of them are using hardware for that purpose. So, at most, I see a perpetual warning about SHA-1, until SHA-1 fades to less than 1%. Even then, I expect it to be deprecated, not obsoleted or forbidden.

[socratis]

Oh, I forgot... The links did not work as they were. For me at least. The "https://technet.microsoft.com/en-us/" part was missing, which led me to the generic TechNet Library page. Maybe it's because I use a couple of locales in my actual and virtual machines.

[mpack]

I'm going to lock this thread, and any others that discuss the same subject. The problem is clearly not in VirtualBox, it is effectively a false positive from an over fussy anti malware function built into a particular browser. I am sure that the devs are well aware (how could they not be?) that SHA-1 is being deprecated, and that when they renew their signatures they'll have to get new ones that use something stronger. I doubt the devs need all of the above to tell them their business.