How to enable or disable test signing mode in Windows.



Windows test signing mode is a special mode of operation designed to allow loading of the unsigned drivers into Windows. What it means, basically, that beginning with Windows Vista 64-bit edition Microsoft imposed a restriction that only digitally signed device drivers are normally allowed to be loaded and used by the system. When the test signing mode is enabled, it removes such a restriction. Note that if you have a 32-bit version of Windows, then you may not need to worry about the test signing mode, because this restriction applies only to the 64-bit versions.

Why would you want to enable the test signing mode? Well, if you use an older 64-bit version of Windows, such as Windows Vista or Windows 7, it may no longer recognize a digital signature of a recent driver. For example, when you try to run the latest version of Folder Guard on Windows 7 64-bit, it may report that it cannot load its driver:

Error Cannot load Folder Guard driver

and Windows 7 may show the following explanation:

Windows requires a digitally signed driver

What's puzzling, when you check the digital signature of the driver (by navigating to the folder C:/Program Files/Folder Guard, right-clicking on the file FGUARD64.sys, and selecting Properties from the menu), Windows reports that the digital signature of that file is OK:

Digital signature is OK

So, the digital signature of the Folder Guard driver is OK, but Windows 7 reports that it is unsigned. What makes Windows 7 so confused? Let us spare you a lot of boring technical details that involve cryptographic algorithms (SHA1 ans SHA256), Certificate Authorities, the EV certificates, cross-signing certificates, root certificates, as well as the (un)willingness of Microsoft to update the old versions of Windows, because the conclusion would eventually come down to, as time progresses, and as Microsoft and other software companies tighten up the restrictions on what kind of digital signatures are allowed to be used, deprecating the old, less secure standards, the old versions of Windows simply cannot keep up with such advances, and enabling the test signing mode becomes the only practical solution to allow the use of the newer products on the old versions of Windows.

Wait, wouldn't enabling the test signing mode make my Windows 7 computer less secure, you might be asking? Yes, it would, but that ship has sailed when you decided not to update Windows 7 to a more recent version of Windows that is still supported and updated by Microsoft. Your Windows 7 computer is already insecure, and if you are OK with that, enabling the test signing mode would not make a significant difference in its security anyway.

How to enable the test signing mode

The first step is to open a Windows command window as Administrator. The exact procedure is a bit different in different versions of Windows, but usually the following procedure should work: click the Start button and type cmd (if there is a Search box, type it into that box). You should see a list of the results displayed and if it contains cmd.exe or Command prompt, right-click it, and select Run as Administrator from the menu.

When the command prompt window appears on the screen, type the following command:

bcdedit /set TESTSIGNING ON

You should see the result similar to the following:

Enabling test signing mode using command prompt window

(If you see the Access denied message, it means you have not opened the command window in the Administrator mode.)

To make the change effective, restart the computer. If you see the Test mode message displayed in the bottom-right corner of the desktop, it means that the test signing mode is enabled and the loading of the unsigned device drivers is allowed:

The test signing mode has been enabled

If you had a problem running Folder Guard (or another program) before, run it again now, and it should proceed normally, without displaying an error message about loading a driver.

How to disable the test signing mode

If you have decided that you no longer want to allow unsigned drivers to be used by Windows, and to remove the Test mode message from the desktop, you need to open the command window as Administrator in the same way as described above, and type the following command:

bcdedit /set TESTSIGNING OFF

Restart the computer, and the Test mode message should disappear from the corner of the desktop. Of course, any software that might be using a driver with an unrecognized digital signature may stop working after that.

Happy computing!

If you want to link to this article, you can use this HTML code: <a href="https://www.winability.com/how-to-enable-disable-test-signing-mode-windows/">How to enable or disable test signing mode in Windows.</a>

Read more