Driver signing policy is automatically elevated for unsigned drivers

Article translations Article translations
Article ID: 831583 - View products that this article applies to.
Expand all | Collapse all


When you install a device driver, and Microsoft Windows 2000 or Microsoft Windows XP detects that the device driver is not digitally signed, you may receive a warning message and an option to cancel or continue the installation. This message appears even though Windows is configured with the DriverSigningPolicy setting set to Ignore.

The following error message may also be written to the Setupapi.log file:
E245: The device installation digital signature failure policy has been elevated from Ignore to Warn due to a proposed replacement of a protected system file.


This behavior occurs when an installation program tries to install an unsigned driver that will replace an existing signed driver that is protected by the operating system. Windows will automatically raise the driver signing policy from Ignore to Warn when an attempt is made to replace a protected system file. This is a function of Windows File Protection to promote the overall stability of the operating system.


This behavior is by design.


For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
298503 Driver signing registry values cannot be modified directly in Windows
314479 How to Add OEM Plug and Play Drivers to Windows XP


Article ID: 831583 - Last Review: April 29, 2008 - Revision: 2.1
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
kbinfo KB831583

Give Feedback