Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Summary

The /INTEGRITYCHECK linker option provides Windows kernel digital signature verification for user mode Portable Executables (PE) files. This linker option is required for anti-malware and anti-cheat scenarios to register components with the Windows Security Center.  

You must sign IntegrityCheck-linked user mode PEs using Azure Code Signing (ACS). The cross-signing program is deprecated and new signing certificates will not be issued. Windows will continue to trust the existing binaries signed by the cross-signing program.

Compatibility 

Microsoft first introduced the signing requirement for user mode PEs in Windows 11, version 21H2. These changes were serviced to the supported Windows client and Windows server products through Windows Update. All versions of Windows 11 natively support Azure Code Signing for user mode PE files. Support for Azure Code Signing was made available in other client and server products starting with the releases listed below. 

Product

KB number

Release date

Windows Server 2022

5005619

September 27, 2021

Windows 10, version 2004

Windows 10, version 20H2

Windows 10, version 21H1

5005611

September 30, 2021

Windows 10, version 1909

5005624

September 21, 2021

Windows 10, version 1809

Windows Server 2019

5005625

September 21, 2021

Windows 10, version 1607

Windows Server 2016

5006669

October 12, 2021

Windows 10, version 1507

5006675

October 12, 2021

Windows 8.1

Windows Server 2012 R2

5006714 (Monthly rollup)

5006729 (Security-only update)

October 12, 2021

Windows Server 2012

5006739 (Monthly rollup)

5006732 (Security-only update)

October 12, 2021

Windows 7.0 SP1

Windows Server 2008 R2

5006743 (Monthly rollup)

5006728 (Security-only update)

October 12, 2021

Windows Server 2008 SP2

5006736 (Monthly rollup)

5006715 (Security-only update)

October 12, 2021

NOTE To correctly verify modules signed by Azure Code Signing, computers are required to have the "Microsoft Identity Verification Root Certificate Authority 2020" certificate authority (CA) installed. By default, root certificates are installed automatically if the computer is connected to the Internet. If the "automatic root certificates update" setting is disabled or the computer is offline, you must install this root certificate into the certificate store of "Local Computer" under "Trusted Root Certification Authorities". To download the certificate, see PKI Repository - Microsoft PKI Services.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×