I had a need for getting all Unsigned drivers in a Windows 8 system to help out with some debugging.
1 2 3 4 5 6 7 8 9 10 11 |
# List all unsigned Drivers in the system $SysFiles = driverquery /si /FO CSV | ConvertFrom-CSV | Where-Object -Property IsSigned -EQ "FALSE" | Select-Object -Property InfName | Where-Object { $_.InfName -like "*.inf" } | foreach { Select-String -Path $env:SystemRoot\inf\$($_.InfName) -Pattern ServiceBinary | select-string -Pattern \.SYS } $UnSigned = $SysFiles.Line -replace ".*\\" | select -Unique |
As I’m still learning Powershell there might be better and faster ways of solving this problem, but this seems to work good enough for me, and hopefully for you too.
It’s a quite straight forward and easy script to use and change if there is a need, such as instead of showing Unsigned drivers, list all Signed Drivers by using IsSigned -EQ “TRUE”.
Use driverquery.exe to list all Unsigned Drivers to CSV, then import that CSV into Powershell and display all Drivers that’s unsigned (-EQUAL “False”). You will actually just get the .INF file at this point which kind of sucks, not the driverfile which we need in this case.
So for each returned .INF file, we are then opening those files in c:\windows\INF (that’s where Windows stores all installed INF/diver files) and find all .SYS files (drivers) referenced in the INF files. And after some more filtering, it then outputs a list of the unsigned drivers ($UnSigned), like this.
I’ll then use that list and pass the unsigned drivers list to “Verifier.exe /standard /driver $UnSigned” to enable some Special driver Verification for finding the cause of some blue-screens.
I guess this script should work quite well also on Windows 7, but I’ve not tried it.