PowerEdge: 14G, 15G, and 16G Chipset DUP WDAC not signed errors when changed from audit to enforced

Summary: The PowerEdge 15G and 16G Intel Lewisburg C62xx Chipset Dell Update package (DUP) version 10.1.19485.8386, for Windows operating system, released as part of the December 2023 release (factory and web posting) includes non-signed components from Intel for Windows Defender Application Control (WDAC). The PowerEdge R6515/R7515 AMD Milan Chipset DUP version 2.18.30.202 (October 2023) was also found to include non-signed components from AMD for WDAC. The PowerEdge 14G Intel platform Chipset DUP package version 10.1.18807.8279 (#K69PV) targeted for the upcoming March 2024 block has been found to have the same issue with WDAC (enforced mode) as it includes non-signed components from Intel. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The PowerEdge 15G and 16G Intel Lewisburg C62xx Chipset DUP package version 10.1.19485.8386 (#VGX10) for Windows operating system, released as part of the December 2023 block release (factory and web posting), includes non-signed components from Intel for Windows Defender Application Control (WDAC).

The R6515/R7515 AMD Milan chipset driver DUP package version 2.18.30.202 (#NJ9WJ) for Windows operating system that was part of the October 2023 block release (factory and web posting) includes non-signed components from AMD for Windows Defender Application Control (WDAC).

The PowerEdge 14G Intel Lewisburg C72xx Chipset DUP package version 10.1.18807.8279 (#K69PV) targeted for the upcoming March 2024 block includes non-signed components from Intel for the Windows Defender Application Control (WDAC).

WDAC is a new feature from Microsoft initially released in the chipset driver package in December. Full feature integration requires iDRAC updates which are not yet available.

WDAC is described in the Microsoft article: Understand Windows Defender Application Control (WDAC) policy rules and file rules - Windows Security | Microsoft LearnThis hyperlink is taking you to a website outside of Dell Technologies.. The initial setting for WDAC is in Audit mode.

If a WDAC is changed from Audit mode to Enforced mode, when attempting to install the Intel chipset DUP package (version 10.1.19485.8386), the install will fail with the following errors:

Status        : NotSigned
StatusMessage : The file C:\Temp\intel15G\Bootstrapper.dll is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170This hyperlink is taking you to a website outside of Dell Technologies.
Path          : C:\Temp\intel15G\Bootstrapper.dll

Status        : NotSigned
StatusMessage : The file C:\Temp\intel15G\Chipset.Bootstrapper.dll is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170This hyperlink is taking you to a website outside of Dell Technologies.
Path          : C:\Temp\intel15G\Chipset.Bootstrapper.dll

Status        : NotSigned
StatusMessage : The file C:\Temp\intel15G\CommandLineUtility.dll is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170This hyperlink is taking you to a website outside of Dell Technologies.
Path          : C:\Temp\intel15G\CommandLineUtility.dll

Status        : NotSigned
StatusMessage : The file C:\Temp\intel15G\Intel.Tools.dll is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170This hyperlink is taking you to a website outside of Dell Technologies.
Path          : C:\Temp\intel15G\Intel.Tools.dll

Status        : NotSigned
StatusMessage : The file C:\Temp\intel15G\winterop.dll is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see  about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170This hyperlink is taking you to a website outside of Dell Technologies.
Path          : C:\Temp\intel15G\winterop.dll

Status        : NotSigned
StatusMessage : The file C:\Temp\intel15G\wix.dll is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170This hyperlink is taking you to a website outside of Dell Technologies.
Path          : C:\Temp\intel15G\wix.dll

 


Errors in the Windows CodeIntegrity log will be similar to:

Windows CodeIntegrity log example

Figure 1: Windows CodeIntegrity log example


The PowerEdge R6515/R7515 with the AMD Milan chipset DUP version 2.18.30.202 package encounters similar errors, but the filenames called out will be the AMD-related filenames that were not signed - such as nsExec.dll.


There are two known Dell use cases for WDAC as Enforced:

  • APEX Cloud Platform for Azure - WDAC as Enforced by default on all deployments
  • In-Market Solution with 23H2 also has WDAC as Enforced by default.

Cause

Both Intel and AMD chipset DUP released packages contained non-signed binaries for the new WDAC feature which resulted in DUP install failures and errors in the logs when WDAC is configured in "Enforced" mode.

Resolution

Dell Engineering is aware of the issue when setting WDAC to enforced and is working on an updated DUP package with properly signed components from our vendor.

The current engineering recommendation is to install the updated chipset DUP packages when they are available.
 

The updated 15G and 16G Intel Chipset driver DUP package is planned to be web promoted in early January 2024 with a factory install targeted for June block 2024.
The updated 14G Intel Chipset driver DUP package is planned to be in the upcoming June block 2024.
The update AMD Chipset driver DUP package is planned to be web promoted and factory installed in April 2024 block.

The iDRAC enablement of the WDAC feature is targeted for a March block 2024 release.


The Solutions using WDAC configured to "enforced" uses other update methods until the updated DUP chipset packages are available.
 

This article is updated as new information becomes available.

Affected Products

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, PowerEdge C6420, PowerEdge C6520, PowerEdge C6620, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX5016s, PowerEdge MX740C , PowerEdge MX750c, PowerEdge MX760c, PowerEdge MX840C, PowerEdge R240, PowerEdge R250, PowerEdge R260, PowerEdge R340, PowerEdge R350, PowerEdge R360, PowerEdge R440, PowerEdge R450, PowerEdge R540, PowerEdge R550, PowerEdge R640, PowerEdge R650, PowerEdge R650xs, PowerEdge R660, PowerEdge R660xs, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R760, PowerEdge R760XA, PowerEdge R760xd2, PowerEdge R760xs, PowerEdge R840, PowerEdge R860, PowerEdge R940, PowerEdge R940xa, PowerEdge R960, PowerEdge T140, PowerEdge T150, PowerEdge T160, PowerEdge T340, PowerEdge T350, PowerEdge T360, PowerEdge T440, PowerEdge T550, PowerEdge T560, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545 ...
Article Properties
Article Number: 000220345
Article Type: Solution
Last Modified: 08 May 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.