[Feature Request]: invisble.vbs digital signing

[StreamCalm]

The request

Would be good for the VBS script to be digitally signed like the Powershell scripts

Is your feature request related to a problem?

The invisible.vbs script isn't signed and so is blocked by AppLocker/WDAC policies requiring scripts to be signed (eg. error below from AppLocker).

> Event 8007 %OSDRIVE%\PROGRAMDATA\WINGET-AUTOUPDATE\INVISIBLE.VBS was prevented from running.

Would be good to sign these like the powershell scripts to avoid hash based rules which will break with any changes.

Additional information

Raised this initially (mistakenly) on the Winget-AutoUpdate project as I hadn't realised the signing of the powershell scripts came through this project (I've installed via the Store App - not sure if that's what signs the scripts?).

Sounds like there's a plan to workaround using any VBS at all (Romanitho#465, Romanitho#496), but if there's an interim change that could be made to sign the VBS script that'd be awesome!

Appreciate we can workaround this with hash rules, signing ourselves, etc. just wanted to flag it...

[Weatherlights]

Hey, thank you for your comment. I am also implementing a workaround for VBS aswell (it is already in the code) but have not put it in the releases yet since it would require me to implement different architectures (to avoid folder SYSWOW6432 redirection)

But I will put some more energy in it to get it done if now someone asks about it :).

[github-actions]

This issue is stale because it has been open for 30 days with no activity.

[github-actions]

This issue was closed because it has been inactive for 14 days since being marked as stale.