I was approached the other day regarding the use of your catalog with a security question, since the person asking is my director - i sort of need to provide an answer :)
How does Patch My PC ensure that the content you distribute has not been compromised?
Is the hash of the binary downloaded from the vendor verified before the package is created and made available OR does the publishing service download the files directly from the vendor during acquisition?
The concern is around virus or malware making it into your process and then distribute it under our code signing cert to our endpoints.
In your response, please any links you have to virus scaning, hash validation, etc that is part of your creation and distribution process prior to enabling customer consumption of a patch.
Thanks!
Hey!
Let me know if this helps https://patchmypc.com/deep-dive-into-security-validation-of-third-party-software-updates-in-microsoft-sccm
Awesome - this is exactly what i needed!