Trust & Transparency

Software Authenticity & Signature Verification

Guidance for MSPs, IT administrators, and software validation reviewers on obtaining, verifying, and validating genuine Remvx software releases before deployment.

Expected publisher
Remvx LLC
Security contact
[email protected]
Related
Software Signing

Distribution

Approved distribution channels

All official Remvx software releases should be obtained only from approved Remvx distribution channels. Remvx does not publish anonymous public download endpoints for production agent packages.

Authorized distribution occurs through:

  • Guided evaluation and onboarding workflows after approval
  • Tenant-scoped packages issued to registered customer organizations
  • Documented deployment channels coordinated with Remvx support or onboarding teams

Software obtained from third-party mirrors, unsolicited email attachments, unfamiliar websites, or unverified file shares should be treated as untrusted until authenticity is confirmed.

Before wide deployment: Verify the digital signature and publisher on every installer or binary, and confirm the package was received through your organization's authorized onboarding channel.

Publisher

How to verify publisher information

Remvx software releases may be digitally signed by Remvx LLC. When reviewing installer properties or signature details, the expected publisher name is:

Expected Publisher: Remvx LLC
Registered jurisdiction: Wyoming, United States
Registered address: 1309 Coffeen Ave STE 19998, Sheridan, WY 82801

Graphical verification (Windows)

  1. Locate the file

    Identify the Remvx installer or binary file - for example RemvxAgent_x64.msi or RemvxAgent.exe as provided during onboarding.

  2. Open file properties

    Right-click the file and select Properties.

  3. Review Digital Signatures tab

    Select the Digital Signatures tab. A genuine Remvx release should list a signature attributed to Remvx LLC. Select the signature and click Details to review the certificate chain.

  4. Confirm certificate validity

    Ensure the certificate is valid, not expired, and chains to a trusted root authority. Consult your organization's certificate trust policy if validation warnings appear.

Verification

How to verify digital signatures on Windows

Enterprise administrators may validate signatures programmatically using PowerShell. Run commands only on systems you are authorized to administer.

PowerShell 
Get-AuthenticodeSignature"RemvxAgent.exe"
Replace the filename with your actual installer or binary path. For MSI packages, verify the MSI file directly or extract and verify embedded binaries per your deployment policy.
PowerShell - MSI example 
Get-AuthenticodeSignature".\RemvxAgent_x64.msi" | Format-List

Review the Status, SignerCertificate, and Path fields in the output. The signer subject should reference Remvx LLC for genuine releases.

Interpretation

Understanding signature status results

StatusMeaningRecommended action
Valid The digital signature is intact and the file has not been modified since signing. The publisher certificate chains to a trusted root. Proceed with organizational change-control review. Confirm the file was obtained from your authorized Remvx onboarding channel.
HashMismatch / NotSigned The file may have been tampered with, corrupted in transit, or was never signed by the publisher. Do not deploy. Obtain a fresh package from authorized channels and report the incident if the source was unexpected.
UnknownError / Certificate errors Validation could not complete - often due to untrusted certificate chains, expired certificates, or local trust store configuration. Review certificate details manually. Consult your PKI team. Contact [email protected] if the publisher is Remvx LLC but validation fails unexpectedly.
Unknown Publisher The file is signed by an entity other than Remvx LLC, or signature metadata does not match expected publisher information. Do not deploy. Treat as untrusted software. Report to [email protected].
Tampered file Any Valid status loss after prior validation, unexpected hash changes, or mismatched file names versus onboarding records may indicate modification. Quarantine the file. Re-obtain from authorized distribution. Include file hash and source details when contacting security.

Signature verification confirms publisher identity and file integrity at verification time. It should be combined with confirmation that the package was issued through your organization's approved Remvx onboarding process. See Agent Identification for deployment traceability context.

Reporting

Reporting suspicious files

If you encounter software that claims to be Remvx but fails signature verification, originates from an unknown source, or displays an unexpected publisher, report it to our security team.

Include when possible:

  • File name and SHA-256 hash
  • Source of the file (URL, email, media)
  • Signature status output from Get-AuthenticodeSignature
  • Your organization name and contact information

[email protected]

Do not forward suspicious binaries unless requested by the security team. Hash and metadata reports are preferred for initial triage.

Contact

Publisher contact

Publisher

Remvx LLC
1309 Coffeen Ave STE 19998
Sheridan, Wyoming 82801
United States

Software authenticity & signing

[email protected]

Support

[email protected]

Related: Software Signing policy - Downloads - Trust Center