Summary
When packaging a Windows build in Unreal Engine 5.5, the small bootstrapper executable generated in the root of the packaged directory (.exe, typically around 150–200 KB) is created with an invalid Authenticode Certificate Table. Although the file runs normally, the Security Directory in the PE Optional Header contains non-zero Address and Size values that point beyond the actual end of the file. This makes the file structurally invalid for Windows signing tools.
Because of this, code-signing utilities such as DigiCert Certificate Utility refuse to sign the file and report errors including “The file is not a valid Win32 application (0x800700C1)” and “CryptSIPRemoveSignedDataMsg returned error: 0x00000057”. The issue occurs on multiple Windows 10/11 systems and is fully reproducible in UE 5.5.
Manually clearing the Security Directory (setting Address and Size to zero) makes the executable signable again, confirming that the packaged bootstrapper is being produced with a corrupted certificate table. However, manually modifying packaged executables is not suitable for production pipelines and breaks automated signing workflows.
This directly impacts developers who need to distribute properly signed Windows builds, installers, and commercial applications. It would be beneficial if the bootstrapper were generated either with a valid certificate table or with the Security Directory correctly cleared, ensuring compatibility with Authenticode signing tools.
Please select what you are reporting on:
Unreal Editor for Fortnite
What Type of Bug are you experiencing?
Publishing
Steps to Reproduce
- Create or open any Unreal Engine 5.5 project.
- Package the project for Windows 64-bit (Shipping configuration).
- Navigate to the packaged output folder.
- Locate the small bootstrapper executable in the root:
<ProjectName>.exe
(This is the ~150–200 KB launcher, not the main Shipping EXE in Binaries.) - Attempt to sign this file using Microsoft SignTool or DigiCert Certificate Utility.
- Signing fails with the error:
“The file is not a valid Win32 application” (0x800700C1) - Inspect the EXE with a PE viewer (PE-bear, CFF Explorer).
- Observe that the Security Directory (Certificate Table) entry in the
Optional Header contains non-zero values that point outside the file size.
Expected Result
The packaged bootstrapper executable should contain either:
- a valid Authenticode certificate table, OR
- a zeroed-out Security Directory (Address = 0, Size = 0)
so that standard Windows code signing tools (SignTool, DigiCert Utility, etc.) can
successfully sign the EXE without errors.
Observed Result
The packaged bootstrapper executable contains an invalid/corrupted certificate table:
- Security Directory Address and Size point beyond the end of the file.
- As a result, Windows signing APIs reject the file.
Signing fails with “The file is not a valid Win32 application (0x800700C1)”
or “CryptSIPRemoveSignedDataMsg returned error: 0x00000057”.
This prevents developers from signing the EXE for distribution.
Platform(s)
Windows 10 (x64)
Windows 11 (x64)
Unreal Engine 5.5 (Launcher installation)
Packaging: Windows 64-bit (Shipping)
Additional Notes
The issue appears 100% reproducible.
The bootstrapper EXE is ~170 KB in size and launches normally,
but contains a broken Authenticode certificate table in the PE Optional Header.
The Security Directory (Address/Size) points past the end of the file, which
causes Windows signing APIs to reject signing attempts. Clearing this entry
fixes the issue, but manual patching is not ideal for production pipelines.
Tested with:
- Windows 10 and Windows 11
- Two different machines
- DigiCert Certificate Utility
- SignTool from Windows 11 SDK v10.0.26100.0