#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The PS_PROTECTED_SIGNER enumeration defines the types of signers that can be associated with a protected process.
 */
typedef enum _PS_PROTECTED_SIGNER
{
    PsProtectedSignerNone,          // No signer.
    PsProtectedSignerAuthenticode,  // Authenticode signer.
    PsProtectedSignerCodeGen,       // Code generation signer.
    PsProtectedSignerAntimalware,   // Antimalware signer.
    PsProtectedSignerLsa,           // Local Security Authority signer.
    PsProtectedSignerWindows,       // Windows signer.
    PsProtectedSignerWinTcb,        // Windows Trusted Computing Base signer.
    PsProtectedSignerWinSystem,     // Windows system signer.
    PsProtectedSignerApp,           // Application signer.
    PsProtectedSignerMax
} PS_PROTECTED_SIGNER;

#endif
#endif
View code on GitHub

The enumeration defines the strength and type of the signature for the process.

Known values

PsProtectedSignerNone (0) - the process has no signature that grants it protection.
PsProtectedSignerAuthenticode (1) - the process has an Authenticode signature.
PsProtectedSignerCodeGen (2) - the process has a Code Generation signature.
PsProtectedSignerAntimalware (3) - the process has an Antimalware signature.
PsProtectedSignerLsa (4) - the process has an LSA signature.
PsProtectedSignerWindows (5) - the process has a Windows signature.
PsProtectedSignerWinTcb (6) - the process has an WinTCB (trusted computer base) signature.
PsProtectedSignerWinSystem (7) - the process has an WinSystem signature.
PsProtectedSignerApp (8) - the process has a Store Application signature.

PS_PROTECTED_SIGNER - NtDoc

Known values

See also