hoakley October 23, 2020 Macs, Technology

Why have my HP printers stopped working? How to check their software signature

Many users are today reporting that their HP printer software has suddenly stopped working, with worrying messages implying that their software is malicious and “will damage your computer”. Given the recent problems with MRT version 1.68, it’s easy to ascribe this to the same update, although this message clearly isn’t coming from MRT. Could it be that the XProtect update was also broken?

Thanks to the work of Thomas Reed at Malwarebytes, I can answer that this is completely unassociated with XProtect or MRT. You’re seeing that message because macOS is checking the signature on your HP printer software, and being told that its signing certificate has been revoked. What’s strange, though, is that this doesn’t appear to affect High Sierra and older versions of macOS.

If you ever see an error alert reporting this type of problem, first check the signature on the software that it refers to. If you’re not adept at doing that in Terminal, open my free ArchiChect, drag and drop the item onto it to see its report.

revocation

At the top of the text you’ll see a line starting with a No Entry sign: this indicates a serious signature error, in this case indicating the code signing certificate has been revoked. macOS therefore won’t allow you to run this software. You can’t argue, and should next wonder why this might have happened. Maybe this certificate is being abused on other software which is behaving maliciously? If you’re uncertain what’s going on, contact Apple Support, and the vendor of the software, who may be able to provide further information.

So why don’t earlier versions of macOS reflect the same revocation?

This may well be because they’re working with different databases. Until a year ago, we thought that the certificate revocation database was stored locally, in what we termed the Gatekeeper security database. As I’ve recently reported, that hasn’t been updated for over a year now, and Catalina doesn’t seem to even open it any more. So different versions of macOS may well behave differently when Apple revokes certificates.

Thomas Reed has raised this revocation with Apple. As soon as we know anything more, I’ll update this article. If you’re interested in Mac security, you might like to follow Thomas on Twitter, @thomasareed.

In the meantime, all you can do is make alternative arrangements to support any HP printers affected, I’m afraid.

Update: The previously revoked signature has now been unrevoked, as of the night of 24-25 October. Thanks to Mr Macintosh for spotting this. Your old HP printer software should now work correctly again.
(0750 UTC 25 October 2020)

According to an unnamed spokesperson at HP quoted by The Register, this revocation wasn’t an error by Apple, but HP had instructed Apple to revoke the certificate. Note that the first part of that article referring to XProtect isn’t accurate: this had nothing to do with XProtect at all.
(0805 UTC 25 October)

Further Update:

Despite the apparent un-revocation of the certificate, many HP users are still reporting problems which appear to be related to signature errors. I’ve checked my HP software here, from 2017, and although its apps and some of its code now passes checks, at least on of its frameworks (HPMonitoringDevice.framework) still returns an error 3, reporting “source=Unnotarized Developer ID”, and might fail to load when required in Catalina.

If you still have problems, please contact HP Support. There seems little or nothing that we can do about this, and its resolution rests in the hands of the developer of the software. If you do attempt any surgery yourself, for example by removing the certificates, please ensure that you have good backups and some means to restore them, or you could make your problems worse.

(2240 UTC 26 October)

Postscript (27 October 2020):

HP has now published a support article explaining what affected users should do to remedy this problem. I suspect this only works with its software for relatively recent printer models. Thanks to @macinteractive for drawing my attention to this.

125Comments

Add yours

1

JAO on October 27, 2020 at 1:55 pm

So frustrated – none of the solutions HP proposed worked for me. The matterhorn framework malware error till appears. Item prints anyway but I am tired of the popups. I have an HP Laserjet Pro M201dw

LikeLiked by 1 person
- 2
  
  Liam_T on October 27, 2020 at 3:31 pm
  
  Step 1:
  Delete the HP printer from System Preferences/Printers and Scanners
  
  Step 2:
  Download HP Easy Setup: https://123.hp.com/us/en/devices/setup
  Open it, but don’t run it (you should see the HP logo and “welcome to HP Easy Start”.
  Go to the top left, click on “HP Easy Start” menu (next to the apple menu), and select “Uninstall HP Software”
  Uninstall it all!
  Restart
  (Video here: https://www.youtube.com/watch?v=EZNvRqQUMzE )
  
  Step 2:
  Copy and paste this into the URL in your browser: http://ftp.hp.com/pub/softlib/software12/HP_Quick_Start/osx/Installations/Essentials/hp-printer-essentials-S-5_14_8_4.pkg
  (it might work if you just click on it)
  Run the HP Essentials program.. it does take a while, (don’t worry if it looks like it isn’t doing anything for a while)
  Restart
  
  Step 3:
  Use the HP Easy Setup you downloaded in step 1 to reinstall your printer
  
  Done!!!
  
  LikeLiked by 2 people
  - 3
    
    hoakley on October 27, 2020 at 5:48 pm
    
    Thank you.
    Howard.
    
    LikeLike
  - 4
    
    renglm on October 30, 2020 at 12:13 am
    
    I had an older HP printer in my list, that I didn’t use any more, working at a friend now.
    Didn’t have ANY complaints from my 10.14.6 – but had the MRT 1.68 problem on 3 (three) machines. Awful.
    On my working MBPro, I deleted MRT. Stopped the problems.
    In a macmini, I only uninstalled the older HP soft, as described here.
    MRT stopped immediately running crazily. IMMEDIATELY.
    Hope that helps.
    
    LikeLiked by 1 person
5

scott on October 27, 2020 at 1:58 pm

Thank you ‘hoakley’! for providing the updated link to apples updated drivers. Works perfectly now.
(Crazy that I had to search for new drivers and that apple or HP wouldn’t have blasted out a public FYI).

LikeLiked by 1 person
6

rob on October 28, 2020 at 7:00 am

HPPrinterDrivers5.1.dmg
go to website and download latest drivers at- support.hp.com

LikeLiked by 1 person
7

steve_c on October 28, 2020 at 4:37 pm

Thank you hoakley and Liam_T for the solution and detailed instructions. This worked perfectly!

LikeLiked by 1 person
8

David on November 2, 2020 at 11:25 am

Thanks @hoakley for explaining what happened here – wonder how many people have bought a new printer!?

I had a number of clients go into panic/meltdown over this and found the following works.

1. Use SilentKnight to check and update XProtect if required (just in case).
2. Download and install HP Drivers from Apple https://support.apple.com/kb/dl1888?locale=en_US
3. Delete HP Printer(s) from System Preferences > Printers & Scanners and then re-add the Printer(s) again (make sure the printer is on and connected via USB or on same WiFi as the Mac).

So far this has worked every-time.
Regards, David

LikeLiked by 1 person
- 9
  
  hoakley on November 2, 2020 at 12:52 pm
  
  Thank you.
  Howard.
  
  LikeLike
- 10
  
  April on November 6, 2020 at 5:54 pm
  
  Worked thanks 11/6/2020
  
  LikeLiked by 1 person
- 11
  
  Jo on November 20, 2020 at 11:07 pm
  
  At last, this works! Thanks
  
  LikeLiked by 1 person
12

Vernon Leonard on November 2, 2020 at 7:03 pm

After more than a couple attempts, I still had the danger-danger errors. I ended up having to uninstall the device and then deleting the “HP” folder and reinstall the drivers. No more warnings and I can print, but only in Black&White. Hopefully that is something simple.

LikeLiked by 3 people
13

HPDM framework danneggerà il tuo computer | kOoLiNuS ☞ il blog on November 7, 2020 at 5:30 pm

[…] https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-softw… […]

LikeLike
14

Paula Anne Hefty on November 18, 2020 at 3:57 pm

Any help with this? Even Best Buy’s Geek squad could not fix. It came back in one day. Is there a way to contact HP?

LikeLiked by 1 person
- 15
  
  hoakley on November 18, 2020 at 3:59 pm
  
  Yes: HP offers several support options through its national websites.
  Howard
  
  LikeLike
- 16
  
  David on November 18, 2020 at 4:39 pm
  
  Hi Paula, see my comment above for details ~ first make sure your Mac is up to date and then re-install the HP drivers and if required, delete and re-add your printer(s) again.
  
  Regards, David
  
  LikeLiked by 1 person
17

Gary on November 19, 2020 at 6:46 pm

Environment: MacBook Pro with macOS Catalina; HP Officejet Pro 8600 Plus.
Problems: could not start scanning initiated from MacBook. After following some instructions on the Internet, could not print anymore.

Here are the steps that solve the above problems:
1. Launch a terminal on MacBook;
2. sudo -i
3. ********** <= Here, enter your MacBook login password;
4. cd /Library/Printers
5. rm -rf hp <= the folder name could be different on your system. It could be named as HP or something similar;
6. Restart the MacBook;
7. Try to print a simple page from MacBook by selecting HP Officejet Pro printer on any application;
8. The printer service will prompt a message box saying that some of the software for the printer is no available and needs to be installed. Click 'OK' to continue;
9. After the printer service finishes the printer driver installation, it starts to print;
10 Done;

Note: In step 5, the deleted folder won't be in Trash bin so it cannot be recovered. Make sure your environment matches the description above.

LikeLiked by 1 person
18

matzo on November 21, 2020 at 10:34 am

Things seem to have gotten worse after updating to Big Sur. Some printers, such as Photosmart Wireless B109n-z are not supported by HP easystart on mac OS X 11 (Big Sur).
Even worse, the apple provided package on https://support.apple.com/kb/DL1888?locale=en_IN which floats around as an answer for many, doesn’t work either! It refuses to install.
I eventually had to manually extract the .pkg file in that apple provided .dmg using pkgutil –expand-full and manually extract the .ppd file for my device from the extracted .pkg at $extractiondir$/HewlettPackardPrinterDrivers.pkg/Payload/Library/Printers/PPDs/Contents/Resources

I then had to copy that to the same machine’s /Library/Printers/PPDs/Contents/Resources folder. Furthermore, make sure to have drivers for a different hp printer installed, so that you have the correct hp extensions and all that.

Then I could install the printer, after which it complained that the software was not installed ‘correctly’ and I had to let my mac automatically fix the printer system / permission settings. Only then did my printer succesfully install and work!

Photosmart Wireless B109n-z is not an airprint enabled printer, so without the ppd file, you have jump through hoops using it as a PCL printer, which becomes even more difficult if you want to print in color.

LikeLiked by 1 person
- 19
  
  matzo on November 21, 2020 at 10:39 am
  
  Also, as a .ppd file contains the necessary postscript code to invoke the features of the printer, I suspect many printers will probably perform most actions correctly once you have installed the ppd file. So it might not be necessary to ‘make sure to have drivers for a different hp printer installed’, certainly if you don’t want to make use of any of the proprietary (bloatware?) software hp and other printer manufacturers deliver with the drivers.
  
  LikeLiked by 1 person
- 20
  
  hoakley on November 21, 2020 at 12:21 pm
  
  Thank you.
  As I detailed here two years ago, Apple only supports AirPrint now, and introduced that with Mojave. As manufacturers like HP have been supplying printers with AirPrint for many years now – I think all HP models for the last ten years should support it – their support of such legacy printers is also waning.
  If you do still need a printer, maybe it’s time to replace it?
  Howard.
  
  LikeLike
21

macman2015 on November 21, 2020 at 6:30 pm

I had this problem also and wrote a blog post about how to fix it.

https://christianboyce.com/get-rid-of-hpdevicemonitoring-framework-will-damage-your-computer-pop-ups/

That should do it. Worth a try if nothing else has worked! Actually I’d try this first, as it’s easier than the other solutions I’ve seen.

LikeLiked by 1 person
- 22
  
  hoakley on November 21, 2020 at 7:59 pm
  
  Thank you.
  I should point out that the problem with those certificates isn’t that they have expired: so long as a certificate is valid at the time the code is signed, expiry of the certificate doesn’t matter. The problem is that the certificate(s) were accidentally revoked, as if they had been compromised.
  Howard.
  
  LikeLike
23

Peter K. Bachmann on November 26, 2020 at 2:35 pm

I recently (20. Nov 2020) updated from MacOS Catalina to MacOS Big Sur. This is when my (old but good) HP Color LaserJet CP1515n stopped working. Analysis indicates that an expired certificate is the reason. HP does not respond nor do they offer a driver that solves the problem. Other HP printers on our network work fine and th CP1515n printer still works fine when printing is done from other, older version of MacOS. Where, please, can I get a solution for this problem that it only caused by insufficient communication and performance of HP and Apple. I always thought these are decent companies (I had my fisrt Mac in 1985 and my first HP printer not much later)
asks
Peter

LikeLiked by 1 person
- 24
  
  macman2015 on November 26, 2020 at 3:14 pm
  
  Are you having the same issue as others here– pop-ups saying the HP software will damage your computer?
  
  LikeLiked by 1 person
  - 25
    
    Peter K. Bachmann on November 26, 2020 at 4:57 pm
    
    Yes, MacMan. Messages such as “hpPostProcessing.bundle“ will damage your computer” pop up…and printing is refused. This is, according to what I read, caused by an expired certificate for the HP printer software. Deleting this software is possible, but reinstallation would require a driver for printer HP Color LaserJet Cp1515n that is compatible with MacOS 11.x (Big Sur). To date HP offers for this printer only a driver for MacOS 10.11. It is really too silly as it seems to be just an agreement issue between Apple an HP rather than a technical problem. Any solution for this?
    asks Peter
    
    LikeLiked by 1 person
    - 26
      
      hoakley on November 26, 2020 at 5:31 pm
      
      Those messages aren’t the result of a certificate expiring: software continues to run just fine when that happens. It’s because the certificate was revoked, apparently by HP, as I explained above.
      Please review the suggestions above: I hope you discover one that works for you.
      Howard.
      
      LikeLike
    - 27
      
      macman2015 on November 26, 2020 at 5:40 pm
      
      MAYBE you can use the Gutenprint driver for your printer. Here’s a link to the page showing that there’s at least an “experimental” driver for your printer:
      
      http://gimp-print.sourceforge.net/p_Supported_Printers.php
      
      And here’s the link to the main Gutenprint page:
      
      http://gimp-print.sourceforge.net/MacOSX.php
      
      Worth a try. Let us know how it goes.
      
      LikeLiked by 1 person
    - 28
      
      hoakley on November 26, 2020 at 5:42 pm
      
      Is Gutenprint compatible with Big Sur?
      Howard
      
      LikeLike
- 29
  
  hoakley on November 26, 2020 at 5:26 pm
  
  I’m sorry to hear that.
  This isn’t because of an expired certificate. As I’ve explained above, the certificate has been revoked. Although Apple has reinstated it, some users continue to report problems.
  Big Sur (as with Catalina) only support AirPrint printers. There are several helpful suggestions as to how you could get your printer working again, given in the comments above. There are also HP support notes which are linked to. As my HP printer does support AirPrint, I’m afraid that I haven’t tried any of them, so can’t recommend which is best. I recommend that you browse the comments and consider their suggestions.
  I wish you success,
  Howard.
  
  LikeLike
30

Peter K. Bachmann on November 26, 2020 at 5:59 pm

MacMan and Hoakley, GREAT JOB!! the Gutenprint driver solution worked immediately
I simply deleted (-) my printer from the list of printers, re-added it selecting the downloaded Gutenprint driver…and here we go: printing problem solved! Thanks mucho for the quick and perfect support….better than any Apple or HP support line!
Cheers from Berlin, Germany
Peter

LikeLiked by 1 person
- 31
  
  Christian Boyce on November 26, 2020 at 6:02 pm
  
  Your message made my day! Happy Thanksgiving from California, USA.
  
  LikeLiked by 1 person