Secure Admin Service

By Stephen Kellett
19 February, 2026

This article explains the recent changes to the SVL Admin Service and to the SVL Build Service to make our tools and our services much more secure.

History

April 2002 to May 2014

All actions required by a Software Verify Tool were performed directly by that tool. 

May 2014

SVL Admin Service provides functionality for various Software Verify tools that these tools cannot do running as a standard user application. 

We wrote about this work as “An end to unwanted UAC prompts”.

February 2024

During February 2024 ago we changed all the access controls on files and pipes that our tools and services use to restrict access to just the users that need to use them.

The problem we wanted to solve

We wanted to prevent the SVL Admin Service and the SVL Build Service from being used by bad actors as a means to attack a computer.

To do this we have:

  • Encrypted the communication between any Software Verify tool and the SVL Admin Service.
  • Encrypted the communication between Visual Studio Project Builder and the SVL Build Service.
  • We’ve also replaced any commands that had the potential for abuse with commands dedicated to specific tasks that can’t be changed to something malicious.
  • We’ve also added command verification steps to ensure the appropriate digital signatures are present before we execute them or copy them.

Why we’ve made this change

When we implemented the communication scheme between our tools and the SVL Admin Service we didn’t really think about the security implications as to use these pipes you’d need to know what data we send down them and have access to them as a user.

However, recent attacks on various computer systems, plus studying what malware authors are doing led us to conclude that we should encrypt our comms to make it very hard to monitor the comms between our tools and the service, and also make it very hard to send malicious commands to the service. The services now verify the calling application and all parameters and reject any command where the input parameters cannot be safely verified.

Are my computers at risk?

Software Verify’s footprint worldwide is quite small. Our tools are used worldwide, but we’re only used on developer machines and the occasional customer machine. Our tools aren’t like Notepad++ which is distributed massively around the world. Notepad++ is a great tool and that widespread distribution made it a prime candidate for an attack. This was one of the events which prompted us to improve the security of the SVL Admin Service and SVL Build Service.

Because our tools are not massively distributed, and are more than likely distributed on target machines that are not that valuable to a bad actor (not a C-suite machine), the ROI of attacking our tools now that we’ve made it much harder probably means it’s not worth attacking a machine hoping that our tools are installed on that machine. There are easier, more widely available targets for bad actors to go for.

That said, we strongly recommend updating to the most recent version of the tools released after 18/02/2026.

Please note: The Python tools are legacy tools and cannot be updated. We’ll be releasing some Python capable tools to replace these later this year.

When will this change happen?

The SVL Admin Service will be upgraded when you install any of our tools downloaded from our website after 18/Feb/2026.

Consequences

The consequences of securing the comms between our tools and the SVL Admin Service are that once you’ve upgraded the service any already existing Software Verify tool that needs to use the SVL Admin service will be unable to communicate with the service because it will still be communicating with no encryption.

To fix this you will need to update each tool that uses the SVL Admin Service.

You can do this by:

  • Running the tool and doing Check for Updates… from the Software Updates menu
  • For free tools: Go to the appropriate software tool page and download the tool again, then install it
  • For commercial tools: Login to the authorised downloads area and download the tool and install. Check your email for details

What happens if I continue trying to use a tool without updating it?

The tool you are using may work for many of it’s actions, but any action that requires communicating with the SVL Admin Service will fail.

Any tool that tries to communicate with the encrypted SVL Admin Service without being updated will be shown this message.

Message about failing to communicate with the SVL Admin Service

If you see this dialog, choose No, then update the tool you are trying to use by downloading a new version from the website.

How do I know which tools to update?

All our tool installers ship with a small utility which will check your machine for previous installs of our tools. These will be checked to determine if they can communicate securely with the SVL Admin Service. If they cannot communicate securely the utility will display a dialog box listing the names of the tool you need to update.

Install Secure Service Checker

What should I do next?

Find all Software Verify tools installed on your computers and update all of them to the most recent version.

 

Additional Reading

Improve your software quality.

Application, Service or Webserver? Native, .Net, .Net Core or Mixed Mode?

Interactive, command line, build server or test suite?

Debug your hardest problems using our software tools.

Try Our Tools

Fully functional, free for 30 days