It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.
Source: Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass
…