Snagit (Windows): SnagPriv.exe does not start

Problem

Snagit displays the error "Unable to start SnagPriv.exe" on startup.

snagIt_error.png

Solution

Personal Computer

On a personal computer, change SnagPriv.exe to run as an administrator.

  1. Open the Snagit install directory. By default, the install directory is: C:\Program Files\Techsmith\

    For Snagit 13 and earlier, the default install directory is C:\Program Files (x86)\Techsmith\ on 64-bit computers.

  2. Open the Snagit folder.
  3. Locate SnagPriv.exe, and right-click and choose Properties > Compatibility.
  4. Select Run this program as an administrator and click Apply.

IT Department / Administrator

If there are multiple users within your organization with this problem, there may be a third party conflict, or a security policy in place that is preventing the EXE from starting.

Reason 1: Third Party Conflicts

Some third party security policies and software may cause this error. Temporarily disable the security software to rule out a potential conflict. We have seen these programs cause this problem.

  • Entrust software

If you identify another third party program that is causing this conflict that is not listed here, please submit a support ticket with us so we can update our documentation.

Reason 2: Unable to Check CRL

This can be caused by an invalid value of a specific registry key that Microsoft relies on to check for valid certificates.  The registry key in question is below. This setting can also be found in the Control Panel > Internet Options > Advanced.

This may be a setting that you wish to clear with your internal security team to verify that it it acceptable within your environment.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

The 'State' key needs to be set to 0x00023c00 per this MS KB article in order to check for the publisher's certificate revocation list.  If this registry key is set to anything other than 0x00023c00 it may cause the error.

We have found multiple things such as .NET upgrades, Windows Updates, Group Policy updates, and others can accidentally modify the value of this key.

Reason 3: Unable to Verify Digital Signature

If the computer is unable to verify the digital signature of the executable, then it will fail to launch. To check if the signature is able to verify, follow these steps.

  1. Open the Snagit install directory. By default, the install directory is: C:\Program Files\Techsmith\

    For Snagit 13 and earlier, the default install directory is C:\Program Files (x86)\Techsmith\ on 64-bit computers.

  2. Open the Snagit folder.
  3. Locate SnagPriv.exe, and right-click and choose Properties > Digital Signatures.
  4. Select the signature from the list and click Details. This details window should show the status of the verification of the digital signature.
    2018-06-06_13-58-35.png

Success Example:

checkok.png

Failure Example:

checkfail.png

If the signature is not able to be verified, there may be something blocking that verification on the local computer or within the environment.

Suggestions

Do not attempt these suggestions without first consulting with your internal IT and security teams.

  1. Make sure the DigiCert Root CA's are installed and trusted within your environment.
  2. Make sure that the entire certificate chain is installed and trusted on the machine. This can be found in the Digital Signature Details window, by selecting View Certificate > Certification Path.
  3. Make sure the following update is installed on the system: https://docs.microsoft.com/en-us/security-updates/securityadvisories/2015/3033929
  4. Contact local security team to investigate if there is a local policy that is preventing the signature from being verified.
  5. Reinstall the root certificates.
  6. Contact Microsoft Support.