diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index c320870..0a2f687 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -430,21 +430,10 @@ jobs:
             --url "https://www.azcomputerguru.com" \
             --replace \
             guruconnect.exe
-          echo "[OK] Signing command completed"
-
-      - name: Verify signature present (fail release if unsigned)
-        run: |
-          set -euo pipefail
-          echo "[INFO] Verifying Authenticode signature is present"
-          # jsign's --info on a signed PE lists the signature(s); fail if none reported.
-          OUT="$(java -jar /tmp/jsign.jar --info guruconnect.exe 2>&1 || true)"
-          echo "$OUT"
-          if echo "$OUT" | grep -qiE 'signature|signer|signed'; then
-            echo "[OK] Signature present"
-          else
-            echo "[ERROR] No signature detected on guruconnect.exe - refusing to publish unsigned binary"
-            exit 1
-          fi
+          echo "[OK] guruconnect.exe signed via Azure Trusted Signing"
+          # Fail-closed: this step uses `set -euo pipefail` and jsign exits non-zero if signing
+          # fails, so reaching this line guarantees the binary was signed. jsign has no `--info`
+          # subcommand, so do NOT add a separate jsign-based verify step (that was the bug).
 
       - name: Compute SHA-256 of signed binary
         id: sha