diff --git a/.github/workflows/build_viewer.yml b/.github/workflows/build_viewer.yml
index 18d2cb557e..fec716a74d 100644
--- a/.github/workflows/build_viewer.yml
+++ b/.github/workflows/build_viewer.yml
@@ -6,6 +6,10 @@ on:
         description: 'Include tracy profiling builds'
         required: false
         default: 'false'
+      override_signing:
+        description: 'Manual builds are not signned by default. Force code signing for this run.'
+        required: false
+        default: 'false'
   push:
     branches:
       - "Firestorm*.*.*"
@@ -141,7 +145,18 @@ jobs:
           echo "Building for channel ${FS_RELEASE_CHAN}"
           viewer_channel=${FS_RELEASE_CHAN}
         shell: bash
-        
+      - name: Check if release type is signable
+        if: runner.os == 'Windows'
+        run: |
+          if [[ "${FS_RELEASE_TYPE}" == "Release" || "${FS_RELEASE_TYPE}" == "Beta" ]]; then
+            CODESIGNING_ENABLED=true
+          else
+            CODESIGNING_ENABLED=false
+          fi
+          echo "CODESIGNING_ENABLED=${CODESIGNING_ENABLED}" >> $GITHUB_ENV
+          echo "Codesigning enabled: ${CODESIGNING_ENABLED}"
+        shell: bash
+    
       - name: Get the code
         uses: actions/checkout@v4
         with:
@@ -261,7 +276,7 @@ jobs:
           done
         shell: bash
 
-      - name: Set expiration days based on FS_RELEASE_TYPE
+      - name: Set expiration days and codesigning based on FS_RELEASE_TYPE
         run: |
           case "${{ env.FS_RELEASE_TYPE }}" in
             "Nightly" | "Manual" | "Profiling")
@@ -315,8 +330,8 @@ jobs:
             }' > ${{github.workspace}}/metadata.json
           echo "CODESIGNING_METADATA_PATH=${{github.workspace}}/metadata.json" >> $env:GITHUB_ENV            
         shell: pwsh
-      - name: Validate Windows 10 SDK version and find signtool.exe
-        if: runner.os == 'Windows'
+      - name: Validate Windows 10 SDK version and find signtool.exe IFF codesigning is enabled for these builds or overridden
+        if: ${{ runner.os == 'Windows' && (env.CODESIGNING_ENABLED == 'true' || github.event.inputs.override_signing == 'true') }}
         id: validate-sdk
         run: |
           try {
diff --git a/indra/newview/fs_viewer_manifest.py b/indra/newview/fs_viewer_manifest.py
index 8b5d354618..1bff85c928 100644
--- a/indra/newview/fs_viewer_manifest.py
+++ b/indra/newview/fs_viewer_manifest.py
@@ -63,10 +63,13 @@ class FSViewerManifest:
         signtool_path = os.getenv('SIGNTOOL_PATH')
         codesigning_dlib_path = os.getenv('CODESIGNING_DLIB_PATH')
         metadata_file = os.getenv("CODESIGNING_METADATA_PATH")
+        # at some point we might want to sign other DLLs as well.
         executable_paths = [
-            self.args['configuration'] + "\\firestorm-bin.exe",
+            # self.args['configuration'] + "\\firestorm-bin.exe", # no need to sign this we are not packaging it.
             self.args['configuration'] + "\\slplugin.exe",
             self.args['configuration'] + "\\SLVoice.exe",
+            self.args['configuration'] + "\\llwebrtc.dll",
+            self.args['configuration'] + "\\llplugin\\dullahan_host.exe",
             self.args['configuration'] + "\\" + self.final_exe()
         ]
 
@@ -82,6 +85,7 @@ class FSViewerManifest:
                     "/tr", "http://timestamp.acs.microsoft.com", "/td", "SHA256",
                     "/dlib", codesigning_dlib_path, "/dmdf", metadata_file, exe_path
                 ], stderr=subprocess.PIPE, stdout=subprocess.PIPE)
+                print(f"Signed {exe_path}")
             except Exception as e:
                 print(f"Couldn't sign binary: {exe_path}. Error: {e}")