diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/PfxAsn.manual.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/PfxAsn.manual.cs
index b20fa4e016073ce49ad665a262aaa0539b1c48f7..b934884323724de300f4396758c0a149d774577a 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/PfxAsn.manual.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/PfxAsn.manual.cs
@@ -249,6 +249,12 @@ private static ArraySegment<byte> DecryptContentInfo(ContentInfoAsn contentInfo,
                         default,
                         encryptedData.EncryptedContentInfo.EncryptedContent.Value.Span,
                         destination);
+
+                    // When padding happens to be as expected (false-positive), we can detect gibberish and prevent unexpected failures later
+                    // This extra check makes it so it's very unlikely we'll end up with false positive.
+                    AsnValueReader outerSafeBag = new AsnValueReader(destination.AsSpan(0, written), AsnEncodingRules.BER);
+                    AsnValueReader safeBagReader = outerSafeBag.ReadSequence();
+                    outerSafeBag.ThrowIfNotEmpty();
                 }
                 catch
                 {
@@ -259,6 +265,12 @@ private static ArraySegment<byte> DecryptContentInfo(ContentInfoAsn contentInfo,
                         default,
                         encryptedData.EncryptedContentInfo.EncryptedContent.Value.Span,
                         destination);
+
+                    // When padding happens to be as expected (false-positive), we can detect gibberish and prevent unexpected failures later
+                    // This extra check makes it so it's very unlikely we'll end up with false positive.
+                    AsnValueReader outerSafeBag = new AsnValueReader(destination.AsSpan(0, written), AsnEncodingRules.BER);
+                    AsnValueReader safeBagReader = outerSafeBag.ReadSequence();
+                    outerSafeBag.ThrowIfNotEmpty();
                 }
             }
             finally
diff --git a/src/libraries/Microsoft.Windows.Compatibility/src/Microsoft.Windows.Compatibility.csproj b/src/libraries/Microsoft.Windows.Compatibility/src/Microsoft.Windows.Compatibility.csproj
index ead61c8d31e349dc032277bc42ebea0a31a73503..6d4340447e966e5edd2b3753e6342efe5d009191 100644
--- a/src/libraries/Microsoft.Windows.Compatibility/src/Microsoft.Windows.Compatibility.csproj
+++ b/src/libraries/Microsoft.Windows.Compatibility/src/Microsoft.Windows.Compatibility.csproj
@@ -5,8 +5,8 @@
     <!-- Reference the outputs for the dependency nodes calculation. -->
     <NoTargetsDoNotReferenceOutputAssemblies>false</NoTargetsDoNotReferenceOutputAssemblies>
     <IsPackable>true</IsPackable>
-    <GeneratePackageOnBuild>false</GeneratePackageOnBuild>
-    <ServicingVersion>3</ServicingVersion>
+    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <ServicingVersion>4</ServicingVersion>
     <!-- This is a meta package and doesn't contain any libs. -->
     <NoWarn>$(NoWarn);NU5128</NoWarn>
     <PackageDescription>This Windows Compatibility Pack provides access to APIs that were previously available only for .NET Framework. It can be used from both .NET as well as .NET Standard.</PackageDescription>
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj
index d94830c0d850f8b39ea44b4ee1e1994daa08defc..d61b1b0d20525c4d36ddcf05c285fa81a0fe6c80 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj
@@ -7,8 +7,8 @@
     <NoWarn>$(NoWarn);CA5384</NoWarn>
     <IsPackable>true</IsPackable>
     <!-- If you enable GeneratePackageOnBuild for this package and bump ServicingVersion, make sure to also bump ServicingVersion in Microsoft.Windows.Compatibility.csproj once for the next release. -->
-    <GeneratePackageOnBuild>false</GeneratePackageOnBuild>
-    <ServicingVersion>2</ServicingVersion>
+    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <ServicingVersion>3</ServicingVersion>
     <PackageDescription>Provides support for PKCS and CMS algorithms.
 
 Commonly Used Types: