To resolve this issue, upgrade the agent to version 20.0.0-5394 (20 LTS Update 2022-08-29).
Deep Security20.0 , Cloud One - Endpoint and Workload SecurityAll
The DSA version 20.0.0-5137 for Windows uses the Microsoft Identity Verification Root Certificate Authority 2020 root certificate. When upgrading or installing the agent to this build, you may encounter a signature validation failure even after importing the root certificate.
This signature validation failure may result to the error:
"Software Update: Anti-Malware Windows Platform Update Failed."
This issue was identified due to the incorrect parameter to the sign check mechanism and it started to occur on build 20.0.0-5137 after September 2, 2022. From the web console, you may encounter an alert with details about the certificate not being verified:
"Remove the failed installation and try another agent version after removing the failed installation. If the issue persists, prepare a diagnostic package and contact support."
You can also validate this when you check the ds_agent.log and see the Cert precheck report error.
2022-09-08 14:56:46.941794 [+0800]: [CERT/5] | Cert precheck report: The certificate could not be verified. Remove the failed installation and try another agent version after removing the failed installation. If the issue persists, prepare a diagnostic package and contact support. | Amsp\AMSP_SignInfoHelper.cpp:164:TmPluginSignCheckInfo::GetTmPluginSignCheckResultString | F1C:55C:dsp.am.service
To resolve this issue, upgrade the agent to version 20.0.0-5394 (20 LTS Update 2022-08-29).
