This change will have the following impact scope:

• Impacted Operating Systems – There is basically no impact on newer OS and only older OS will be impacted since they do not support SHA2. The impacted OS are as follows:

  • Client OS

    • Windows XP or older
    • Windows Vista without KB4493730 and KB447441
    • Windows 7 without KB4474419 and KB4490628

  • Server OS

    • Windows Server 2003 or older
    • Windows Server 2008 without KB4493730 and KB4474419
    • Windows Server 2008 R2 without KB4474419 and KB4490628

• Impacted Scenarios – The following scenarios will likely be affected by this change:

  SCENARIO	WORKAROUND(s)
  Applying a Hotfix or Patch You will not be able to apply TMSL 2.0 hotfix and patches created after January 2021 on TMSLs installed on Windows OS that do not support SHA2 code signing.	Add the hotfix module to the Approved List.
  Applying a Hotfix or Patch remotely via SLIM You will not be able to apply TMSL 2.0 hotfix and patches created after January 2021 via SLIM unless you have TMSL Agent 2.0 SP1 Patch 4.	For TMSL Agent versions <= 2.0 SP1 Patch 2, apply 2.0 SP1 Patch 4. For TMSL Agent version = 2.0 SP1 Patch 3, apply 2.0 SP1 Patch 4 then apply Hotfix for Disabling a Signature Verification. For TMSL Agent version coming from 2.0 SP1 Patch 3 then upgraded to 2.0 SP1 Patch 4, apply Hotfix for Disabling a Signature Verification.
  TMPS Interoperability TMPS devices built after January 1, 2021.	Add TMPS related modules (including the copies on Local Temp) to TMSL 2.0 Approved List or Trusted Hash. Disabled USB Malware Protection.
  TMSUB Interoperability TMUSB devices built after January 1, 2021	Add the drive letter of TMUSB’s drive to the Exception Path List of Application Lockdown and run the TMUSB module manually.

For any questions or concerns, please contact your assigned Customer Service Manager or Trend Micro Technical Support.