As communicated by Microsoft on August 13, 2019, all legacy Windows update signatures changed from SHA-1 and dual signed (SHA-1/SHA-2) to SHA-2 only.
Correspondingly, starting on January 1st, 2020, drivers used by the Deep Security Agents on Windows will only be signed using SHA-2 by Microsoft (and no longer dual signed using SHA1 and SHA2).
Customers who are using Deep Security to protect legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) are required to have SHA-2 code signing support installed on their servers to order to successfully install or upgrade the Deep Security Agent for Windows.
|Windows Platform||Affected Deep Security Agent Versions||Required Microsoft Security Updates|
|Windows 2003 Server||10.0||KB2868626|
|Windows Server 2008 (32-bit and 64-bit)||10.0, 11.0, 12.0, 20.0||KB2763674, KB4474419|
|Windows Server 2008 R2 (64-bit)||10.0, 11.0, 12.0, 20.0||KB3033929, KB4490628|
|Windows 7 (32-bit and 64-bit)||10.0, 11.0, 12.0, 20.0||KB3033929, KB4490628|
If you have any questions or concerns, please contact Trend Micro Technical Support directly or your assigned Customer Service Manager. Any servers that do not have the required Microsoft hotfixes for SHA-2 support will not be able to complete the installation process when attempting to install or upgrade the Deep Security Agent for Windows.