Due to the weaknesses found in the SHA-1 code-signing algorithm, SHA-2 is now the preferred method. To protect the security of the Windows operating system, Microsoft has adopted the use of SHA-2 algorithm exclusively. For more information, refer to the Microsoft article: 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
For Windows 7 and Windows Server 2008 R2 to support SHA-2 code signing, the following Microsoft patches are required:
-
Windows server 2008 R2 SP2:
- KB4474419
- KB4493730
-
Windows server 2008 R2 SP1, Windows 7:
- KB4474419
- KB4490628
Recommendation
Customers using the following Trend Micro products who are using Windows 7 or Windows server 2008 R2 Virtual Analyzer (VA) image must apply the appropriate Microsoft patches:
- Trend Micro Deep Discovery Inspector (DDI)
- Trend Micro Deep Discovery Email Inspector (DDEI)
- Trend Micro Deep Discovery Analyzer (DDAN)
- Trend Micro Deep Discovery Web Inspector (DDWI)
- Trend Micro Deep Discovery Director (DDD)
For information on how to verify which Microsoft patches are installed on virtual analyzer, refer to KB article: How to check which Microsoft Patches are applied on Virtual Analyzer.
Additional Details
Virtual Analyzer sensor driver, which was signed using a Windows SHA-1 certificate will expire on April 15, 2021. Applying the MS patches on or before April 15, 2021 will ensure best sandbox detection and using the latest VA sensor driver version that is signed using SHA-2.
However, for users who cannot apply the appropriate MS patches before April 15, 2021, Trend Micro has released an update Virtual analyzer sensor driver on Mar 19, 2021 with the following module and version:
- Component: Virtual Analyzer Sensor
- Version: 6.0.5132
After the manual update or scheduled update, confirm your product uses Virtual Analyzer Sensor 6.0.5132 or above.
This Virtual Analyzer sensor driver will use an older version which is still compatible with Windows 7 and Windows 2008 R2 even though the MS patches have not been applied. This old driver will only be supported until Oct 15, 2021. This is to give enough time for users to apply the MS patches.
For users with Windows server 2008 as VA image, upgrade first to Windows server 2008 R2 then apply the appropriate MS patch.
For support assistance, please contact Trend Micro Technical Support.