Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro SafeLock 2.0 End of Support for SHA1 signature

    • Updated:
    • 4 Jun 2021
    • Product/Version:
    • Safe Lock 2.0
    • Platform:
Summary

SHA1 code signing has been reported to have security concerns. Therefore, Trend Micro SafeLock 2.0 will stop supporting this and will only continue to support SHA2 code signing moving forward. This change will take effect on hotfix and patches released after January 1, 2021.

Details
Public

This change will have the following impact scope:

  • Impacted Operating Systems – There is basically no impact on newer OS and only older OS will be impacted since they do not support SHA2. The impacted OS are as follows:

    • Client OS

      • Windows XP or older
      • Windows Vista without KB4493730 and KB447441
      • Windows 7 without KB4474419 and KB4490628
    • Server OS

      • Windows Server 2003 or older
      • Windows Server 2008 without KB4493730 and KB4474419
      • Windows Server 2008 R2 without KB4474419 and KB4490628
  • Impacted Scenarios – The following scenarios will likely be affected by this change:

    SCENARIOWORKAROUND(s)

    Applying a Hotfix or Patch

    You will not be able to apply TMSL 2.0 hotfix and patches created after January 2021 on TMSLs installed on Windows OS that do not support SHA2 code signing.

    • Add the hotfix module to the Approved List.

    Applying a Hotfix or Patch remotely via SLIM

    You will not be able to apply TMSL 2.0 hotfix and patches created after January 2021 via SLIM unless you have TMSL Agent 2.0 SP1 Patch 4.

    • For TMSL Agent versions <= 2.0 SP1 Patch 2, apply 2.0 SP1 Patch 4.
    • For TMSL Agent version = 2.0 SP1 Patch 3, apply 2.0 SP1 Patch 4 then apply Hotfix for Disabling a Signature Verification.
    • For TMSL Agent version coming from 2.0 SP1 Patch 3 then upgraded to 2.0 SP1 Patch 4, apply Hotfix for Disabling a Signature Verification.

    TMPS Interoperability

    TMPS devices built after January 1, 2021.

    • Add TMPS related modules (including the copies on Local Temp) to TMSL 2.0 Approved List or Trusted Hash.
    • Disabled USB Malware Protection.

    TMSUB Interoperability

    TMUSB devices built after January 1, 2021

    • Add the drive letter of TMUSB’s drive to the Exception Path List of Application Lockdown and run the TMUSB module manually.

For any questions or concerns, please contact your assigned Customer Service Manager or Trend Micro Technical Support.

Premium
Internal
Partner
Rating:
Category:
Update; SPEC
Solution Id:
000286675
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.