SHA1 code signing has been reported to have security concerns. Therefore, Trend Micro SafeLock 2.0 will stop supporting this and will only continue to support SHA2 code signing moving forward. This change will take effect on hotfix and patches released after January 1, 2021.
This change will have the following impact scope:
Impacted Operating Systems – There is basically no impact on newer OS and only older OS will be impacted since they do not support SHA2. The impacted OS are as follows:
- Windows XP or older
- Windows Vista without KB4493730 and KB447441
- Windows 7 without KB4474419 and KB4490628
- Windows Server 2003 or older
- Windows Server 2008 without KB4493730 and KB4474419
- Windows Server 2008 R2 without KB4474419 and KB4490628
Impacted Scenarios – The following scenarios will likely be affected by this change:
Applying a Hotfix or Patch
You will not be able to apply TMSL 2.0 hotfix and patches created after January 2021 on TMSLs installed on Windows OS that do not support SHA2 code signing.
- Add the hotfix module to the Approved List.
Applying a Hotfix or Patch remotely via SLIM
You will not be able to apply TMSL 2.0 hotfix and patches created after January 2021 via SLIM unless you have TMSL Agent 2.0 SP1 Patch 4.
- For TMSL Agent versions <= 2.0 SP1 Patch 2, apply 2.0 SP1 Patch 4.
- For TMSL Agent version = 2.0 SP1 Patch 3, apply 2.0 SP1 Patch 4 then apply Hotfix for Disabling a Signature Verification.
- For TMSL Agent version coming from 2.0 SP1 Patch 3 then upgraded to 2.0 SP1 Patch 4, apply Hotfix for Disabling a Signature Verification.
TMPS devices built after January 1, 2021.
- Add TMPS related modules (including the copies on Local Temp) to TMSL 2.0 Approved List or Trusted Hash.
- Disabled USB Malware Protection.
TMUSB devices built after January 1, 2021
- Add the drive letter of TMUSB’s drive to the Exception Path List of Application Lockdown and run the TMUSB module manually.
For any questions or concerns, please contact your assigned Customer Service Manager or Trend Micro Technical Support.