Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Updating the VeriSign, DigiCert, USERTrust RSA certificate on Deep Security

    • Updated:
    • 23 May 2021
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 11.0
    • Deep Security 12.0
    • Platform:
    • N/A
Summary

The Anti-Malware Solution Platform (AMSP) of Deep Security Agent (DSA) uses VeriSign, DigiCert and USERTrust RSA cert for its digital signature. Use this update procedure if you have not enabled Windows update and you have installed Deep Security Agent in an isolated network environment.

This will ensure that the VeriSign, DigiCert and USERTrust RSA certificate is in the trusted certificate store and that the agent will be able to download the anti-malware components and pattern files, thus avoiding "Anti-malware driver is offline or not installed" events.


Starting in Deep Security Agent 12.0.0.1735 (Released April 2021), all modules are now SHA2 signed only.  They are now signed by USERTrust RSA cert.

image.png

Details
Public

To update the certificate on a Windows machine without direct Internet connection:

  1. Download the following required certificates:
  2. Install every certificate on the affected agents.

    To import the certificates manually:

    1. Open the certificate and click the Install Certificate button.

      install Comodo certificate

      The Certificate Import Wizard will appear.

    2. Click Next.
    3. Select Place all certificates in the following store and click Browse.
    4. Tick Show physical stores and click Trusted Root Certification Authorities > Local Computer > OK.

      trusted root certificate store on local computer

      If Local Computer is not available under Trusted Root Certification Authorities:

      1. Open the Run window.
      2. Type "MMC" and click OK.
      3. Click the File menu and select Add/Remove Snap-in.
      4. Select Certificates on the left panel and click the Add button.
      5. In the Certificates snap-in window, select Computer account and then click Next.
      6. In the Select Computer window, select the Local computer radio button and click Finish > OK.
      7. Expand Certificates > Trusted Root Certification Authorities in the left panel and then click the Certificates folder.
      8. Click the Action menu > All tasks and then import the Comodo certificates.
    5. Click Finish. The message "The import was successful"  will appear.

      certificate was imported successfully

 

There will no longer be sha1 signing in the future, old platforms such as Win7/2008 will need to apply MS patches to support sha2.

Customers who are using Deep Security to protect legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) are required to have SHA-2 code signing support installed on their servers to order to successfully install or upgrade the Deep Security Agent for Windows.

Refer to this KB Article for more information: New versions of Trend Micro Deep Security agents for Windows will only be signed with SHA-2.

 
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1104241
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.