The SONAR 12.3.0, CIDS 17.2.6, and ERASER 119.1.3 engine updates fail to apply unless minimum Operating System requirements are met for Windows 7, Windows Server 2008 and Windows Server 2008 R2.

• Endpoint Security and Endpoint Protection 14.x
• Windows 7
• Windows Server 2008
• Windows Server 2008 R2

Minimum Operating System requirements not met.  SHA-2 Code Signing Support required.

Note: Each subsequent engine release of 2022 and later will include this requirement. 

To receive the latest SONAR 12.3.0, CIDS 17.2.6, or ERASER 119.1.3 content, devices using Windows 7, Windows Server 2008 or Windows Server 2008 R2 must meet the following requirements.

1. Minimum Service Pack level

• • Windows 7 Service Pack 1
  • Windows Server 2008 Service Pack 2 (see Note 2 and 3 below)
  • Windows Server 2008 R2 Service Pack 1

2. 2019 SHA-2 Code Signing Support Microsoft Update must be applied.

2019 SHA-2 Code Signing Support requirement for Windows and WSUS
https://support.microsoft.com/en-us/topic/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus-64d1c82d-31ee-c273-3930-69a4cde8e64f

Note 1: Windows Vista is no longer supported by Microsoft and will be unable to apply the SONAR 12.3.0, CIDS 17.2.6, and ERASER 119.1.3 engine updates.

Note 2: SONAR engine 12.3.069 is the last SONAR engine that is compatible with Windows 2008 SP 2 x86/x64

Note 3: Broadcom recommends that customers upgrade/migrate their Windows 2008 SP 2 x86/x64 servers to a newer/supported Windows operating system and install the latest version of Endpoint Protection. If this is not possible customers should do the following:

• Move all Windows 2008 (non R2) servers into their own groups within the Symantec Endpoint Protection Manager.
• Apply a LiveUpdate Content policy to these groups which sets the SONAR content to May 18th, 2022 Rev 11.  This will prevent the clients in the groups from updating to SONAR newer content after that point in time. 
  • Symantec Endpoint Protection Manager 14.x will retain a locked content revision for up to one year. After one year, the retained content will be deleted and the clients to which that content was assigned will attempt to update to the most recent content available from their manager console.
• If you do not have this content available, open a support ticket to request the last supported SONAR definition JDB file that can be applied to the SEPM.