EDR: Which Windows Sensors are SHA-2 Code Signed?
search cancel

EDR: Which Windows Sensors are SHA-2 Code Signed?

book

Article ID: 285492

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Which Windows Sensors are SHA-2 Code Signed?

Environment

  • EDR Sensors: 6.1.12 and 7.2.0+
  • Microsoft Windows

Resolution

  • Windows sensor version 7.2.0-win+
  • Windows sensor version 6.1.12-win

Additional Information

  • Vista, Server 2008 SP0/SP1, Win7 SP0, and Server 2008R2 SP0 do not have the SHA-2 update and unable to install SHA-2-only signed software.
  • Apply the necessary Windows updates to the underlying operating system to obtain SHA-2 support and run our latest EDR windows sensor. 
  • Microsoft is no longer providing SHA-1 code signing for our EDR Windows sensor releases.
  • Microsoft will only code sign our EDR Windows sensor releases using SHA-2 hash algorithms starting June 2021.
  • SHA-2 support was introduced for older Windows operating systems through Windows updates available for Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1.
  • Microsoft article regarding SHA-2 Code Signing https://support.microsoft.com/en-us/topic/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus-64d1c82d-31ee-c273-3930-69a4cde8e64f
  • Microsoft Updates can be found here https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419