Windows agent status shows "Deployment failed: OS does not support Trusted Signing (Feature Management)" after auto-upgrading to SEP 16.0
search cancel

Windows agent status shows "Deployment failed: OS does not support Trusted Signing (Feature Management)" after auto-upgrading to SEP 16.0

book

Article ID: 436748

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete

Issue/Introduction

On Windows agent endpoints auto-upgraded from Symantec Endpoint Protection (SEP) 14.3.x to SEP 16.0, the following status is displayed in ICDm console:

Security Status : Compromised
Security Status Reason : OS does not support Trusted Signing (Feature Management)

Both SEP 14.3.x and 16.0 system tray icons are displayed simultaneously.

The SEP 14.3.x GUI appears normal.
The SEP 16.0 GUI displays "Error upgrading". Clicking the error reveals the following message:

Symantec Endpoint Protection can only be installed on systems with Microsoft Trusted Signing (formerly Azure Code Signing) support. You must install the appropriate Windows security update for this system.

Environment

  • Windows agents upgraded from SEP 14.3.x to SEP 16.0 managed by ICDm (Cloud)
  • Windows OS without the necessary security updates for Microsoft Trusted Signing (formerly Azure Code Signing).

Resolution

This issue is resolved in ESA version 2.8.0.31. The agent now prevents upgrades to SEP 16 on systems that are non-compliant with Trusted Signing.

Please also refer to Unexpected OS restart requested after LiveUpdate on SEP 14.3.x.

Corrective actions if the issue is present:

Please perform the following steps to uninstall SEP 16.0 and ensure that only SEP 14.3.x continues to operate.

  • On the affected endpoint, open [Apps & Features] in Windows Settings and uninstall [Symantec Endpoint Protection] entry corresponding to version 16.0 (identified by the white-themed icon).

Additional Information

Powered by Wolken Software