Since Symantec seems to be in large trouble with the SHA1/SHA2 change i would like to ask McAfee if there is anything to take care off related to McAfee TIE Server? I am Aware of the McAfee EPO Server Certificate SHA1/SHA2 Agent Migration story and we are working on that.
Is there anything else we have to watch out regarding SHA1/2 (SHA256) if we have customer with W7 Clients?
Re: SHA1 and SHA2 change W7/2008R2 regarding TIE (AUG 2019 Windows Updates)
I see the list, thank you. Can we clarify for all so all understand. For code signing now and the Change SHA1/2 and DUAL signing (1+2).
With Windows 7 and Server 2008R2. As example what will happen if a customer:
* HAS EPO 5.3 Installed (And on the list is 5.9 min.)
* Would Install EPO 5.3 Fresh (For whatever [Recovery] reason he may choose the old).
Just regular Domain Client with the two mentioned Windows Updates (KB4474419 and KB4490628).
What will happen AFTER you Install a product mentioned on your list and all patches up to 08/2019.
Will the WIn7 or 2008R2 still execute the BInary JUST UNISGNED (Without any GPO active that would block unsigned exe). Through that you will notice a slight delay?
July 16, 2019
Windows 10 updates signatures changed from dual signed (SHA-1/SHA-2) to SHA-2 only. No customer action required.
Windows 10 1507, Windows 10 1607, Windows 10 1703
August 13, 2019
Required: Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in March (KB4474419 and KB4490628) will be required in order to continue to receive updates on these versions of Windows.
Legacy Windows updates signatures changed from dual signed (SHA-1/SHA-2) to SHA-2 only at this time.
Windows 7 SP1, Windows Server 2008 R2 SP1
September 10, 2019
Legacy Windows updates signatures changed from dual signed (SHA-1/SHA-2) to SHA-2 only. No customer action required.
Windows Server 2012, Windows 8.1, Windows Server 2012 R2